Amazon Web Services (AWS) is super-duper awesome. I use AWS to administer Route53 (DNS hosting), CloudFront (CDN) and S3 (mainly storing offsite backups) for various client WordPress Websites, as well my own.
Through AWS Internet Access Management (IAM) it’s possible to add people to manage all or parts of your AWS account. It takes just a few minutes to setup permissions, roles and a new user but one item I battled to find was how to restrict the permissions of a certain user or group.
So, without further ado, here is the change that is needed to restrict permissions to a certain domain in IAM:
- Setup your new User and Permissions (and Roles if needed).
- From within Route 53 copy the Hosted Zone ID for the domain you want to allow access.
- From the IAM dashboard click on the Permissions tab for the Group which you want to allow access. Then click Manage Policy:
- In the Policy Document section you’ll see something like
{ "Statement": [ { "Effect": "Allow", "Action": [ "route53:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers" ], "Resource": [ "*" ] } ] } - Change the Policy Document to
{ "Statement": [ { "Effect": "Allow", "Action": [ "route53:*" ], "Resource": [ "arn:aws:route53:::hostedzone/HostedZoneID" ] }, { "Effect": "Allow", "Action": [ "route53:ListHostedZones" ], "Resource": [ "*" ] } ] } - Click Apply Policy
Remember to change the HostedZoneID in the code above to the ID of the zone to which you want to allow access. Note too that the route53:ListHostedZones action is required or else the user won’t be able to see the list of Zones (you should also be able to restrict the listing of zones by using arn:aws:route53:::hostedzone/HostedZoneID.
Please share via Facebook, Twitter, Google+ etc. so that others too may benefit 
