20

I've got some machines which automatically update DNS in Route53. So far there are only two zones in Route53, and both of them are updated this way, so I have an IAM policy which says "blah blah blah, Resource: "*"" and everything is good. Now I want to add a third zone, and not let those machines mess it up - so I need to change the Resource: to something specific.

Amazon tells me this value that the resource specification

should follow the following format: arn:aws:route53:::<resource>/<id>. Multiple values are comma limited.

What I don't know is how to determine the values of <resource> and <id>. Where do I find those? I can see a "hosted zone ID" in the Route53 web GUI and assume it's related, but don't know exactly how.

1 Answers1

27

This is addressed in Controlling User Access with IAM, specifically in Route 53 ARNs:

Resource is either hostedzone or change, and ID is the ID of the hosted zone or the change.

The following are examples of a hosted zone ARN and a change ARN, respectively.

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2

You can use wildcards (*) in place of the ID. [...]

The requested ID is listed in column Hosted Zone ID in the top level Hosted Zones summary of the Route 53 section within the AWS Management Console. Alternatively, you can list your hosted zones via an API call as usual (specifically GET ListHostedZones), and the response contains a respective Id element for each HostedZone element in turn.

Steffen Opel
  • 5,560
  • 35
  • 55