Policies and permissions for AWS Marketplace sellers
AWS Marketplace has three managed policies you can use with the AWS Marketplace Management Portal. In addition, you can use individual permissions to create your own AWS Identity and Access Management (IAM) policy.
To learn about policies and permissions on AWS Data Exchange for data products, see Identity and Access Management in AWS Data Exchange in the AWS Data Exchange User Guide.
Policies for AWS Marketplace sellers
You can use the following managed policies to provide IAM users with controlled access to the AWS Marketplace Management Portal:
AWSMarketplaceSellerFullAccess
-
Allows full access to all of the pages in the AWS Marketplace Management Portal and other AWS services, such as Amazon Machine Image (AMI) management.
AWSMarketplaceSellerProductsFullAccess
-
Allows full access to the Products
pages in the AWS Marketplace Management Portal. AWSMarketplaceSellerProductsReadOnly
-
Allows read-only access to the Products
pages in the AWS Marketplace Management Portal.
AWS Marketplace buyers can use managed policies to manage the subscriptions they purchase.
The
managed policies you use with AWS Marketplace Management Portal start with AWSMarketplaceSeller
. When
you search for policies in IAM, make sure to search for policies that start with
AWSMarketplaceSeller
.
Permissions for AWS Marketplace sellers
You can use the following permissions in IAM policies for the AWS Marketplace Management Portal:
aws-marketplace-management:viewMarketing
-
Allows access to the Marketing
page in the AWS Marketplace Management Portal. aws-marketplace-management:viewSupport
-
Allows access to the Customer Support Eligibility
page in the AWS Marketplace Management Portal. aws-marketplace-management:viewReports
-
Allows access to the Reports
page in the AWS Marketplace Management Portal. aws-marketplace-management:uploadFiles
-
Allows access to the File Upload
page in the AWS Marketplace Management Portal. aws-marketplace-management:viewSettings
-
Allows access to the Settings
page in the AWS Marketplace Management Portal. aws-marketplace:SearchAgreements
-
Allows viewing the high-level list of agreements on the Agreements page, as well as opportunities between ISVs and consulting partners on the Partners page.
aws-marketplace:DescribeAgreement
-
Allows viewing of high-level agreement details on the Agreements page, as well as opportunities between ISVs and consulting partners on the Partners page.
aws-marketplace:GetAgreementTerms
-
Allows viewing all agreement term details on the Agreements page, as well as opportunities between ISVs and consulting partners on the Partners page.
To enable a user to access the Manage ProductsAWSMarketplaceSellerProductsFullAccess
or
AWSMarketplaceSellerProductsReadOnly
managed permissions.
You can combine the preceding permissions into a single IAM policy to grant the permissions that you want. See the following examples.
Example 1: Permissions to access the Marketing and File Upload pages.
To grant permissions to both the Marketing page and the File Upload page, use a policy similar to the following example.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "aws-marketplace-management:viewMarketing", "aws-marketplace-management:uploadFiles" ], "Resource": ["*"] }] }
Example 2: Permissions to create upgrades and renewals for private offers
To grant permissions to view and use the Agreements page to create upgrades and renewals for private offers, use a policy similar to the following example.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws-marketplace:PartyType": "Proposer" }, "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": [ "PurchaseAgreement" ] } } } ] }
Using IAM groups
Alternatively, you can create separate IAM groups for granting access to each individual page in the AWS Marketplace Management Portal. Users can belong to more than one group. So, if a user needs access to more than one page, you can add the user to all of the appropriate groups. For example, create one IAM group and grant that group permission to access the Marketing page, create another group and grant that group permission to access the File Upload page, and so on. If a user needs permission to access both the Marketing page and the File Upload page, add the user to both groups.
For more information about IAM users and groups, see Identities (Users, Groups, and Roles) in the IAM User Guide.