Skip to content

Commit 18fae2c

Browse files
cert-manager-prow[bot]cert-manager-prow[bot]
authored
Merge pull request #1649 from aogier/feature/acme-dns01-route53-polp
acme/dns01/route53: document stricter IAM policy
2 parents a9b7cca + abdbb72 commit 18fae2c

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

content/docs/configuration/acme/dns01/route53.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,12 @@ permissions:
3535
"route53:ChangeResourceRecordSets",
3636
"route53:ListResourceRecordSets"
3737
],
38-
"Resource": "arn:aws:route53:::hostedzone/*"
38+
"Resource": "arn:aws:route53:::hostedzone/*",
39+
"Condition": {
40+
"ForAllValues:StringEquals": {
41+
"route53:ChangeResourceRecordSetsRecordTypes": ["TXT"]
42+
}
43+
}
3944
},
4045
{
4146
"Effect": "Allow",

0 commit comments

Comments
 (0)