r53 Record IAM Policy: ListResourceRecordSets does not work

Question

In my code, I call ListResourceRecordSets(). However, I am getting this error when I call it:AccessDenied: User: arn:aws:iam::*******:user/banana-jenkins is not authorized to access this resource status code: 403, request id: ******** . There is nothing in the IAM policy that restricts read access to r53 records. I have AdministratorAccess which is supposed to give full access to all resources and Actions. The only thing restricted is the source IP to our Jenkins cluster, which i am running the code on. Is this something that needs to be explicitly stated in the IAM? If not, is there anything else that could cause this issue.

Max Clements EXPERTE
vor 8 Monaten
Can you post the content of your IAM permission policy... (sanitize IPs first)

Answer

Hello.

Is it correct that AdministratorAccess is set for the IAM user "banana-jenkins"?  
Does your AWS account use Organizations or similar to set up guardrails with SCP?  
If SCP is set, there is a possibility that it is rejected by SCP.  
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

Basically, if AdministratorAccess is set, I think all Route53 operations are permitted.  
> The only thing restricted is the source IP to our Jenkins cluster

What does it mean to be restricted by IP?  
Does this mean that it is set using an IAM condition key?

r53 Record IAM Policy: ListResourceRecordSets does not work

Relevanter Inhalt