terraform

resource "aws_iam_group" "route53_operator" {
  name = "route53-operator"
}

resource "aws_iam_policy" "route53_operator" {
  name        = "route53-operator"
  description = "route53-operator"
  policy      = data.aws_iam_policy_document.route53_operator.json
}

data "aws_iam_policy_document" "route53_operator" {
  statement {
    sid    = ""
    effect = "Allow"
    actions = [
      "route53:GetHostedZoneCount",
      "route53:ListHostedZones",
      "route53:ListHostedZonesByName",
      "route53:ListResourceRecordSets",
      "route53:ListTrafficPolicies",
    ]
    resources = ["*"]
  }

  statement {
    sid    = ""
    effect = "Allow"
    actions = [
      "route53:ChangeResourceRecordSets",
      "route53:GetHostedZone",
      "route53:ListResourceRecordSets",
      "route53:UpdateHostedZoneComment",
    ]
    resources = [
      "${aws_route53_zone.this.arn}"
    ]
  }
}

resource "aws_iam_group_policy_attachment" "route53_operator" {
  group      = aws_iam_group.route53_operator.name
  policy_arn = aws_iam_policy.route53_operator.arn
}

resource "aws_iam_user" "route53_operator" {
  name = "route53-operator"
}

resource "aws_iam_group_membership" "route53_operator" {
  name = "route53_operator"
  users = [
    aws_iam_user.route53_operator.name,
  ]
  group = aws_iam_group.route53_operator.name
}

参考

【AWS IAM】特定のホストゾーンのみ閲覧できるポリシー設定 | 株式会社ビヨンド 2022

Route53の特定HostedZoneしか変更できないIAMユーザーを作る - ablog 2019

ヘルスチェックも