Through AWS Internet Access Management (IAM) it’s possible to add people to manage all or parts of your AWS account. It takes just a few minutes to setup permissions, roles and a new user but one item I battled to find was how to restrict the permissions of a certain user or group.

So, without further delay, here is the change that is needed to restrict permissions to a certain domain in IAM:

• Setup your new User and Permissions (and Roles if needed).

• From within Route 53 copy the Hosted Zone ID for the domain you want to allow access.

• From the IAM dashboard Create a new policy:

• Change the Hosted zone ID with your hosted zone ID which you want to restrict.

{  

   "Version": "2012-10-17",

   "Statement":[

      {

         "Action":[

            "route53:ChangeResourceRecordSets",

            "route53:GetHostedZone",

            "route53:ListResourceRecordSets"

         ],

         "Effect":"Allow",

         "Resource":[

            "arn:aws:route53:::hostedzone/<Your zone ID>"

         ]

      },

      {

         "Action":[

            "route53:ListHostedZones"

         ],

         "Effect":"Allow",

         "Resource":[

            "*"

         ]

      }

   ]

}

Hope this will help you!

Please Remember me in your prayers!

Enjoy