From 71ec1e692c7bd23c11c53b769251b5a6fd8bfea8 Mon Sep 17 00:00:00 2001
From: will Farrell <will.farrell@gmail.com>
Date: Fri, 27 Jan 2017 15:36:26 -0700
Subject: [PATCH] update route 53 policy to be even more restricted

---
 README.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 40821df..84ea717 100644
--- a/README.md
+++ b/README.md
@@ -95,12 +95,20 @@ docker run -d \
         {
             "Effect": "Allow",
             "Action": [
-                "route53:ListHostedZonesByName",
-                "route53:ChangeResourceRecordSets"
+                "route53:ListHostedZonesByName"
             ],
             "Resource": [
                 "*"
             ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ChangeResourceRecordSets"
+            ],
+            "Resource": [
+                "arn:aws:route53:::hostedzone/${HOSTED_ZONE_ID}"
+            ]
         }
     ]
 }