Prerequisites

Before you continue, make sure you have already created a Route 53 hosted zone as a Public Hosted Zone and configured the Amazon name servers with your domain registrar.

Note

If you are using EC2 IAM instance roles or AWS IAM roles for service accounts (IRSA), creating a user is not required. Configuration of IAM roles is beyond the scope of this document, and is discussed in the official AWS documentation linked above. For all other use cases, follow the steps below to create a policy and user.

Go to the IAM Policies page and click on Create Policy.

Then open the JSON tab and paste the following content:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:ListResourceRecordSets"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:route53:::hostedzone/<HOSTED_ZONE_ID>"
        }
    ]
}

Tip

Replace <HOSTED_ZONE_ID> with your current hosted zone ID, which you can find on the Route 53 Hosted Zones page.

Enter a Policy Name and click Create Policy.

Now go to the IAM Users page and click the Add user button.

Enter a User name, check Programmatic access for Access type, and click Next: Permissions.

Choose Attach existing policies directly, enter the name of the policy you created in the Search field, then click Next: Review then Create user.

An Access Key ID and a Secret Access Key will be displayed. These are the credentials needed for ddns-route53. Save them somewhere safe, as you will need them in the configuration step.