Access Denied on Route 53 when using the API

[arberpolis]

Hi there,
I really like the lab. I ran into an issue while testing the api with the host sharedsecretkey and apiendpointurl. The message is about missing permissions to perform route53:ListResource.

I followed the tutorial and created the role policy with the suggested permissions.

Below is the full stack trace.

Thanks for helping.

{"stackTrace": [["/var/task/lambda_function.py", 243, "lambda_handler", "return_dict = run_set_mode(set_hostname, valid
ation_hash, source_ip)"], ["/var/task/lambda_function.py", 173, "run_set_mode", "'')"], ["/var/task/lambda_function.py"
, 66, "route53_client", "MaxItems='2'"], ["/var/runtime/botocore/client.py", 253, "_api_call", "return self._make_api_c
all(operation_name, kwargs)"], ["/var/runtime/botocore/client.py", 543, "_make_api_call", "raise error_class(parsed_res
ponse, operation_name)"]], "errorType": "ClientError", "errorMessage": "An error occurred (AccessDenied) when calling t
he ListResourceRecordSets operation: User: arn:aws:sts::519768181415:assumed-role/dynamic_dns_lambda_execution_role/dyn
amic_dns_lambda is not authorized to perform: route53:ListResourceRecordSets on resource: arn:aws:route53:::hostedzone/
ZFZVNFRHXMOIV"}

[arberpolis]

I just recognized it was due to a mistake I had made in the iam_policy config file. I am closing the issue.
Sorry for the time wasted.