diff --git a/hacking/aws_config/testing_policies/network-policy.json b/hacking/aws_config/testing_policies/network-policy.json
index 022c9369d7..d108c1c0fd 100644
--- a/hacking/aws_config/testing_policies/network-policy.json
+++ b/hacking/aws_config/testing_policies/network-policy.json
@@ -6,9 +6,11 @@
             "Effect": "Allow",
             "Action": [
                 "route53:CreateHostedZone",
+                "route53:ChangeResourceRecordSets",
                 "route53:DeleteHostedZone",
                 "route53:GetHostedZone",
                 "route53:ListHostedZones",
+                "route53:ListResourceRecordSets",
                 "route53:UpdateHostedZoneComment"
             ],
             "Resource": "*"
diff --git a/test/integration/targets/route53/tasks/main.yml b/test/integration/targets/route53/tasks/main.yml
index 010fe2fe12..de332a7ba0 100644
--- a/test/integration/targets/route53/tasks/main.yml
+++ b/test/integration/targets/route53/tasks/main.yml
@@ -11,7 +11,7 @@
     group/aws:
       aws_access_key: "{{ aws_access_key }}"
       aws_secret_key: "{{ aws_secret_key }}"
-      security_token: "{{ security_token }}"
+      security_token: "{{ security_token | default(omit) }}"
       region: "{{ aws_region }}"
     route53:
       region: null