Amazon Route 53 API permissions: Actions, resources, and conditions reference
When you set up Access control and
write a permissions policy that you can attach to an IAM identity (identity-based
policies), you can use the lists of Actions,
resources, and condition keys for Route 53, Actions,
resources, and condition keys for Route 53 Domains, Actions, resources, and condition keys for Route 53 Resolver, and Actions, resources, and condition keys for Amazon Route 53 Profiles enables sharing DNS settings with VPCs in the Service
Authorization Reference. The pages include each Amazon Route 53 API action, the
actions that you must grant permissions access to, and the Amazon resource that you must
grant access to. You specify the actions in the policy's Action
field, and
you specify the resource value in the policy's Resource
field.
You can use Amazon-wide condition keys in your Route 53 policies to express conditions. For a complete list of Amazon-wide keys, see Available keys in the IAM User Guide.
Note
When granting access, the hosted zone and the Amazon VPC must belong to the same partition. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition.
The following are the supported partitions:
-
aws
- Amazon Web Services Regions -
aws-cn
- China Regions -
aws-us-gov
- Amazon GovCloud (US) Region
For more information, see Access Management in the Amazon General Reference.
Note
To specify an action, use the applicable prefix (route53
,
route53domains
, or route53resolver
) followed by the
API operation name, for example:
-
route53:CreateHostedZone
-
route53domains:RegisterDomain
-
route53resolver:CreateResolverEndpoint