The error My role Answer Your policy does not include route53:ChangeResourceRecordSets: Grants permission to create, update, or delete a record, which contains authoritative DNS information for a specified domain or subdomain name You only have “route53domains:*” permissions, but you don’t have route53:* nor route53:ChangeResourceRecordSets. ChangeResourceRecordSets is from route53, not from route53domains.