Mapping AWS Partner Central users to AWS Marketplace IAM roles - AWS Partner Central

Mapping AWS Partner Central users to AWS Marketplace IAM roles

This section explains how to map AWS Partner Central users to AWS Marketplace AWS Identity and Access Management (IAM) roles. Mapping enables single sign-on access for users across AWS Partner Central and AWS Marketplace and other features such as product linking and offer linking.

Before mapping, you must first complete the following:

To map IAM roles to your AWS Partner Central users, you must create IAM roles with the permissions you want to provide to your users. For cloud admin users, you can only map the cloud admin IAM role created in your account during the account linking process. You can create one or multiple IAM roles to be associated with your AWS Partner Central users. The IAM roles must be configured with names starting with PartnerCentralRoleFor. When mapping IAM roles to AWS Partner Central users, you cannot choose an IAM role that does not start with PartnerCentralRoleFor to map.

You can attach custom or managed policies to the IAM role. You can attach the AWS Marketplace managed policies such as AWSMarketplaceSellerFullAccess to the IAM roles and provide access to your AWS Partner Central users. For more information about creating roles, refer to Creating an IAM role (console).

Connecting ACE opportunities with AWS Marketplace private offers

To enable ACE users to attach AWS Marketplace private offers to ACE opportunities, map them to an AWS Marketplace IAM role in AWS Partner Central.

Prerequisites

Complete the following before mapping users to AWS Marketplace IAM roles:

  • When you link an AWS Marketplace account to AWS Partner Central, provide AWSMarketplaceSellerFullAccess or, minimally, ListEntities/SearchAgreements to the IAM role assigned to ACE users. This is required to enable ACE users to attach AWS Marketplace private offers to ACE opportunities.

  • (Optional) To grant minimal permission, add a customer managed policy to your AWS account and to the IAM role you create for ACE managers and users. Refer to the following policy as an example:

    { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws-marketplace:PartyType": "Proposer" }, "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": [ "PurchaseAgreement" ] } } } ] }

Mapping users to AWS Marketplace IAM roles

Use the procedures in this section to map and unmap AWS Partner Central users to AWS Marketplace IAM roles.

To map an AWS Partner Central user to an AWS Marketplace IAM role
  1. Sign in to AWS Partner Central as a user with the alliance lead or cloud admin role.

  2. In the Account linking section of the AWS Partner Central homepage, choose Manage linked account.

  3. In the Non-cloud admin users section of the Account Linking page, choose a user.

  4. Choose Map to IAM role.

  5. Choose an IAM role from the dropdown list.

  6. Choose Map role.

To ummap an AWS Partner Central user from an AWS Marketplace IAM role.
  1. Sign in to AWS Partner Central as a user with the alliance lead or cloud admin role.

  2. In the Account linking section of the AWS Partner Central homepage, choose Manage linked account.

  3. In the Non-cloud admin users section of the Account Linking page, choose the user you want to unmap.

  4. Choose Unmap role.