diff --git a/Using-Oracle-Cloud-Infrastructure-DNS.md b/Using-Oracle-Cloud-Infrastructure-DNS.md index fbd7608..b58c5dd 100644 --- a/Using-Oracle-Cloud-Infrastructure-DNS.md +++ b/Using-Oracle-Cloud-Infrastructure-DNS.md @@ -45,6 +45,22 @@ To issue a wildcard certificate, use:: acme.sh --issue --dns dns_oci -d example.com -d *.example.com ``` +## Required IAM service policy + +Permissions are required to add and remove DNS records from DNS. Ensure that +a policy exists that grants the specified user sufficient permission to create +and remove `TXT` records in the target zone(s) in the tenancy. + +Here is an example policy that grants all DNS operations in all zones in the +tenancy for all members of a specific user group: + +``` +Allow group to manage dns in tenancy +``` + +If you're new to policies, see [Getting Started with Policies][POLS] and [Common Policies][CPOLS]. +For more details about policies for DNS, see [Details for the DNS Service][DNSPOL]. + ## Security recommendations The **[Oracle Cloud Infrastructure Security Guide][OSG]** details the recommended @@ -72,3 +88,7 @@ any issues or bugs. [GHS]: https://docs.github.com/en/actions/reference/encrypted-secrets [REGS]: https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm#top [CLIVARS]: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm +[IAM]: https://docs.oracle.com/en-us/iaas/Content/DNS/Concepts/dnszonemanagement.htm#Required_IAM_Service_Policy +[POLS]: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm#Getting_Started_with_Policies +[CPOLS]: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#top +[DNSPOL]: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/dnspolicyreference.htm#Details_for_the_DNS_Service \ No newline at end of file