In trying to very-slowly move over to AWS, DNS is one of the steps I wanted to take my time with. I understood that AWS added a service entitled Route53 to manage your DNS with, but I was reluctant to move over to it fully, as it wasn't accessible via their web-console.
Looking for alternatives, I found quite a few services that offered a GUI for managing DNS zones. One such is entitled Interstate53. While I know nothing about the service yet, it brought up a second issue: giving access to a third-party service using the AWS IAM service.
The IAM service allows you to manage permissions of groups and users with respect to almost any AWS service. For example, giving a user access to only your RDS services, or EC2 instances. In my case, I wanted to grant access to the Route53 service alone. This lead me down a pretty complicated flow, which works as follows:
In my case, I'm creating one for Route53, so I entered the following options:
Select Type of Policy: IAM Policy Effect: Show AWS Service: Amazon Route 53 Actions: All Actions(*) Amazon Resource Name (ARN): *
The flow was a little complex for me at first, but after having gone through it, the moving pieces make quite a bit of sense. The policy generator is pretty interesting as well, since you can make it as complicated or as simple as you want (eg. can manage certain buckets, your DNS routing and your CloudFront service). Also, the policy is a JSON document :)
There ya have it. Hope that helps someone at some point (ummm, me in 3 months after I've forgotten this all).