【Route53】レコード操作するためだけのIAM

docs.aws.amazon.com

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:GetHostedZone",
                "route53:ListHostedZonesByName",
                "route53:ListResourceRecordSets",
                "route53:ChangeResourceRecordSets",
                "route53:ListTagsForResource",
                "route53:ListTagsForResources"
            ],
            "Resource": [
                "arn:aws:route53:::hostedzone/Z3PYYYYYY",
                "arn:aws:route53:::hostedzone/Z3PXXXXXX"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}