VPC permissions

VPC permissions use Identity and Access management (IAM) policy condition to allow you to set granular permissions for VPCs when using AssociateVPCWithHostedZone, DisassociateVPCFromHostedZone, CreateVPCAssociationAuthorization, DeleteVPCAssociationAuthorization, CreateHostedZone, and ListHostedZonesByVPC APIs.

With the IAM policy condition, route53:VPCs, you can grant granular administrative rights to other AWS users. This allows you to grant someone permissions to associate hosted zone with, disassociate hosted zone from, create VPC association authorization for, delete VPC association authorization for, create hosted zone with or list hosted zones for:

A single VPC.
Any VPCs within the same Region.
Multiple VPCs.

For more information about VPC permissions, see Using IAM policy conditions for fine-grained access control.

To learn how to authenticate AWS users, see Authenticating with identities and to learn how to control access to Route 53 resources, see Access control.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deleting a private hosted zone

Migrating a hosted zone to a different AWS account