Amazon Route 53 API permissions: Actions, resources, and conditions reference - Amazon Route 53

Amazon Route 53 API permissions: Actions, resources, and conditions reference

When you set up Access control and write a permissions policy that you can attach to an IAM identity (identity-based policies), you can use the lists of Actions, resources, and condition keys for Route 53, Actions, resources, and condition keys for Route 53 Domains, Actions, resources, and condition keys for Route 53 Resolver, and Actions, resources, and condition keys for Amazon Route 53 Profiles enables sharing DNS settings with VPCs in the Service Authorization Reference. The pages include each Amazon Route 53 API action, the actions that you must grant permissions access to, and the AWS resource that you must grant access to. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your Route 53 policies to express conditions. For a complete list of AWS-wide keys, see Available keys in the IAM User Guide.

Note

When granting access, the hosted zone and the Amazon VPC must belong to the same partition. A partition is a group of AWS Regions. Each AWS account is scoped to one partition.

The following are the supported partitions:

  • aws - AWS Regions

  • aws-cn - China Regions

  • aws-us-gov - AWS GovCloud (US) Region

For more information, see Access Management in the AWS General Reference.

Note

To specify an action, use the applicable prefix (route53, route53domains, or route53resolver) followed by the API operation name, for example:

  • route53:CreateHostedZone

  • route53domains:RegisterDomain

  • route53resolver:CreateResolverEndpoint