This is useful to create policies, for example, to allow LetsEncrypt to update DNS TXT records for certificate issuance.
Get your Zone ID
This is on the Route53 'Hosted Zones' page, and looks like ZZZZZZZZZ
Create IAM Policy
In 'IAM', 'Policies', click on 'Create Policy', and then select Json. Paste the following JSON into the box, replacing the Zone ID above with your Zone ID. If you want to allow multiple zones to be updated, simply add a second zone ID to the Resource (ZFGHIJKLMNOPQ example below) element. Note that this policy also grants 'list all domains', which may be a security issue in your setting. If so, remove the 'listHostedZones' section.
Click on 'Review Policy' and make sure you haven't typo'ed anything.
Create a new user to use this policy
Only enable 'Programmatic Access'
Link policy to user
Finish and get keys
After you click 'Review' and 'Finish' you will be presented with your new IAM keys.