restrict based on record name in dns private

Question

Hi, I have read that there are no conditions to use to restrict route53's ChangeResourceRecordSets w.r.t record names, but is there another way to restrict this?
Note: instance profile is being used than user

Answer

Hello

I don't think there is the possibility for the IAM permissions for the `ChangeResourceRecordSets` but you can do in different way

[Alternative Solution: ](https://aws.amazon.com/premiumsupport/knowledge-center/create-subdomain-route-53/)

Assume Main Domain www.acme.com

*  Create a new HostedZone for the record you would like to restrict for example **restrict.acme.com**
* Create the NS record in **www.acme.com ** Main DNS hosted Zone

| Name | Type | Value |
| --- | --- | --- |
| restrict | NS | XXXXXXX.awsdnxxxx.com|
* Verify the DNS NS are propagated for the  **restrict.acme.com**

Now its time for the IAM user restrict, You can give access to use to the **HostedZone.** --> **restrict.acme.com**

restrict based on record name in dns private

관련 콘텐츠