- Newest
- Most votes
- Most comments
Hello.
The following policy denies domain transfer actions and hosted zone deletion.
All other actions are allowed.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"route53domains:AcceptDomainTransferFromAnotherAwsAccount",
"route53domains:CancelDomainTransferToAnotherAwsAccount",
"route53domains:CheckDomainTransferability",
"route53domains:DisableDomainTransferLock",
"route53domains:EnableDomainTransferLock",
"route53domains:RejectDomainTransferFromAnotherAwsAccount",
"route53domains:TransferDomain",
"route53domains:TransferDomainToAnotherAwsAccount",
"route53:DeleteHostedZone"
],
"Resource": "*"
}
]
}
IAM users cannot cancel their AWS accounts, so No. 2 does not require any action if you are an IAM user.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#close-account-procedure
Sign in to the AWS Management Console as the root user in the AWS account that you want to close. You can't close an account while signed in as an IAM user or role.
Choose which option in aws to set this at user??
}, { "Effect": "Deny", "Action": [ "route53domains:AcceptDomainTransferFromAnotherAwsAccount", "route53domains:CancelDomainTransferToAnotherAwsAccount", "route53domains:CheckDomainTransferability", "route53domains:DisableDomainTransferLock", "route53domains:EnableDomainTransferLock", "route53domains:RejectDomainTransferFromAnotherAwsAccount", "route53domains:TransferDomain", "route53domains:TransferDomainToAnotherAwsAccount", "route53:DeleteHostedZone" ], "Resource": "*"
I try route53:DeleteDomain , for "deny of delete domain". It show an error.
What is the right code for json to deny of delete domain ??
Relevant content
- asked a year ago
- Accepted Answerasked 5 months ago
- asked a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
You can create an IAM policy by selecting and pasting "JSON" as shown below. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html
Added "DeleteDomain". https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html