By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Admin access exception of domain delete, transfer and closure of AWS account

0

Will like to check how to grant an admin access without the authorization of

  1. Domain delete or transfer
  2. delete of AWS account

Pls assist urgency

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
incomecare
asked a month ago126 views
3 Answers
0
Accepted Answer

Hello.

The following policy denies domain transfer actions and hosted zone deletion.
All other actions are allowed.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": "*",
          "Resource": "*"
      },
      {
          "Effect": "Deny",
          "Action": [
              "route53domains:AcceptDomainTransferFromAnotherAwsAccount",
              "route53domains:CancelDomainTransferToAnotherAwsAccount",
              "route53domains:CheckDomainTransferability",
              "route53domains:DisableDomainTransferLock",
              "route53domains:EnableDomainTransferLock",
              "route53domains:RejectDomainTransferFromAnotherAwsAccount",
              "route53domains:TransferDomain",
              "route53domains:TransferDomainToAnotherAwsAccount",
              "route53:DeleteHostedZone"
          ],
          "Resource": "*"
      }
  ]
}

IAM users cannot cancel their AWS accounts, so No. 2 does not require any action if you are an IAM user.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#close-account-procedure

Sign in to the AWS Management Console as the root user in the AWS account that you want to close. You can't close an account while signed in as an IAM user or role.

profile picture
EXPERT
Riku_Kobayashi
answered a month ago
profile picture
EXPERT
Steve_M
reviewed a month ago
0

Choose which option in aws to set this at user??

}, { "Effect": "Deny", "Action": [ "route53domains:AcceptDomainTransferFromAnotherAwsAccount", "route53domains:CancelDomainTransferToAnotherAwsAccount", "route53domains:CheckDomainTransferability", "route53domains:DisableDomainTransferLock", "route53domains:EnableDomainTransferLock", "route53domains:RejectDomainTransferFromAnotherAwsAccount", "route53domains:TransferDomain", "route53domains:TransferDomainToAnotherAwsAccount", "route53:DeleteHostedZone" ], "Resource": "*"

incomecare
answered a month ago
0

I try route53:DeleteDomain , for "deny of delete domain". It show an error.

What is the right code for json to deny of delete domain ??

incomecare
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content