diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json index a2d05c3b2..15b2b03e7 100644 --- a/samtranslator/policy_templates_data/policy_templates.json +++ b/samtranslator/policy_templates_data/policy_templates.json @@ -2334,6 +2334,34 @@ } ] } + }, + "Route53ChangeResourceRecordSetsPolicy": { + "Description": "Gives permission to change resource record sets in Route 53", + "Parameters": { + "HostedZoneId": { + "Description": "ID of the hosted zone" + } + }, + "Definition": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "route53:ChangeResourceRecordSets" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:route53:::hostedzone/${HostedZoneId}", + { + "HostedZoneId": { + "Ref": "HostedZoneId" + } + } + ] + } + } + ] + } } } } diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml index 08a2b2f53..c46cfaecb 100644 --- a/tests/translator/input/all_policy_templates.yaml +++ b/tests/translator/input/all_policy_templates.yaml @@ -171,3 +171,6 @@ Resources: - AcmGetCertificatePolicy: CertificateArn: arn + + - Route53ChangeResourceRecordSetsPolicy: + HostedZoneId: test diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json index 7effbdef0..e64a3f0ad 100644 --- a/tests/translator/output/all_policy_templates.json +++ b/tests/translator/output/all_policy_templates.json @@ -1591,6 +1591,27 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy59", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "route53:ChangeResourceRecordSets" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:route53:::hostedzone/${HostedZoneId}", + { + "HostedZoneId": "test" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "Tags": [ diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json index 23149a3c0..c0b1ecec9 100644 --- a/tests/translator/output/aws-cn/all_policy_templates.json +++ b/tests/translator/output/aws-cn/all_policy_templates.json @@ -1591,6 +1591,27 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy59", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "route53:ChangeResourceRecordSets" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:route53:::hostedzone/${HostedZoneId}", + { + "HostedZoneId": "test" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "Tags": [ diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json index f02a30ec0..b6e326717 100644 --- a/tests/translator/output/aws-us-gov/all_policy_templates.json +++ b/tests/translator/output/aws-us-gov/all_policy_templates.json @@ -1591,6 +1591,27 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy59", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "route53:ChangeResourceRecordSets" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:route53:::hostedzone/${HostedZoneId}", + { + "HostedZoneId": "test" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "Tags": [