removing ability of power users to register domains via route53 (#92)

oliviabholmes · czimergebot · commit 8fc7bf06459c · 2019-04-26T09:58:54.000-07:00
[breaking] Removing ability of powerusers to register domains via route53Deny power users ability to register domains in Route53. 

Next step: create new user to specifically deal with domain registration/transfers in Route53
diff --git a/aws-iam-role-poweruser/main.tf b/aws-iam-role-poweruser/main.tf
@@ -85,6 +85,7 @@ data "aws_iam_policy_document" "misc" {
       "iam:DeleteUser",
       "iam:CreateGroup",
       "iam:DeleteGroup",
+      "route53domains:RegisterDomain",
     ]
 
     resources = ["*"]

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,7 @@ data "aws_iam_policy_document" "misc" {`
`85`	`85`	`"iam:DeleteUser",`
`86`	`86`	`"iam:CreateGroup",`
`87`	`87`	`"iam:DeleteGroup",`
	`88`	`+ "route53domains:RegisterDomain",`
`88`	`89`	`]`
`89`	`90`
`90`	`91`	`resources = ["*"]`