diff --git a/deployments/aws/policies/ai-unlimited-workspaces-without-iam-role-permissions.json b/deployments/aws/policies/ai-unlimited-workspaces-without-iam-role-permissions.json
index 26c9caa..5282701 100644
--- a/deployments/aws/policies/ai-unlimited-workspaces-without-iam-role-permissions.json
+++ b/deployments/aws/policies/ai-unlimited-workspaces-without-iam-role-permissions.json
@@ -95,7 +95,10 @@
                 "ec2:DeleteRoute",
                 "ec2:DescribeAddresses",
                 "ec2:AssociateAddress",
-                "ec2:DisassociateAddress"
+                "ec2:DisassociateAddress",
+                "route53:GetHostedZone",
+                "route53:ChangeResourceRecordSets",
+                "route53:GetChange"
             ],
             "Resource": "*",
             "Effect": "Allow"
diff --git a/deployments/aws/policies/ai-unlimited-workspaces.json b/deployments/aws/policies/ai-unlimited-workspaces.json
index 46aaae3..b91727f 100644
--- a/deployments/aws/policies/ai-unlimited-workspaces.json
+++ b/deployments/aws/policies/ai-unlimited-workspaces.json
@@ -98,7 +98,10 @@
                 "ec2:DeleteRoute",
                 "ec2:DescribeAddresses",
                 "ec2:AssociateAddress",
-                "ec2:DisassociateAddress"
+                "ec2:DisassociateAddress",
+                "route53:GetHostedZone",
+                "route53:ChangeResourceRecordSets",
+                "route53:GetChange"
             ],
             "Resource": "*",
             "Effect": "Allow"
diff --git a/deployments/aws/templates/ai-unlimited/ai-unlimited-with-nlb.yaml b/deployments/aws/templates/ai-unlimited/ai-unlimited-with-nlb.yaml
index 1e19a32..86da02d 100644
--- a/deployments/aws/templates/ai-unlimited/ai-unlimited-with-nlb.yaml
+++ b/deployments/aws/templates/ai-unlimited/ai-unlimited-with-nlb.yaml
@@ -1361,6 +1361,9 @@ Resources:
               - ec2:DescribeAddresses
               - ec2:AssociateAddress
               - ec2:DisassociateAddress
+              - route53:GetHostedZone
+              - route53:ChangeResourceRecordSets
+              - route53:GetChange
             Resource: '*'
       Roles:
         - !Ref AiUnlimitedRole
diff --git a/deployments/aws/templates/ai-unlimited/ai-unlimited-without-lb.yaml b/deployments/aws/templates/ai-unlimited/ai-unlimited-without-lb.yaml
index 4ae712d..3abefc2 100644
--- a/deployments/aws/templates/ai-unlimited/ai-unlimited-without-lb.yaml
+++ b/deployments/aws/templates/ai-unlimited/ai-unlimited-without-lb.yaml
@@ -999,6 +999,9 @@ Resources:
               - ec2:DescribeAddresses
               - ec2:AssociateAddress
               - ec2:DisassociateAddress
+              - route53:GetHostedZone
+              - route53:ChangeResourceRecordSets
+              - route53:GetChange
             Resource: '*'
       Roles:
         - !Ref AiUnlimitedRole