A co-worker has come to us asking to to create a subdomain and to grant him permission to edit the DNS records for the same. Here, while granting access to the co-worker we should ensure that he is not able to edit other DNS records associated with other subdomian or the main domains on the Rote53.
-
For this, first we have to create a new Hosted Zone on Route53 for the sub-domain.
-
Once created, note down the nameservers provided for the sub-domain, and add these Nameservers as NS records on the main domain Eg:, if the subdomain is test.dnsrecords.tech, then the nameserevrs of the subdomain should be listed as NS record on the DNS records of dnsrecords.tech.
-
Note down the Hosted Zone ID for the newely created Hosted Zone for the subdomian.
-
Create an IAM policy for the user. Click on create policy
-
On the Create policy section go for JSON tab and add the JSON code, replace HOSTED_ZONE_ID with the ID found on step 3. Refer image below,
-
Now create the user.
-
Attach the above created IAM policy for that user. Filter the result by choosing customer managed, and then proceed.
-
You are dne with the setup now testing.