本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSAWS Marketplace 卖家托管政策
AWS 托管策略是由创建和管理的独立策略 AWS。 AWS 托管策略旨在为许多常见用例提供权限,以便您可以开始为用户、组和角色分配权限。
请记住, AWS 托管策略可能不会为您的特定用例授予最低权限权限,因为它们可供所有 AWS 客户使用。我们建议通过定义特定于您的使用场景的客户管理型策略来进一步减少权限。
您无法更改 AWS 托管策略中定义的权限。如果 AWS 更新 AWS 托管策略中定义的权限,则更新会影响该策略所关联的所有委托人身份(用户、组和角色)。 AWS 最有可能在启动新的 API 或现有服务可以使用新 AWS 服务 的 API 操作时更新 AWS 托管策略。
有关更多信息,请参阅《IAM 用户指南》中的 AWS 托管式策略。
本部分列出了用于管理卖家对 AWS Marketplace的访问的每项策略。有关买家政策的信息,请参阅《买家指南》中的 AWS Marketplace AWS Marketplace 买家AWS 托管政策。
主题
- AWS 托管策略:AWSMarketplaceAmiIngestion
- AWS 托管策略:AWSMarketplaceFullAccess
- AWS 托管策略:AWSMarketplaceGetEntitlements
- AWS 托管策略:AWSMarketplaceMeteringFullAccess
- AWS 托管策略:AWSMarketplaceMeteringRegisterUsage
- AWS 托管策略:AWSMarketplaceSellerFullAccess
- AWS 托管策略:AWSMarketplaceSellerProductsFullAccess
- AWS 托管策略:AWSMarketplaceSellerProductsReadOnly
- AWS 托管策略:AWSVendorInsightsVendorFullAccess
- AWS 托管策略:AWSVendorInsightsVendorReadOnly
- AWS MarketplaceAWS 托管策略的更新
AWS 托管策略:AWSMarketplaceAmiIngestion
您可以使用此策略创建服务角色,然后使用该角色代表您执行操作。 AWS Marketplace 有关使用 AWSMarketplaceAmiIngestion 的更多信息,请参阅允许 AWS Marketplace 访问您的 AMI。
此政策用于向贡献者授予权限, AWS Marketplace 允许他们复制您的 Amazon 系统映像 (AMI) 以便在上 AWS Marketplace架这些映像。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:ModifySnapshotAttribute" ], "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*" }, { "Action": [ "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeSnapshotAttribute", "ec2:ModifyImageAttribute" ], "Effect": "Allow", "Resource": "*" } ] }
AWS 托管策略:AWSMarketplaceFullAccess
您可以将 AWSMarketplaceFullAccess 策略附加到 IAM 身份。
该政策授予管理权限,允许卖家 AWS Marketplace 和买家完全访问和相关服务。这些权限包括以下能力:
-
订阅和取消订阅 AWS Marketplace 软件。
-
从中管理 AWS Marketplace 软件实例 AWS Marketplace。
-
在您的账户中创建和管理 Private Marketplace。
-
提供对亚马逊 EC2 和 Amazon EC2 Systems Manager 的访问权限。 AWS CloudFormation
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:UpdateDocumentDefaultVersion", "ssm:CreateDocument", "ssm:StartAutomationExecution", "ssm:ListDocuments", "ssm:UpdateDocument", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ssm.amazonaws.com" ] } } } ] }
AWS 托管策略:AWSMarketplaceGetEntitlements
您可以将 AWSMarketplaceGetEntitlements 策略附加到 IAM 身份。
此政策授予只读权限,允许软件即服务 (SaaS) 产品销售商检查客户是否已订阅其 AWS Marketplace SaaS 产品。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Sid" : "AWSMarketplaceGetEntitlements", "Effect" : "Allow", "Action": [ "aws-marketplace:GetEntitlements" ], "Resource": "*" } ] }
AWS 托管策略:AWSMarketplaceMeteringFullAccess
您可以将 AWSMarketplaceMeteringFullAccess 策略附加到 IAM 身份。
此策略向贡献者授予权限,允许他们报告与 AWS Marketplace上具有灵活消费定价的 AMI 和容器产品相对应的计量用量。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:MeterUsage" ], "Effect": "Allow", "Resource": "*" } ] }
AWS
托管策略:AWSMarketplaceMeteringRegisterUsage
您可以将 AWSMarketplaceMeteringRegisterUsage 策略附加到 IAM 身份。
此政策向贡献者授予权限,允许他们报告与按小时定价的容器产品相对应的计量使用量。 AWS Marketplace
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:RegisterUsage" ], "Effect": "Allow", "Resource": "*" } ] }
AWS 托管策略:AWSMarketplaceSellerFullAccess
您可以将 AWSMarketplaceSellerFullAccess 策略附加到 IAM 身份。
该政策授予管理权限,允许他们完全访问卖家在 AWS Marketplace基于 AMI 的产品中使用的 Amazon EC2 AMI 的所有操作,包括 AWS Marketplace 管理门户和管理这些操作。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Sid": "MarketplaceManagement", "Effect": "Allow", "Action": [ "aws-marketplace-management:viewReports", "aws-marketplace-management:viewSupport", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "aws-marketplace:GetSellerDashboard", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Resource": "*" }, { "Sid": "AgreementAccess", "Action": [ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws-marketplace:PartyType": "Proposer" }, "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": [ "PurchaseAgreement" ] } } }, { "Sid": "IAMGetRole", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/*" }, { "Sid": "AssetScanning", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "assets.marketplace.amazonaws.com" } } }, { "Sid": "VendorInsights", "Effect": "Allow", "Action": [ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" ], "Resource": "*" }, { "Sid": "TagManagement", "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "SellerSettings", "Effect": "Allow", "Action": [ "aws-marketplace-management:GetSellerVerificationDetails", "aws-marketplace-management:PutSellerVerificationDetails", "aws-marketplace-management:GetBankAccountVerificationDetails", "aws-marketplace-management:PutBankAccountVerificationDetails", "aws-marketplace-management:GetSecondaryUserVerificationDetails", "aws-marketplace-management:PutSecondaryUserVerificationDetails", "aws-marketplace-management:GetAdditionalSellerNotificationRecipients", "aws-marketplace-management:PutAdditionalSellerNotificationRecipients" "payments:GetPaymentInstrument", "payments:CreatePaymentInstrument", "tax:GetTaxInterview", "tax:PutTaxInterview", "tax:GetTaxInfoReportingDocument" ], "Resource": "*" }, { "Sid": "Support", "Effect": "Allow", "Action": [ "support:CreateCase" ], "Resource": "*" }, { "Sid": "ResourcePolicyManagement", "Effect": "Allow", "Action": [ "aws-marketplace:GetResourcePolicy", "aws-marketplace:PutResourcePolicy", "aws-marketplace:DeleteResourcePolicy" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "CreateServiceLinkedRole", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "resale-authorization.marketplace.amazonaws.com" } } } ] }
AWS
托管策略:AWSMarketplaceSellerProductsFullAccess
您可以将 AWSMarketplaceSellerProductsFullAccess 策略附加到 IAM 身份。
该政策向贡献者授予权限,允许他们完全访问管理产品 AWS Marketplace 管理门户、管理基于 AMI 的产品中使用的 Amazon EC2 AMI。
权限详细信息
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam:::role/" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam:::role/", "Condition": { "StringEquals": { "iam:PassedToService": "assets.marketplace.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" ], "Resource": "*" } { "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ] }
AWS
托管策略:AWSMarketplaceSellerProductsReadOnly
您可以将 AWSMarketplaceSellerProductsReadOnly 策略附加到 IAM 身份。
此策略授予只读权限,允许查看 AWS Marketplace 管理门户上的产品和用在基于 AMI 的产品中的 Amazon EC2 AMI。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "ec2:DescribeImages", "ec2:DescribeSnapshots" ], "Resource": "*" } { "Effect": "Allow", "Action": [ "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ] }
AWS 托管策略:AWSVendorInsightsVendorFullAccess
您可以将 AWSVendorInsightsVendorFullAccess 策略附加到 IAM 身份。
此政策授予在 AWS Marketplace 供应商洞察上创建和管理所有资源的完全访问权限。 AWS Marketplace 在本指南中,Vendor Insights将评估人确定为买方和供应商等同于卖方。 AWS Marketplace 更新AWSVendorInsightsVendorFullAccess以添加协议搜索、更新配置文件快照、供应商标记,并允许对 AWS Artifact 第三方报告进行只读访问。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aws-marketplace:DescribeEntity", "Resource": "arn:aws:aws-marketplace:*:*:*/SaaSProduct/*" }, { "Effect": "Allow", "Action": "aws-marketplace:ListEntities", "Resource": "*" }, { "Effect": "Allow", "Action": [ "vendor-insights:CreateDataSource", "vendor-insights:UpdateDataSource", "vendor-insights:DeleteDataSource", "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:CreateSecurityProfile", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:AssociateDataSource", "vendor-insights:DisassociateDataSource", "vendor-insights:UpdateSecurityProfile", "vendor-insights:ActivateSecurityProfile", "vendor-insights:DeactivateSecurityProfile", "vendor-insights:UpdateSecurityProfileSnapshotCreationConfiguration", "vendor-insights:UpdateSecurityProfileSnapshotReleaseConfiguration", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" "vendor-insights:TagResource", "vendor-insights:UntagResource", "vendor-insights:ListTagsForResource", ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests" "aws-marketplace:CancelAgreement", "aws-marketplace:SearchAgreements" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": "VendorInsightsAgreement" } } }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports", ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS 托管策略:AWSVendorInsightsVendorReadOnly
您可以将 AWSVendorInsightsVendorReadOnly 策略附加到 IAM 身份。
此政策授予查看 AWS Marketplace 供应商洞察资料和相关资源的只读访问权限。 AWS Marketplace 在本指南中,Vendor Insights将评估人确定为买方和供应商等同于卖方。 AWS Marketplace 更新AWSVendorInsightsVendorReadOnly为添加列出标签的权限并允许对 AWS Artifact 第三方报告进行只读访问。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aws-marketplace:DescribeEntity", "Resource": "arn:aws:aws-marketplace:*:*:*/SaaSProduct/*" }, { "Effect": "Allow", "Action": "aws-marketplace:ListEntities", "Resource": "*" }, { "Effect": "Allow", "Action": [ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" "vendor-insights:ListTagsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS MarketplaceAWS 托管策略的更新
查看 AWS Marketplace 自该服务开始跟踪这些更改以来 AWS 托管策略更新的详细信息。要获得有关此页面更改的自动提示,请订阅 AWS Marketplace 文档历史记录 页面上的 RSS 源。
| 更改 | 描述 | 日期 |
|---|---|---|
|
AWSMarketplaceSellerFullAccess - 更新的策略 |
更新了 |
2024年6月4日 |
|
AWSMarketplaceGetEntitlements - 更新的策略 |
AWS Marketplace 已更新AWSMarketplaceGetEntitlementssid为在政策声明中添加。 |
2024 年 3 月 22 日 |
|
AWSMarketplaceSellerFullAccess - 更新的策略 |
AWS Marketplace 更新AWSMarketplaceSellerFullAccess为添加了创建服务相关角色的权限。 |
2024 年 3 月 15 日 |
|
AWSMarketplaceSellerFullAccess - 更新的策略 |
AWS Marketplace 更新AWSMarketplaceSellerFullAccess为添加了访问税务信息的权限。 |
2024 年 2 月 8 日 |
| AWSVendorInsightsVendorFullAccess:更新策略 | AWS Marketplace 已更新AWSVendorInsightsVendorFullAccess以添加更新数据源的权限。 |
2023 年 10 月 18 日 |
|
AWSMarketplaceSellerFullAccess - 更新的策略 |
AWS Marketplace 更新AWSMarketplaceSellerFullAccess为添加共享实体的权限。 |
2023 年 6 月 1 日 |
|
AWSMarketplaceSellerFullAccess - 更新的策略 |
AWS Marketplace 已更新AWSMarketplaceSellerFullAccess,添加了与账户验证、银行账户验证、案例管理和卖家通知详情相关的权限。 |
2023 年 6 月 1 日 |
|
AWSMarketplaceSellerFullAccess - 更新的策略 |
AWS Marketplace 已更新AWSMarketplaceSellerFullAccess,添加了访问卖家控制面板的权限。 |
2022 年 12 月 23 日 |
|
AWSMarketplaceSellerFullAccess, AWSMarketplaceSellerProductsFullAccess, AWSMarketplaceSellerProductsReadOnly – 现有策略更新 |
AWS Marketplace 更新了新的基于标签的授权功能的策略。 |
2022 年 12 月 9 日 |
|
AWS Marketplace 已更新 AWSVendorInsightsVendorFullAccess |
AWS Marketplace 更新AWSMarketplaceSellerProductsFullAccess以添加协议搜索、更新配置文件快照、供应商标记,并允许对 AWS Artifact 第三方报告进行只读访问(预览)。 |
2022 年 11 月 30 日 |
| AWS Marketplace 已更新 AWSVendorInsightsVendorReadOnly | AWS Marketplace 更新AWSVendorInsightsVendorReadOnly为添加列出标签的权限并允许对 AWS Artifact
第三方报告进行只读访问(预览)。 |
2022 年 11 月 30 日 |
|
AWSVendorInsightsVendorFullAccess 和 AWSVendorInsightsVendorReadOnly – 添加了新策略 |
AWS Marketplace 为新功能 “ AWS Marketplace 供应商见解” 添加了政策:AWSMarketplaceSellerProductsFullAccess和AWSVendorInsightsVendorReadOnly。 |
2022 年 7 月 26 日 |
| AWSMarketplaceSellerProductsFullAccess 和 AWSMarketplaceSellerFullAccess – 更新的策略 | AWS Marketplace 更新了新功能 “ AWS Marketplace 供应商见解” 的政策:AWSMarketplaceSellerProductsFullAccess和AWSMarketplaceSellerFullAccess。 |
2022 年 7 月 26 日 |
|
AWSMarketplaceSellerFullAccess 和 AWSMarketplaceSellerProductsFullAccess – 现有策略更新 |
AWS Marketplace 更新了政策,使iam:PassedToService条件仅适用于iam:PassRole。 |
2021 年 11 月 22 日 |
|
AWSMarketplaceFullAccess – 现有策略更新 |
AWS Marketplace 已从 |
2021 年 7 月 20 日 |
|
AWS Marketplace 已开始跟踪更改 |
AWS Marketplace 开始跟踪其 AWS 托管策略的更改。 |
2021 年 4 月 20 日 |
