En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

restrict based on record name in dns private

0

Hi, I have read that there are no conditions to use to restrict route53's ChangeResourceRecordSets w.r.t record names, but is there another way to restrict this? Note: instance profile is being used than user

Sujets
Réseaux et diffusion de contenu
Balises
DNS privé Route 53
Langue
English
ruakn
demandé il y a 2 ans233 vues
1 réponse
0

Hello

I don't think there is the possibility for the IAM permissions for the ChangeResourceRecordSets but you can do in different way

Alternative Solution:

Assume Main Domain www.acme.com

  • Create a new HostedZone for the record you would like to restrict for example restrict.acme.com
  • Create the NS record in **www.acme.com ** Main DNS hosted Zone
NameTypeValue
restrictNSXXXXXXX.awsdnxxxx.com
  • Verify the DNS NS are propagated for the restrict.acme.com

Now its time for the IAM user restrict, You can give access to use to the HostedZone. --> restrict.acme.com

profile picture
EXPERT
GK
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents