Amazon Route 53 API permissions: Actions, resources, and conditions reference - Amazon Route 53
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Route 53 API permissions: Actions, resources, and conditions reference

When you set up Access control and write a permissions policy that you can attach to an IAM identity (identity-based policies), you can use the lists of Actions, resources, and condition keys for Route 53, Actions, resources, and condition keys for Route 53 Domains, Actions, resources, and condition keys for Route 53 Resolver, and Actions, resources, and condition keys for Amazon Route 53 Profiles enables sharing DNS settings with VPCs in the Service Authorization Reference. The pages include each Amazon Route 53 API action, the actions that you must grant permissions access to, and the Amazon resource that you must grant access to. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

You can use Amazon-wide condition keys in your Route 53 policies to express conditions. For a complete list of Amazon-wide keys, see Available keys in the IAM User Guide.

Note

When granting access, the hosted zone and the Amazon VPC must belong to the same partition. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition.

The following are the supported partitions:

  • aws - Amazon Web Services Regions

  • aws-cn - China Regions

  • aws-us-gov - Amazon GovCloud (US) Region

For more information, see Access Management in the Amazon General Reference.

Note

To specify an action, use the applicable prefix (route53, route53domains, or route53resolver) followed by the API operation name, for example:

  • route53:CreateHostedZone

  • route53domains:RegisterDomain

  • route53resolver:CreateResolverEndpoint