Skip to content

Update awsroute53.md #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
VA6DAH wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update awsroute53.md #59

VA6DAH wants to merge 1 commit into from

Conversation

@VA6DAH
Copy link

@VA6DAH VA6DAH commented Nov 10, 2025

Hi Christopher,

I wanted to share the IAM policy I currently use in production. The main change, and you'll see once reading the JSON is that my policy uses new (~2022) fine-grained controls within Route 53 to limit the record type to TXT and only when the domain name contains at least _acme-challenge.

In theory, this limits the security implications if a bad actor got the access key.

More technical details can be found in Amazon Documentation: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-conditions-route53.html

@webprofusion-chrisc
Copy link
Contributor

webprofusion-chrisc commented Nov 13, 2025

Hi @VA6DAH thanks, this is a great suggestion, could you split the doc out into a basic policy example (the original) and a fine grain example? Other than that it looks great!

@VA6DAH
Copy link
Author

VA6DAH commented Nov 21, 2025

Will do, give me some time but I'll update the request soon.

  • Dakota

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@VA6DAH @webprofusion-chrisc