From 5afa7345a59110cf3d818acfb87cdc0ca266d2f5 Mon Sep 17 00:00:00 2001 From: Girish Ramakrishnan Date: Wed, 2 Mar 2022 10:44:52 -0800 Subject: [PATCH] route53: check permissions to perform route53:ListResourceRecordSets otherwise, at install time we see "DNS credentials for xx are invalid. Update it in Domains & Certs view" the exact error from route 53 is: User: arn:aws:iam::xx:user/yy is not authorized to perform: route53:ListResourceRecordSets on resource: arn:aws:route53:::hostedzone/zz because no identity-based policy allows the route53:ListResourceRecordSets action --- src/dns/route53.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/dns/route53.js b/src/dns/route53.js index 054a13f6e..471487b69 100644 --- a/src/dns/route53.js +++ b/src/dns/route53.js @@ -255,6 +255,9 @@ async function verifyDomainConfig(domainObject) { await upsert(newDomainObject, location, 'A', [ ip ]); debug('verifyDomainConfig: Test A record added'); + await get(newDomainObject, location, 'A'); + debug('verifyDomainConfig: Can list record sets'); + await del(newDomainObject, location, 'A', [ ip ]); debug('verifyDomainConfig: Test A record removed again');