How to Restrict Route53 records
If you are using AWS route53, I think you already know the AWS Hosted Zones in Route53, If you have the DNS Hosted Zone in R53 and you would like to restrict the IAM Users/Roles to the specific HostedZone Is it possible for Sure YES, let's say if you would like to restrict the IAM Users/Role to specific record [A, CNAME, MX, etc]?
Yes, it can be possible….Let's see How, let's assume the above example in a more detailed way…
If you like my post please do not forget to follow me for the future posts
You have the Hostedzone present in AWS Route 53, EX: example.cloud as you can see the information of the records in the below screenshot
Now i would like to restric the User to the specific record security.example.cloud , So here i am going to do a different way…!
- Create a New hosted zone with DNS Name security.example.cloud
- Once the step:1 is done, You will get the Name servers, SOA for the new hostedzone we have created, Now copy the NS in the domain security.example.cloud you need to use in the next step :)
- Go the Main Domain i.e example.cloud and create a record like this
4. Now you can check the domain with the dig tool Linux or Mac or Use google to check the DNS NS are propagated.
5. Now it's time for restricting the IAM user/role to HostedZone Simple. You can create a policy to restrict the User to Hostedzone in a reality you are restricting the user to record