From aa551afe3d266f269241857c4822c3d0753367f5 Mon Sep 17 00:00:00 2001
From: hjoshi123 <hemant.joshi@vizio.com>
Date: Wed, 26 Feb 2025 22:23:59 -0700
Subject: [PATCH] adding documentation in tutorials.md

---
 docs/tutorials/aws.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/tutorials/aws.md b/docs/tutorials/aws.md
index ed697e11cc..d3c95c5936 100644
--- a/docs/tutorials/aws.md
+++ b/docs/tutorials/aws.md
@@ -1108,3 +1108,15 @@ args:
     --aws-zone-tags=team=k8s,vertical=platform # this is not supported
     --aws-zone-tags==tag-value # this is not supported
 ```
+
+### Add Roles specific to the zone
+
+If you have multiple zones and want to manage them with different roles, you can configure `external-dns` with the following option:
+
+```sh
+args:
+  --aws-domain-roles=example.com=arn:aws:iam::123456789012:role/external-dns-role
+```
+
+`--aws-domain-roles` is a map of domain names to IAM roles. The domain/hosted zone names should match the `--domain-filter` values.
+AWS also sets STS rate limits on a per account per region basis i.e. for a single account on a single region you can make 600 requests per second.