You must configure certain permissions in AWS Route 53 before synchronization with BloxOne DDI. Synchronizing AWS Route 53 without configuring these permissions may cause errors.
The following permissions are required in AWS Route 53 for bi-directional synchronization:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"route53:CreateHostedZone",
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:ChangeResourceRecordSets",
"route53:ListVPCAssociationAuthorizations",
"route53:ListResourceRecordSets",
"route53:DeleteHostedZone",
"route53:UpdateHostedZoneComment",
"route53:ListTagsForResources",
"ec2:DescribeRegions",
"ec2:DescribeVpcs",
"route53:ListQueryLoggingConfigs",
"route53:ListTrafficPolicyInstancesByHostedZone"
],
"Resource": "*"
}
]
}
The following permissions are required for cloud forwarding:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53resolver:*",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:GetSecurityGroupsForVpc",
"ec2:DescribeRegions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeAvailabilityZones",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
]
}