Permission error: IAM role for lambda and route53 resource

[marcoadurno]

Hi,

I followed the guide step by step but I'm getting the following permission error. It looks like there's a problem between the IAM role and the route53 resource:

{"stackTrace": [["/var/task/lambda_function.py", 243, "lambda_handler", "return_dict = run_set_mode(set_hostname, validation_hash, source_ip)"], ["/var/task/lambda_function.py", 173, "run_set_mode", "'')"], ["/var/task/lambda_function.py", 66, "route53_client", "MaxItems='2'"], ["/var/runtime/botocore/client.py", 251, "_api_call", "return self._make_api_call(operation_name, kwargs)"], ["/var/runtime/botocore/client.py", 537, "_make_api_call", "raise ClientError(parsed_response, operation_name)"]], "errorType": "ClientError", "errorMessage": "An error occurred (AccessDenied) when calling the ListResourceRecordSets operation: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/dynamic_dns_lambda_execution_role/dynamic_dns_lambda is not authorized to perform: route53:ListResourceRecordSets on resource: arn:aws:route53:::hostedzone/xxxxxxxxxxxxxx"}

Can you please shed some light on why this is happening?

Thanks,

Marco

[marcoadurno]

confused aws region and hosted zone id.