diff --git a/docs/reference/issuers/acme/dns01.rst b/docs/reference/issuers/acme/dns01.rst
index 77a811fe8..574357a55 100644
--- a/docs/reference/issuers/acme/dns01.rst
+++ b/docs/reference/issuers/acme/dns01.rst
@@ -76,12 +76,12 @@ Cert-manager requires the following IAM policy.
            {
                "Effect": "Allow",
                "Action": "route53:GetChange",
-               "Resource": "*"
+               "Resource": "arn:aws:route53:::change/*"
            },
            {
                "Effect": "Allow",
                "Action": "route53:ChangeResourceRecordSets",
-               "Resource": "*"
+               "Resource": "arn:aws:route53:::hostedzone/*"
            },
            {
                "Effect": "Allow",