Permissions required in AWS R53

You must configure certain permissions in AWS Route 53 before synchronization with Universal DDI. Synchronizing AWS Route 53 without configuring these permissions may cause errors.

The following permissions are required in AWS Route 53 for bi-directional synchronization:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "route53:CreateHostedZone",
                "route53:GetHostedZone",
                "route53:ListHostedZones",
                "route53:ChangeResourceRecordSets",
                "route53:ListVPCAssociationAuthorizations",
                "route53:ListResourceRecordSets",
                "route53:DeleteHostedZone",
                "route53:UpdateHostedZoneComment",
                "route53:ListTagsForResources",
                "ec2:DescribeRegions",
                "ec2:DescribeVpcs",
                "route53:ListQueryLoggingConfigs",
                "route53:ListTrafficPolicyInstancesByHostedZone"
            ],
            "Resource": "*"
        }
    ]
}

The following permissions are required for cloud forwarding:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53resolver:*",
                "ec2:DescribeNetworkInterfaces",
                "ec2:CreateNetworkInterface",
                "ec2:DeleteNetworkInterface",
                "ec2:GetSecurityGroupsForVpc",
                "ec2:DescribeRegions",
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeAvailabilityZones",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:CreateNetworkInterfacePermission",
                "ec2:DescribeSecurityGroups"
            ],
            "Resource": "*"
        }
    ]
}