API Access Control - AWS Marketplace Catalog API

API Access Control

Before you can use the AWS Marketplace Catalog API, your seller account must be added to the approved list. Otherwise, your requests will fail. You must also create IAM users, roles, and policies before you can use the AWS Marketplace Catalog API. Contact us if you'd like to be approved for this service.

Use AWS Identity and Access Management (IAM) to create IAM roles and assign policies that grant limited permissions to end users. The policies define the actions the role can take on your product entities through the AWS Marketplace Catalog API. For example, you can define roles such as engineering, marketing, and pricing. A user in your organization who has been added to the engineering role might be granted permissions to initiate a change request to publish a new version, but cannot list all change sets.

Set Up IAM Permissions

You can use the AWSMarketplaceSellerFullAccess IAM managed policy which has full access to the AWS Marketplace Catalog API in addition to its other permissions. You can grant read-only access for the Catalog API with the AWSMarketplaceSellerProductsReadOnly policy. The following is a list of the actions that you can use in your IAM policies for scoping permissions to the AWS Marketplace Catalog API:

  • aws-marketplace:ListChangeSets

  • aws-marketplace:DescribeChangeSet

  • aws-marketplace:StartChangeSet

  • aws-marketplace:CancelChangeSet

  • aws-marketplace:ListEntities

  • aws-marketplace:DescribeEntity

For more information on these policies, their permissions, and other IAM managed policies, sign into the https://console.aws.amazon.com/iam/, choose Policies, and search for Marketplace.

Condition Keys

The AWS Marketplace Catalog API also supports condition keys for the StartChangeSet action, allowing you to tune IAM policies for each change type. For example, if an IAM user has the policy attached to their user, then they can only perform StartChangeSet when the change type name is ExampleChangeTypeName.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aws-marketplace:StartChangeSet", "Resource": "*", "Condition": { "StringEquals": { "catalog:ChangeType": [ "ExampleChangeTypeName" ] } } } ] }