Policies and permissions for AWS Marketplace sellers

AWS Marketplace has three managed policies you can use with the AWS Marketplace Management Portal. In addition, you can use individual permissions to create your own AWS Identity and Access Management (IAM) policy.

Note

To learn about policies and permissions on AWS Data Exchange for data products, see Identity and Access Management in AWS Data Exchange in the AWS Data Exchange User Guide.

To learn about policies and permissions for AWS Marketplace buyers, see Controlling access to AWS Marketplace subscriptions in the AWS Marketplace Buyer Guide.

Policies for AWS Marketplace sellers

You can use the following managed policies to provide IAM users with controlled access to the AWS Marketplace Management Portal:

AWSMarketplaceSellerFullAccess: Allows full access to all of the pages in the AWS Marketplace Management Portal and other AWS services, such as Amazon Machine Image (AMI) management.
AWSMarketplaceSellerProductsFullAccess: Allows full access to the Products pages in the AWS Marketplace Management Portal.
AWSMarketplaceSellerProductsReadOnly: Allows read-only access to the Products pages in the AWS Marketplace Management Portal.

Important

AWS Marketplace buyers can use managed policies to manage the subscriptions they purchase. The managed policies you use with AWS Marketplace Management Portal start with AWSMarketplaceSeller. When you search for policies in IAM, make sure to search for policies that start with AWSMarketplaceSeller.

AWS Marketplace also provides specialized managed policies for specific scenarios. For a full list of AWS managed policies for AWS Marketplace sellers, as well as descriptions of what permissions they provide, see AWS managed policies for AWS Marketplace sellers.

Permissions for AWS Marketplace sellers

You can use the following permissions in IAM policies for the AWS Marketplace Management Portal:

aws-marketplace-management:viewMarketing: Allows access to the Marketing page in the AWS Marketplace Management Portal.
aws-marketplace-management:viewSupport: Allows access to the Customer Support Eligibility page in the AWS Marketplace Management Portal.
aws-marketplace-management:viewReports: Allows access to the Reports page in the AWS Marketplace Management Portal.
aws-marketplace-management:uploadFiles: Allows access to the File Upload page in the AWS Marketplace Management Portal.
aws-marketplace-management:viewSettings: Allows access to the Settings page in the AWS Marketplace Management Portal.
aws-marketplace:SearchAgreements: Allows viewing the high-level list of agreements on the Agreements page, as well as opportunities between ISVs and consulting partners on the Partners page.
aws-marketplace:DescribeAgreement: Allows viewing of high-level agreement details on the Agreements page, as well as opportunities between ISVs and consulting partners on the Partners page.
aws-marketplace:GetAgreementTerms: Allows viewing all agreement term details on the Agreements page, as well as opportunities between ISVs and consulting partners on the Partners page.

Note

To enable a user to access the Manage Products page, you must use either the AWSMarketplaceSellerProductsFullAccess or AWSMarketplaceSellerProductsReadOnly managed permissions.

You can combine the preceding permissions into a single IAM policy to grant the permissions that you want. See the following examples.

Example 1: Permissions to access the Marketing and File Upload pages.

To grant permissions to both the Marketing page and the File Upload page, use a policy similar to the following example.


{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "aws-marketplace-management:viewMarketing",
      "aws-marketplace-management:uploadFiles"
    ],
    "Resource": ["*"]
  }]
}

Example 2: Permissions to create upgrades and renewals for private offers

To grant permissions to view and use the Agreements page to create upgrades and renewals for private offers, use a policy similar to the following example.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "aws-marketplace:SearchAgreements",
                "aws-marketplace:DescribeAgreement",
                "aws-marketplace:GetAgreementTerms"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws-marketplace:PartyType": "Proposer"
                },
                "ForAllValues:StringEquals": {
                    "aws-marketplace:AgreementType": [
                        "PurchaseAgreement"
                    ]
                }
            }
        }
    ]
}

Using IAM groups

Alternatively, you can create separate IAM groups for granting access to each individual page in the AWS Marketplace Management Portal. Users can belong to more than one group. So, if a user needs access to more than one page, you can add the user to all of the appropriate groups. For example, create one IAM group and grant that group permission to access the Marketing page, create another group and grant that group permission to access the File Upload page, and so on. If a user needs permission to access both the Marketing page and the File Upload page, add the user to both groups.

For more information about IAM users and groups, see Identities (Users, Groups, and Roles) in the IAM User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

IAM for AWS Marketplace

AWS managed policies