Fix AWS DNS policy example

After testing the suggested policy both with the AWS policy simulator and by using it with cert-manager I have found that the ARN prefix in the resources included in the statement cause the provider to fail with an access denied error. This new policy is equivalent and valid according to the AWS policy simulator.
2018-04-23 17:43:57 -06:00 · 2018-04-23 17:43:57 -06:00 · c4bb8d91b5
commit c4bb8d91b5
parent 731f7072a6
1 changed files with 3 additions and 3 deletions
--- a/docs/reference/issuers/acme/dns01.rst
+++ b/docs/reference/issuers/acme/dns01.rst
@ -76,17 +76,17 @@ Cert-manager requires the following IAM policy.
           {
               "Effect": "Allow",
               "Action": "route53:GetChange",
-               "Resource": "arn:aws:route53:::change/*"
+               "Resource": "*"
           },
           {
               "Effect": "Allow",
               "Action": "route53:ChangeResourceRecordSets",
-               "Resource": "arn:aws:route53:::hostedzone/*"
+               "Resource": "*"
           },
           {
               "Effect": "Allow",
               "Action": "route53:ListHostedZonesByName",
-               "Resource": "arn:aws:route53:::hostedzone/*"
+               "Resource": "*"
           }
       ]
   }