AWSAWS Marketplace 賣家的管理政策 - AWS Marketplace

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWSAWS Marketplace 賣家的管理政策

受 AWS 管理的策略是由建立和管理的獨立策略 AWS。 AWS 受管理的策略旨在為許多常見使用案例提供權限,以便您可以開始將權限指派給使用者、群組和角色。

請記住, AWS 受管理的政策可能不會為您的特定使用案例授與最低權限權限,因為這些權限可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。

您無法變更受 AWS 管理策略中定義的權限。如果 AWS 更新 AWS 受管理原則中定義的權限,則此更新會影響附加原則的所有主體識別 (使用者、群組和角色)。 AWS 當新的啟動或新 AWS 服務 的 API 操作可用於現有服務時,最有可能更新 AWS 受管理策略。

如需詳細資訊,請參閱《IAM 使用者指南》中的 AWS 受管政策

本節列出各項用於管理賣家存取權的政策 AWS Marketplace。如需有關買AWS Marketplace 家政策的詳細資料,請參閱「AWS Marketplace 買家指南」中的「AWS 管理政策」。

AWS 受管理的策略:AWSMarketplaceAmiIngestion

您可以使用此原則建立服務角色,然後可以用 AWS Marketplace 來代表您執行動作。如需有關使用 AWSMarketplaceAmiIngestion 的詳細資訊,請參閱 授予AWS Marketplace存取您的 AMI

此政策用於授予參與者許可, AWS Marketplace 允許複製您的 Amazon 機器映像 (AMI) 以便在其上列出。 AWS Marketplace

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:ModifySnapshotAttribute" ], "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*" }, { "Action": [ "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeSnapshotAttribute", "ec2:ModifyImageAttribute" ], "Effect": "Allow", "Resource": "*" } ] }

AWS 受管理的策略:AWSMarketplaceFullAccess

您可將 AWSMarketplaceFullAccess 政策連接到 IAM 身分。

此政策授予管理權限,允許以賣家 AWS Marketplace 和買家身份完整存取和相關服務。這些權限包括下列功能:

  • 訂閱和取消訂閱 AWS Marketplace 軟件。

  • 從管理 AWS Marketplace 軟體執行個體 AWS Marketplace。

  • 在您的帳戶中建立和管理私人市集。

  • 提供對 Amazon EC2 和 Amazon EC2 Systems Manager 的訪問權限。 AWS CloudFormation

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:UpdateDocumentDefaultVersion", "ssm:CreateDocument", "ssm:StartAutomationExecution", "ssm:ListDocuments", "ssm:UpdateDocument", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ssm.amazonaws.com" ] } } } ] }

AWS 受管理的策略:AWSMarketplaceGetEntitlements

您可將 AWSMarketplaceGetEntitlements 政策連接到 IAM 身分。

此政策授予唯讀權限,讓軟體即服務 (SaaS) 產品銷售者檢查客戶是否已訂閱其 AWS Marketplace SaaS 產品。

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:GetEntitlements" ], "Effect": "Allow", "Resource": "*" } ] }

AWS 受管理的策略:AWSMarketplaceMeteringFullAccess

您可將 AWSMarketplaceMeteringFullAccess 政策連接到 IAM 身分。

此政策授予參與者權限,允許報告與 AMI 和容器產品相對應的計量使用情況,並具有靈活的消費定價。 AWS Marketplace

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:MeterUsage" ], "Effect": "Allow", "Resource": "*" } ] }

AWS 受管政策:AWSMarketplaceMeteringRegisterUsage

您可將 AWSMarketplaceMeteringRegisterUsage 政策連接到 IAM 身分。

此政策授與參與者權限,允許報告與容器產品對應的計量使用情況,且每小時定價為開啟。 AWS Marketplace

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:RegisterUsage" ], "Effect": "Allow", "Resource": "*" } ] }

AWS 受管理的策略:AWSMarketplaceSellerFullAccess

您可將 AWSMarketplaceSellerFullAccess 政策連接到 IAM 身分。

此政策授予管理許可,允許完全存取所有賣方操作 AWS Marketplace AWS Marketplace 管理入口網站,包括和管理 AMI 產品中使用的 Amazon EC2 AMI。

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Sid": "MarketplaceManagement", "Effect": "Allow", "Action": [ "aws-marketplace-management:uploadFiles", "aws-marketplace-management:viewMarketing", "aws-marketplace-management:viewReports", "aws-marketplace-management:viewSupport", "aws-marketplace-management:viewSettings", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "aws-marketplace:GetSellerDashboard", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Resource": "*" }, { "Sid": "AgreementAccess", "Action": [ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws-marketplace:PartyType": "Proposer" }, "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": [ "PurchaseAgreement" ] } } }, { "Sid": "IAMGetRole", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/*" }, { "Sid": "AssetScanning", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "assets.marketplace.amazonaws.com" } } }, { "Sid": "VendorInsights", "Effect": "Allow", "Action": [ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" ], "Resource": "*" }, { "Sid": "TagManagement", "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "SellerSettings", "Effect": "Allow", "Action": [ "aws-marketplace-management:GetSellerVerificationDetails", "aws-marketplace-management:PutSellerVerificationDetails", "aws-marketplace-management:GetBankAccountVerificationDetails", "aws-marketplace-management:PutBankAccountVerificationDetails", "aws-marketplace-management:GetSecondaryUserVerificationDetails", "aws-marketplace-management:PutSecondaryUserVerificationDetails", "aws-marketplace-management:GetAdditionalSellerNotificationRecipients", "aws-marketplace-management:PutAdditionalSellerNotificationRecipients" "payments:GetPaymentInstrument", "payments:CreatePaymentInstrument", "tax:GetTaxInterview", "tax:PutTaxInterview", "tax:GetTaxInfoReportingDocument" ], "Resource": "*" }, { "Sid": "Support", "Effect": "Allow", "Action": [ "support:CreateCase" ], "Resource": "*" }, { "Sid": "ResourcePolicyManagement", "Effect": "Allow", "Action": [ "aws-marketplace:GetResourcePolicy", "aws-marketplace:PutResourcePolicy", "aws-marketplace:DeleteResourcePolicy" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "CreateServiceLinkedRole", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "resale-authorization.marketplace.amazonaws.com" } } } ] }

AWS 受管政策:AWSMarketplaceSellerProductsFullAccess

您可將 AWSMarketplaceSellerProductsFullAccess 政策連接到 IAM 身分。

此政策授予參與者許可 AWS Marketplace 管理入口網站,允許完整存取管理產品以及管理 AMI 產品中使用的 Amazon EC2 AMI。

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam:::role/" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam:::role/", "Condition": { "StringEquals": { "iam:PassedToService": "assets.marketplace.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" ], "Resource": "*" } { "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ] }

AWS 受管政策:AWSMarketplaceSellerProductsReadOnly

您可將 AWSMarketplaceSellerProductsReadOnly 政策連接到 IAM 身分。

此政策授予唯讀許可,允許存取在上檢視產品 AWS Marketplace 管理入口網站,以及檢視以 AMI 為基礎的產品中使用的 Amazon EC2 AMI。

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "ec2:DescribeImages", "ec2:DescribeSnapshots" ], "Resource": "*" } { "Effect": "Allow", "Action": [ "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ] }

AWS 受管理的策略:AWSVendorInsightsVendorFullAccess

您可將 AWSVendorInsightsVendorFullAccess 政策連接到 IAM 身分。

此政策授予創建和管理 AWS Marketplace 供應商洞察的所有資源的完整訪問權限。 AWS Marketplace 就本指南而言,「供應商洞察」將評估人識別為買方,而賣方與賣方相等。 AWS Marketplace 已更新AWSVendorInsightsVendorFullAccess以新增合約搜尋、更新設定檔快照、廠商標記,以及允許唯讀存取協 AWS Artifact 力廠商報告。

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aws-marketplace:DescribeEntity", "Resource": "arn:aws:aws-marketplace:*:*:*/SaaSProduct/*" }, { "Effect": "Allow", "Action": "aws-marketplace:ListEntities", "Resource": "*" }, { "Effect": "Allow", "Action": [ "vendor-insights:CreateDataSource", "vendor-insights:UpdateDataSource", "vendor-insights:DeleteDataSource", "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:CreateSecurityProfile", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:AssociateDataSource", "vendor-insights:DisassociateDataSource", "vendor-insights:UpdateSecurityProfile", "vendor-insights:ActivateSecurityProfile", "vendor-insights:DeactivateSecurityProfile", "vendor-insights:UpdateSecurityProfileSnapshotCreationConfiguration", "vendor-insights:UpdateSecurityProfileSnapshotReleaseConfiguration", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" "vendor-insights:TagResource", "vendor-insights:UntagResource", "vendor-insights:ListTagsForResource", ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests" "aws-marketplace:CancelAgreement", "aws-marketplace:SearchAgreements" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": "VendorInsightsAgreement" } } }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports", ], "Resource": "arn:aws:artifact:*::report/*" } ] }

AWS 受管理的策略:AWSVendorInsightsVendorReadOnly

您可將 AWSVendorInsightsVendorReadOnly 政策連接到 IAM 身分。

此策略授予只讀訪問權限以查看供 AWS Marketplace 應商見解配置文件和相關資源。 AWS Marketplace 就本指南而言,「供應商洞察」將評估人識別為買方,而賣方與賣方相等。 AWS Marketplace 已更新AWSVendorInsightsVendorReadOnly以新增列出標籤的權限,並允許 AWS Artifact 第三方報表的唯讀存取權。

許可詳細資訊

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "aws-marketplace:DescribeEntity", "Resource": "arn:aws:aws-marketplace:*:*:*/SaaSProduct/*" }, { "Effect": "Allow", "Action": "aws-marketplace:ListEntities", "Resource": "*" }, { "Effect": "Allow", "Action": [ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" "vendor-insights:ListTagsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }

AWS MarketplaceAWS 受管理策略的更新

檢視 AWS Marketplace 自此服務開始追蹤這些變更以來的 AWS 受管理策略更新詳細資料。如需有關此頁面變更的自動提醒,請訂閱 AWS Marketplace 文件歷史紀錄 頁面的 RSS 摘要。

變更 描述 日期

AWSMarketplaceSellerFullAccess-更新的政策

AWS Marketplace 已更新AWSMarketplaceSellerFullAccess為新增建立服務連結角色的權限。 2024年3月15日

AWSMarketplaceSellerFullAccess-更新的政策

AWS Marketplace 已更新AWSMarketplaceSellerFullAccess為新增存取稅務資訊的權限。 2024年2月8日
AWSVendorInsightsVendorFullAccess - 更新的政策 AWS Marketplace 已更新AWSVendorInsightsVendorFullAccess以新增更新資料來源的權限。 2023 年 10 月 18 日

AWSMarketplaceSellerFullAccess-更新的政策

AWS Marketplace 已更新AWSMarketplaceSellerFullAccess為新增共用實體的權限。 2023 年 6 月 1 日

AWSMarketplaceSellerFullAccess-更新的政策

AWS Marketplace 已更新AWSMarketplaceSellerFullAccess,新增與帳戶驗證、銀行帳戶驗證、個案管理和賣家通知詳細資料相關的權限。 2023 年 6 月 1 日

AWSMarketplaceSellerFullAccess-更新的政策

AWS Marketplace 已更新AWSMarketplaceSellerFullAccess為新增存取賣家儀表板的權限。 2022 年 12 月 23 日

AWSMarketplaceSellerFullAccessAWSMarketplaceSellerProductsFullAccessAWSMarketplaceSellerProductsReadOnly— 更新至現有原則

AWS Marketplace 更新新標籤式授權功能的原則。

2022 年 12 月 9 日

AWS Marketplace 已更新 AWSVendorInsightsVendorFullAccess

AWS Marketplace 已更新AWSMarketplaceSellerProductsFullAccess以新增合約搜尋、更新設定檔快照、廠商標記,以及允許 AWS Artifact 第三方報告的唯讀存取 (預覽)。 2022 年 11 月 30 日
AWS Marketplace 已更新 AWSVendorInsightsVendorReadOnly AWS Marketplace 已更新AWSVendorInsightsVendorReadOnly以新增清單標籤的權限,並允許 AWS Artifact 第三方報表的唯讀存取權 (預覽)。 2022 年 11 月 30 日

AWSVendorInsightsVendorFullAccessAWSVendorInsightsVendorReadOnly— 增加了新的政策

AWS Marketplace 為新功能添加了政策 AWS Marketplace 供應商見解:AWSMarketplaceSellerProductsFullAccessAWSVendorInsightsVendorReadOnly 2022 年 7 月 26 日
AWSMarketplaceSellerProductsFullAccessAWSMarketplaceSellerFullAccess— 更新的政策 AWS Marketplace 新功能的更新政策 AWS Marketplace 供應商見解:AWSMarketplaceSellerProductsFullAccessAWSMarketplaceSellerFullAccess 2022 年 7 月 26 日

AWSMarketplaceSellerFullAccessAWSMarketplaceSellerProductsFullAccess— 更新現有政策

AWS Marketplace 已更新原則,使iam:PassedToService條件僅套用至iam:PassRole 2021 年 11 月 22 日

AWSMarketplaceFullAccess – 更新現有政策

AWS Marketplace 從策略中移除重複的ec2:DescribeAccountAttributesAWSMarketplaceFullAccess權限。

2021 年 7 月 20 日

AWS Marketplace 開始追蹤變更

AWS Marketplace 開始追蹤其 AWS 受管理策略的變更。

2021 年 4 月 20 日