Why changeResourceRecordSets gets not authorized to access this resource?


I’m trying to create a new record in Route 53 of type Alias to tell Route 53 to sue CloudFront to serve the site. I’m trying to do this using the following code:

When I run this I get:

If I use IAM Policy Simulator I have no issues as seen in the screenshot below.

enter image description here

I also tried to add AdminFullAccess and still I get the same error. What am I missing?


You have to swap the values of HostedZoneId’s i.e. Z2FDTNDATAQYW2 should appear first and then your route53 hosted zone. The error is appearing since you are trying to change resource record set of the CF distribution hosted zone (Z2FDTNDATAQYW2) which does not belong to your account.

Leave a Reply