Creating and managing a private marketplace

To create and manage a private marketplace, you must be signed into the management account or the delegated administrator account for private marketplace. You must also have the AWS Identity and Access Management (IAM) permissions in the AWSPrivateMarketplaceAdminFullAccess IAM policy. For more information about applying this policy to users, groups, and roles, see Creating a private marketplace administrator.

Note

If you're a current private marketplace customer without the AWS Organizations integration for private marketplace, you can create and manage a private marketplace from any account in your organization that has the AWSPrivateMarketplaceAdminFullAccess IAM policy.

This section includes tasks that you can complete as a private marketplace administrator through the AWS Marketplace website. You can also manage private marketplaces using the AWS Marketplace Catalog API. For more information, see Working with a private marketplace in the AWS Marketplace Catalog API Reference.

Getting started with private marketplace

To get started with private marketplace, ensure you're signed into your AWS management account, navigate to Private Marketplace, and then enable the following prerequisites:

• Trusted access – You must enable trusted access for AWS Organizations, which allows the management account of an organization to provide or revoke access for their AWS Organizations data for an AWS service. Enabling trusted access is critical for private marketplace to integrate with AWS Organizations and designate private marketplace as a trusted service in your organization.

• Service-linked role – You must enable the private marketplace service-linked role, which resides in the management account and includes all the permissions that private marketplace requires to describe AWS Organizations and update private marketplace resources on your behalf. For more information on the service-linked role, see Using roles to configure Private Marketplace in AWS Marketplace.

Note

Current private marketplace customers can enable settings for your private marketplace by navigating to the Private Marketplace administrator's page and choosing Settings. By enabling trusted access for AWS Organizations and creating a service-linked role, you can utilize features, such as associating OUs to private marketplace experiences and registering a delegated administrator. When enabled, only the management account and delegated administrator account can create and manage marketplace experiences, with existing resources transferred to the management account and shared only with the delegated administrator. Disabling trusted access will remove private marketplace governance for your organization. There are no account groups displayed in your private marketplace. To view your organization’s governance at different levels, use the Organization structure page. For questions or support, contact us.

Managing private marketplace

You can manage your private marketplace from the Private Marketplace administrator's page under Settings in the left pane. The management account administrator and delegated administrators can use this page to view private marketplace details, including the default private marketplace and number of live experiences.

Management account administrators can also use this page to manage the following settings.

Delegated administrators

The management account administrator can delegate private marketplace administrative permissions to a designated member account known as delegated administrator. To register an account as a delegated administrator for the private marketplace, the management account administrator must ensure trusted access and the service-linked role are enabled, choose Register a new administrator, provide the 12-digit AWS account number, and choose Submit.

Management accounts and delegated administrator accounts can perform private marketplace administrative tasks, such as creating experiences, updating branding settings, associating or disassociating audiences, adding or removing products, and approving or declining pending requests.

Trusted access and service-linked role

The management account administrator can enable the following features for your private marketplace.

Note

Current private marketplace customers can enable settings for your private marketplace by navigating to the Private Marketplace administrator's page and choosing Settings. By enabling trusted access for AWS Organizations and creating a service-linked role, you can utilize features, such as associating OUs to private marketplace experiences and registering a delegated administrator. When enabled, only the management account and delegated administrator account can create and manage marketplace experiences, with existing resources transferred to the management account and shared only with the delegated administrator. Disabling trusted access will remove private marketplace governance for your organization. There are no account groups displayed in your private marketplace. To view your organization’s governance at different levels, use the Organization structure page. For questions or support, contact us.

• Trusted access – You must enable trusted access for AWS Organizations, which allows the management account of an organization to provide or revoke access for their AWS Organizations data for an AWS service. Enabling trusted access is critical for private marketplace to integrate with AWS Organizations and designate private marketplace as a trusted service in your organization.

• Service-linked role – You must enable the private marketplace service-linked role, which resides in the management account and includes all the permissions that private marketplace requires to describe AWS Organizations and update private marketplace resources on your behalf. For more information on the service-linked role, see Using roles to configure Private Marketplace in AWS Marketplace.

Creating a private marketplace experience

Your private marketplace is made up of one or more private marketplace experiences. An experience can be associated with your entire organization, one or more OUs, or one or more accounts in your organization. If your AWS account is not a member of an organization, then you have one private marketplace experience associated with one account. To create your private marketplace, navigate to Private Marketplace, select the Experiences page on the left, and choose Create experience.

Note

To use private marketplace with AWS Organizations, you need to enable all features for the organization. For more information, see Enabling all features in your organization in the AWS Organizations User Guide.

If your AWS account is not a member of an organization, you do not need any prerequisite steps to use private marketplace.

Your private marketplace experience is created with no approved products, no branding elements, and is associated with no accounts in your organization. It's not live by default. The following topics describe how to work with your private marketplace experience.

Adding products to your private marketplace experience

To add products to a private marketplace experience

1. From the Private Marketplace administrator's page, select Experiences in the left navigation pane. Then, on the Products tab, choose All AWS Marketplace products. You can search by product name or seller name.

2. Select the check box next to each product to add to your private marketplace and then choose Add to Private Marketplace.

Note

You can also add a product directly from the product details page by choosing the Add to Private Marketplace button on the red banner. If the red banner is not on the product's detail page, the product is already in your private marketplace.

You can also add multiple products to multiple experiences at one time by choosing Bulk add/remove products from the left navigation pane.

Verifying products in your private marketplace experience

To verify a product is approved in your private marketplace experience

1. From the Private Marketplace administrator's page, select Experiences in the left navigation pane.

2. Choose Approved products. All approved products display in the approved list.

Note

If you are using an account that has been associated with the experience you are editing, and the experience is enabled, then you can also view the products directly in the AWS Marketplace console (https://console.aws.amazon.com/marketplace). All products in any search results show an approved for procurement badge if they are part of your private marketplace.

Customizing your private marketplace experience

Experiences are subsets of products and associated branding that can have one or more associated audiences. A single private marketplace experience can govern the entire organization if the experience is associated to the organization or govern one or more accounts or organizational units in your organization.

You can manage your experience settings from the Private Marketplace administrator's page under Experiences in the left pane. Use this page to view and manage all your active and archived experiences and create new experiences for your private marketplace. For each experience, you can add a logo, add a title, and customize the user interface to use your organization’s color scheme.

Managing audiences

An audience is an organization or a group of organizational units (OUs) or accounts that you can associate with a private marketplace experience. You can create an audience from the Private Marketplace administrator's page under Experiences in the left pane.

You can associate one or more audiences to an experience. When you associate or disassociate an audience, it may change the governing experience of child OUs and accounts. Use the Organization structure page to see the accounts and OUs affected by the association. If you disable trusted access, your audiences will be disassociated and all governance will be removed.

Note

You can view your AWS Organizations hierarchy and manage governance for your organization from private marketplace. To govern your private marketplace at an organizational unit level and register delegated administrators, enable trusted access and the service-linked role from the Settings page. For questions or support, contact us.

Configuring your private marketplace

After you are satisfied with the experience's product list, the marketplace's branding settings, and the associated account groups, then you can make your private marketplace live. From the AWS Private Marketplace administrator's page, select Experience in the left navigation pane, then select the experience you want to enable. On the Settings tab, you can change the private marketplace status between Live (enabled) and Not live (disabled).

You can also choose to allow users to submit software requests with Software requests. If software requests are On (enabled), end users can choose Create request on the product details page to submit a request to the administrator to make the product available on your private marketplace. Software requests are enabled by default, and the setting can only be modified while the private marketplace is enabled.

When your private marketplace is live, end users can buy only the products that you have approved. When your private marketplace is disabled, you retain the list of products. However, disabling a private marketplace removes the restriction from users in your AWS Organizations organization. As a result, they can subscribe to any products in the public AWS Marketplace.

Making a private marketplace live does not disrupt active Amazon Machine Images (AMIs) running on Amazon Elastic Compute Cloud (Amazon EC2) instances. As a best practice, ensure that all AWS Marketplace products currently in use across your organization are included in your private marketplace. It's also a best practice to have a plan in place to discontinue use of unapproved products before making the private marketplace live. After the private marketplace is live, all new subscriptions or renewals are governed by the products approved in the private marketplace catalog.

Working with private products

Some products are not publicly available to browse in AWS Marketplace. These products can only be seen when you are given a private offer from the seller. The private offer from the seller includes a link to the product. You can add the product to the private marketplace from the banner at the top of the page.

Note

If you want to subscribe to a private product from a different account in your organization, the seller must include both your AWS account (to add the product to the private marketplace) and the user's account (to subscribe to the product) in the private offer.

To remove a private product from your private marketplace, you must contact AWS Marketplace Support.

Managing user requests

You can allow users to submit requests for products to be added to their private marketplace catalog with the software request feature. To do so, navigate to the administrator's page for your private marketplace, select Experiences in the left navigation pane, and choose the experience you want to manage. From the Products tab, choose Pending requests. From here you can review requests your users have made for products to be added to their private marketplace catalog.

You can add any number of requested products from this page by first selecting the check box next to the name of each requested product, and then choosing Add to Private Marketplace. Similarly, you can also decline one or more selected requests by choosing Decline. To view more information about a product (or its software request), choose View details in the Details column for that request.

When you decline a product request, you can add a reason and prevent future requests (block) for this product. Blocking a product won't prevent you from adding the product to your private marketplace, but it does prevent your users from requesting the product.

Archiving and reactivating a private marketplace experience

You can remove a private marketplace experience by archiving it. Archived experiences can’t be updated or used to govern accounts in your organization. If you have audiences associated with an archived experience, you can associate them with a different experience. If you decide to use the experience at a later time, you can always reactivate it. Management account administrators or delegated administrators have permissions to archive and reactivate experiences..

Note

Before archiving an experience, you must disable it. For information about disabling an experience, see Configuring your private marketplace.

If you're a current private marketplace customer without the AWS Organizations integration for private marketplace, administrators from the account that created the experience have permissions to archive and reactivate experiences.

To archive one or more private marketplace experiences

1. From the Private Marketplace administrator's page, select Experiences in the left navigation pane.

2. On the Active experiences tab, select one or more experiences.

3. Choose Archive experience.

   Note

   If one or more of the experiences has a Live status, you must take them offline by choosing Take experience(s) offline.

4. To verify that you want to archive the experience, type confirm (all lowercase) in the text box.

5. Choose Archive.

   Note

   You can also archive an experience by selecting the experience, choosing Archive experience under Admin mode on the Settings tab, and then choosing Save.

To reactivate one or more private marketplace experiences

1. From the Private Marketplace administrator's page, select Experiences in the left navigation pane.

2. On the Archived experiences tab, select one or more experiences.

3. Choose Reactivate.

4. To verify that you want to reactivate the experience, type confirm in the text box.

5. Choose Reactivate.

   Note

   You can also reactive an experience by selecting the experience, choosing Reactivate experience under Admin mode in the Settings tab, and then choosing Save.