I'm creating an AWS Cloudformation stack in which I'm adding a recordset to an existing Route53 Hosted Zone. The resource is specified as follows (in YAML format):
DNS:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: !Ref HostedZoneName
Comment: Zone apex alias targeted to myELB LoadBalancer.
RecordSets:
- Name: !Join [ ".", ["alb", !Ref HostedZoneName]]
Type: A
AliasTarget:
HostedZoneId: !Ref AliasTargetHostedZoneId
DNSName: !Ref AliasTargetDNSName
HostedZoneName
, AliasTargetHostedZoneId
and AliasTargetDNSName
are passed in as parameters.
The problem I have is that the stack will not create because of the permission error specified in the title. By default CloudFormation will use the permissions of the user creating the stack, me. I have got the AdministratorAccess policy, so I should be allowed to do everything, including all Route53 operations.
I've also tried creating the stack by passing an IAM role which also has the AdministratorAccess policy, which gave me the same error.
All other resources specified in the template (VPC, Loadbalancer, RDS,..) create without problems.
CanonicalHostedZoneID
– Robin-Hoodie