Product setup guidelines Customer information requirements Product usage guidelines Architecture guidelines

SaaS product guidelines for AWS Marketplace

AWS Marketplace maintains the following guidelines for all software as a service (SaaS) products and offerings on AWS Marketplace to promote a safe, secure, and trustworthy platform for our customers. The following sections provide guidelines for SaaS products on AWS Marketplace.

All products and their related metadata are reviewed when submitted to ensure that they meet or exceed current AWS Marketplace guidelines. These guidelines are reviewed and adjusted to meet our evolving security requirements. In addition, AWS Marketplace continuously reviews products to verify that they meet any changes to these guidelines. If products fall out of compliance, we might require that you update your product and in some cases your product might temporarily be unavailable to new subscribers until issues are resolved.

Product setup guidelines

All SaaS products must adhere to the following product setup guidelines:

At least one pricing dimension must have a price greater than $0.00.
All pricing dimensions must relate to actual software and cannot include any other products or services unrelated to the software.
SaaS products offered exclusively in the AWS GovCloud (US) Regions must include GovCloud somewhere in the product title.

Customer information requirements

All SaaS products must adhere to the following customer information requirements:

SaaS products must be billed entirely through the listed dimensions on AWS Marketplace.
You cannot collect customer payment information for your SaaS product at any time, including credit card and bank account information.

Product usage guidelines

All SaaS products must adhere to the following product usage guidelines:

After subscribing to the product in AWS Marketplace, customers should be able to create an account within your SaaS application and gain access to a web console. If the customer cannot gain access to the application immediately, you must provide a message with specific instructions on when they will gain access. When an account has been created, the customer must be sent a notification confirming that their account has been created along with clear next steps.
If a customer already has an account in the SaaS application, they must have the ability to log in from the fulfillment landing page.
Customers must be able to see the status of their subscription within the SaaS application, including any relevant contract or subscription usage information.
Customers must be able to easily get help with issues such as: using the application, troubleshooting, and requesting refunds (if applicable). Support contact options must be specified on the fulfillment landing page.
Product software and metadata must not contain language that redirects users to other cloud platforms, additional products, upsell services, or free trial offers that aren't available on AWS Marketplace.

For information about free trials for SaaS products, see Creating a SaaS free trial offer in AWS Marketplace.
If your product is an add-on to another product or another ISV’s product, your product description must indicate that it extends the functionality of the other product and that without it, your product has very limited utility. For example, This product extends the functionality of <product name> and without it, this product has very limited utility. Please note that <product name> might require its own license for full functionality with this listing.

Architecture guidelines

The following topics list and describe the architecture guidelines for SaaS products.

Topics

Guidelines effective May 1, 2025
Current guidelines

Guidelines effective May 1, 2025

Note

The following guidelines go into effect on May 1, 2025 at midnight UTC.

You can publish all SaaS architectures. However, for AWS Marketplace to consider your product as deployed on AWS, your SaaS application must conform to one of the AWS hosting patterns listed below. Products that are deployed on AWS receive a special designation in the AWS Marketplace search results, and in their product details pages.
- The SaaS product runs entirely on AWS, including the application and control planes. The application plane can run in the seller's AWS account, the buyer's AWS account, or both. The SaaS application can use content delivery networks (CDNs), domain name systems (DNSs), and corporate identity providers (IdPs) from other providers.
- The product is specifically designed to collect data, replicate data, or migrate workloads from outside AWS to AWS. Except for clients and gateways running outside of AWS, the application and control planes must run on AWS. AWS must be the only available target. If the product also supports replication to environments outside of AWS, you must remove that capability and publish a separate product with that capability. AWS Marketplace won't consider that second product as deployed on AWS.
Applications that require resources in the buyer's infrastructure must follow these guidelines:
- Your control plane—as defined in the SaaS Architecture Fundamentals AWS Whitepaper—must reside in infrastructure that you manage for your product to be considered a SaaS product and not a managed service. For more information, see the SaaS vs. Managed Service Provider whitepaper.
- In the product description, you must notify customers that if they incur AWS infrastructure charges separate from their AWS Marketplace transaction, they must pay those charges.
- You must provision resources in a secure way, such as using the AWS Security Token Service (AWS STS) or AWS Identity and Access Management (IAM).
- Any permissions granted to your application must be least-privileged.
- You must provide additional documentation that describes all provisioned AWS services, IAM policy statements, and how an IAM role or user is deployed and used in the customer's account.
- You must provide instructions or deployment templates that enable buyers to deploy the required resources in their AWS accounts.
- If you provide AWS CloudFormation templates (CFTs) for deploying resources to the buyer's AWS account, they must comply with AWS Marketplace policies for CFTs. You must publish those CFTs as part of your SaaS listing by following the method provided when you enable the SaaS Quick Launch deployment option for your buyers. SaaS Quick Launch makes it easier for your buyers to configure your SaaS solution.
- If Amazon Machine Images (AMIs) are deployed into the buyer's AWS account, they must comply with AWS Marketplace policies for AMIs. Your AMIs must pass the AMI scanner in the AWS Marketplace Management Portal (seller portal). When requesting your product to be public, you must also contact AWS Marketplace operations and provide proof of scan results.
- If container images are deployed into a buyer's AWS account, the images must comply with AWS Marketplace policies for containers. Your container images can be hosted outside of AWS, but they must be scanned in Amazon Elastic Container Registry (Amazon ECR) and be free of critical vulnerabilities. When requesting your product to be public, you must also contact AWS Marketplace operations and provide proof that the container passed the scan.
Successfully call the AWS Marketplace APIs from the AWS account that registered as a provider and submitted the SaaS publishing request. The SaaS pricing model determines which APIs should be called:
- SaaS contracts – GetEntitlements in the AWS Marketplace Entitlement Service.
- SaaS contracts with consumption – GetEntitlements in the AWS Marketplace Entitlement Service and BatchMeterUsage in the AWS Marketplace Metering Service.
- SaaS subscriptions – BatchMeterUsage in the AWS Marketplace Metering Service.
SaaS products offered exclusively in the AWS GovCloud (US) Regions must explain the architectural boundaries between other AWS Regions and the AWS GovCloud (US) Regions, use cases for the product, and the workloads not recommended for the product.

Current guidelines

All SaaS products must adhere to the following architecture guidelines:

A portion of your application must be hosted in an AWS account that you own.
All application components should be hosted in infrastructure you manage. Applications that require additional resources in the customer’s infrastructure must follow these guidelines:
- Provision resources in a secure way, such as using the AWS Security Token Service (AWS STS) or AWS Identity and Access Management (IAM).
- Provide additional documentation, including a description of all provisioned AWS services, IAM policy statements, and how an IAM role or user is deployed and used in the customer’s account.
- Include a notification in the product description that explains that if the customer incurs additional AWS infrastructure charges separate from their AWS Marketplace transaction, they're responsible for paying the additional infrastructure charges.
- If your product deploys an agent, you must provide instructions to the customer that describe how to deploy it in their AWS account.
- Applications that require resources running in the customer's infrastructure will have an additional review by AWS Marketplace, which can take 2-4 weeks.
Successfully call the AWS Marketplace APIs from the AWS account that registered as a provider and submitted the SaaS publishing request. The SaaS pricing model determines which APIs should be called:
- SaaS contracts – GetEntitlements in the AWS Marketplace Entitlement Service.
- SaaS contracts with consumption – GetEntitlements in the AWS Marketplace Entitlement Service and BatchMeterUsage in the AWS Marketplace Metering Service.
- SaaS subscriptions – BatchMeterUsage in the AWS Marketplace Metering Service.
SaaS products offered exclusively in the AWS GovCloud (US) Regions must explain the architectural boundaries between other AWS Regions and the AWS GovCloud (US) Regions, use cases for the product, and the workloads not recommended for the product.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Planning your SaaS product

SaaS product pricing