本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSAWS Marketplace 買家管理政策
受 AWS 管理的策略是由建立和管理的獨立策略 AWS。 AWS 受管理的策略旨在為許多常見使用案例提供權限,以便您可以開始將權限指派給使用者、群組和角色。
請記住, AWS 受管理的政策可能不會為您的特定使用案例授與最低權限權限,因為這些權限可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。
您無法變更受 AWS 管理策略中定義的權限。如果 AWS 更新 AWS 受管理原則中定義的權限,則此更新會影響附加原則的所有主體識別 (使用者、群組和角色)。 AWS 當新的啟動或新 AWS 服務 的 API 操作可用於現有服務時,最有可能更新 AWS 受管理策略。
如需詳細資訊,請參閱《IAM 使用者指南》中的 AWS 受管政策。
本節列出用來管理買家存取權的各項政策 AWS Marketplace。有關賣AWS Marketplace 家政策的資料,請參閱AWS Marketplace 賣家指南中的「AWS 管理政策」。
主題
- AWS 受管理策略:AWSMarketplaceDeploymentServiceRolePolicy
- AWS 受管理策略: AWSMarketplaceFullAccess
- AWS 受管理策略: AWSMarketplaceLicenseManagementServiceRolePolicy
- AWS 受管理策略: AWSMarketplaceManageSubscriptions
- AWS 受管理策略: AWSMarketplaceProcurementSystemAdminFullAccess
- AWS 管理策略: AWSMarketplaceRead只有
- AWS 受管理策略: AWSPrivateMarketplaceAdminFullAccess
- AWS 受管理策略: AWSPrivateMarketplaceRequests
- AWS 受管理策略: AWSServiceRoleForPrivateMarketplaceAdminPolicy
- AWS 受管理策略: AWSVendorInsightsAssessorFullAccess
- AWS 受管理策略: AWSVendorInsightsAssessorReadOnly
- AWS MarketplaceAWS 受管理策略的更新
AWS 受管理策略:AWSMarketplaceDeploymentServiceRolePolicy
您不得將 AWSMarketplaceDeploymentServiceRolePolicy 連接到 IAM 實體。此原則附加至服務連結角色,可 AWS Marketplace 代表您執行動作。如需詳細資訊,請參閱 使用 AWS Marketplace的服務連結角色。
此原則會授與參與者權限, AWS Marketplace 以允許您管理部署相關參數,這些參數會以密碼形式儲存在中AWS Secrets Manager。
AWS 受管理策略: AWSMarketplaceFullAccess
您可將 AWSMarketplaceFullAccess 政策連接到 IAM 身分。
此政策授予管理權限,允許以買家 AWS Marketplace 和賣家身份完整存取和相關服務。這些許可包括訂閱和取消訂閱 AWS Marketplace 軟體、管理 AWS Marketplace 軟體執行個體 AWS Marketplace、在帳戶中建立和管理私有市場,以及存取 Amazon EC2 和 Amazon EC2 Systems Manager 的功能。 AWS CloudFormation
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:StartAutomationExecution" ], "Resource": [ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ssm.amazonaws.com" ], "iam:AssociatedResourceARN": [ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] } } } ] }
AWS 受管理策略: AWSMarketplaceLicenseManagementServiceRolePolicy
您無法附加 AWSMarketplaceLicenseManagementServiceRolePolicy 到 IAM 實體。此原則附加至服務連結角色,可 AWS Marketplace 代表您執行動作。如需詳細資訊,請參閱 使用 AWS Marketplace的服務連結角色。
此原則會授與參與者權限,讓您可 AWS Marketplace 以代表您管理授權。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowLicenseManagerActions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "license-manager:ListReceivedGrants", "license-manager:ListDistributedGrants", "license-manager:GetGrant", "license-manager:CreateGrant", "license-manager:CreateGrantVersion", "license-manager:DeleteGrant", "license-manager:AcceptGrant" ], "Resource": [ "*" ] } ] }
AWS 受管理策略: AWSMarketplaceManageSubscriptions
您可將 AWSMarketplaceManageSubscriptions 政策連接到 IAM 身分。
此原則會授與參與者權限,允許訂閱和取消訂閱產品。 AWS Marketplace
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect": "Allow", "Resource": "*" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateListings" ] } ] }
AWS 受管理策略: AWSMarketplaceProcurementSystemAdminFullAccess
您可將 AWSMarketplaceProcurementSystemAdminFullAccess 政策連接到 IAM 身分。
此原則授與管理員權限,允許管理 AWS Marketplace eProcurement 整合的所有層面,包括列出組織中的帳戶。如需電子採購整合的詳細資訊,請參閱AWS Marketplace 與採購系統整合。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:PutProcurementSystemConfiguration", "aws-marketplace:DescribeProcurementSystemConfiguration", "organizations:Describe*", "organizations:List*" ], "Resource": [ "*" ] } ] }
AWS 管理策略: AWSMarketplaceRead只有
您可將 AWSMarketplaceRead-only 政策連接到 IAM 身分。
此政策授予唯讀許可,允許您在帳戶上檢視產品 AWS Marketplace、私有優惠和訂閱 AWS Identity and Access Management,以及檢視帳戶中的 Amazon EC2 和 Amazon SNS 資源。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Resource": "*", "Action": [ "aws-marketplace:ViewSubscriptions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateListings" ] } ] }
AWS 受管理策略: AWSPrivateMarketplaceAdminFullAccess
您可將 AWSPrivateMarketplaceAdminFullAccess 政策連接到 IAM 身分。
此政策授予管理員權限,允許完整存取權以管理您帳戶 (或組織) 中的私人市集。如需有關使用多個管理員的詳細資訊,請參閱為私人市集管理員建立自訂原則。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PrivateMarketplaceRequestPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": [ "*" ] }, { "Sid": "PrivateMarketplaceCatalogAPIPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet" ], "Resource": "*" }, { "Sid": "PrivateMarketplaceCatalogTaggingPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "PrivateMarketplaceOrganizationPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListParents", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Resource": "*" } ] }
AWS 受管理策略: AWSPrivateMarketplaceRequests
您可將 AWSPrivateMarketplaceRequests 政策連接到 IAM 身分。
此政策授予參與者權限,允許訪問請求將產品添加到您的私人市場,並查看這些請求。這些要求必須由私人市集管理員核准或拒絕。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": "*" } ] }
AWS 受管理策略: AWSServiceRoleForPrivateMarketplaceAdminPolicy
您不得將 AWSServiceRoleForPrivateMarketplaceAdminPolicy 連接到 IAM 實體。此政策會連接到服務連結角色,而此角色可讓 AWS Marketplace
代表您執行動作。如需詳細資訊,請參閱 使用 AWS Marketplace的服務連結角色。
此政策授予參與者權限,允許 AWS Marketplace 描述和更新私人 Marketplace 資源和描述 AWS Organizations。
AWS 受管理策略: AWSVendorInsightsAssessorFullAccess
您可將 AWSVendorInsightsAssessorFullAccess 政策連接到 IAM 身分。
此政策授予查看有權 AWS Marketplace 供應商洞察資源和管理 AWS Marketplace 供應商洞察訂閱的完整訪問權限。系統管理員必須核准或拒絕這些要求。它允許對 AWS Artifact 協力廠商報表進行唯讀存取。
AWS Marketplace 供應商洞察識別評估員等於買方,供應商等於賣方。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "vendor-insights:GetProfileAccessTerms", "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Resource": "*" }, { "Action": [ "aws-marketplace:CreateAgreementRequest", "aws-marketplace:GetAgreementRequest", "aws-marketplace:AcceptAgreementRequest", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:SearchAgreements", "aws-marketplace:CancelAgreement" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws-marketplace:AgreementType": "VendorInsightsAgreement" } } }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS 受管理策略: AWSVendorInsightsAssessorReadOnly
您可將 AWSVendorInsightsAssessorReadOnly 政策連接到 IAM 身分。
此策略授予只讀訪問權限,以查看有權 AWS Marketplace 供應商洞察資源。系統管理員必須核准或拒絕這些要求。它允許對中的報告進行唯讀存取 AWS Artifact。
要求必須由系統管理員核准或拒絕。它允許對 AWS Artifact 協力廠商報表進行唯讀存取。
AWS Marketplace 就本指南而言,「供應商洞察」將評估人識別為買方和賣方等於賣方。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS MarketplaceAWS 受管理策略的更新
檢視 AWS Marketplace 自此服務開始追蹤這些變更以來的 AWS 受管理策略更新詳細資料。如需有關此頁面變更的自動提醒,請訂閱 AWS Marketplace 文件歷史紀錄 頁面的 RSS 摘要。
| 變更 | 描述 | 日期 |
|---|---|---|
移除舊版AWSMarketplaceImageBuildFullAccess AWS Marketplace 政策 |
AWS Marketplace 中止了私人映像構建交付方法,因此該AWSMarketplaceImageBuildFullAcces策略也被終止。 |
2024年5月30日 |
| AWSServiceRoleForPrivateMarketplaceAdminPolicy-增加了對新功能的政策 AWS Marketplace | AWS Marketplace 新增政策以支援管理私人 Marketplace 資源和描述 AWS Organizations。 | 2024年2月16日 |
|
AWSPrivateMarketplaceAdminFullAccess – 更新現有政策 |
AWS Marketplace 已更新政策以支援讀取 AWS Organizations 資料。 |
2024年2月16日 |
| AWSMarketplaceDeploymentServiceRolePolicy-增加了對新功能的政策 AWS Marketplace | AWS Marketplace 已新增新原則以支援管理部署相關參數。 | 2023 年 11 月 29 日 |
| AWSMarketplaceReadAWSMarketplaceManageSubscriptions--現有策略的更新 | AWS Marketplace 已更新現有政策以允許存取 [非公開選件] 頁面。 | 2023 年 1 月 19 日 |
|
AWSPrivateMarketplaceAdminFullAccess – 更新現有政策 |
AWS Marketplace 更新了基於標籤的新授權功能的策略。 |
2022 年 12 月 9 日 |
AWSVendorInsightsAssessorReadOnly AWS Marketplace 已更新 AWSVendorInsightsAssessorReadOnly |
AWS Marketplace 已更新,AWSVendorInsightsAssessorReadOnly將唯讀存取權新增至 AWS Artifact 協力廠商報表中的報表 (預覽)。 |
2022 年 11 月 30 日 |
AWSVendorInsightsAssessorFullAccess AWS Marketplace 已更新 AWSVendorInsightsAssessorFullAccess |
AWS Marketplace 已更新, |
2022 年 11 月 30 日 |
|
AWSVendorInsightsAssessorFullAccess和 AWSVendorInsightsAssessorReadOnly-增加了新功能的政策 AWS Marketplace |
AWS Marketplace 為新功能添加了政策 AWS Marketplace 供應商見解: |
2022 年 7 月 26 日 |
|
AWSMarketplaceFullAccess和 AWSMarketplaceImageBuildFullAccess — 現有政策的更新 |
AWS Marketplace 刪除不再需要權限來提高安全性。 |
2022 年 3 月 4 日 |
|
AWSPrivateMarketplaceAdminFullAccess – 更新現有政策 |
AWS Marketplace 移除策略中未使用的 |
2021 年 8 月 27 日 |
|
AWSMarketplaceFullAccess – 更新現有政策 |
AWS Marketplace 從策略中移除重複的 |
2021 年 7 月 20 日 |
|
AWS Marketplace 開始追蹤變更 |
AWS Marketplace 開始追蹤其 AWS 受管理策略的變更。 |
2021 年 4 月 20 日 |
