From c4bb8d91b5ea7a34e5560ed9456cbeff8a5eb527 Mon Sep 17 00:00:00 2001
From: John Wells <madmodmail@gmail.com>
Date: Mon, 23 Apr 2018 17:43:57 -0600
Subject: [PATCH] Fix AWS DNS policy example

After testing the suggested policy both with the AWS policy simulator and by using it with cert-manager I have found that the ARN prefix in the resources included in the statement cause the provider to fail with an access denied error. This new policy is equivalent and valid according to the AWS policy simulator.
---
 docs/reference/issuers/acme/dns01.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/reference/issuers/acme/dns01.rst b/docs/reference/issuers/acme/dns01.rst
index af7b043ea..77a811fe8 100644
--- a/docs/reference/issuers/acme/dns01.rst
+++ b/docs/reference/issuers/acme/dns01.rst
@@ -76,17 +76,17 @@ Cert-manager requires the following IAM policy.
            {
                "Effect": "Allow",
                "Action": "route53:GetChange",
-               "Resource": "arn:aws:route53:::change/*"
+               "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": "route53:ChangeResourceRecordSets",
-               "Resource": "arn:aws:route53:::hostedzone/*"
+               "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": "route53:ListHostedZonesByName",
-               "Resource": "arn:aws:route53:::hostedzone/*"
+               "Resource": "*"
            }
        ]
    }