By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

r53 Record IAM Policy: ListResourceRecordSets does not work

0

In my code, I call ListResourceRecordSets(). However, I am getting this error when I call it:AccessDenied: User: arn:aws:iam::*******:user/banana-jenkins is not authorized to access this resource status code: 403, request id: ******** . There is nothing in the IAM policy that restricts read access to r53 records. I have AdministratorAccess which is supposed to give full access to all resources and Actions. The only thing restricted is the source IP to our Jenkins cluster, which i am running the code on. Is this something that needs to be explicitly stated in the IAM? If not, is there anything else that could cause this issue.

  • Max Clements EXPERT
    8 months ago

    Can you post the content of your IAM permission policy... (sanitize IPs first)

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Route 53IAM PoliciesRoute 53 Private DNS
Language
English
Akhil
asked 8 months ago222 views
1 Answer
0

Hello.

Is it correct that AdministratorAccess is set for the IAM user "banana-jenkins"?
Does your AWS account use Organizations or similar to set up guardrails with SCP?
If SCP is set, there is a possibility that it is rejected by SCP.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

Basically, if AdministratorAccess is set, I think all Route53 operations are permitted.

The only thing restricted is the source IP to our Jenkins cluster

What does it mean to be restricted by IP?
Does this mean that it is set using an IAM condition key?

profile picture
EXPERT
Riku_Kobayashi
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content