本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS 面向 AWS Marketplace 买家的托管政策
AWS 托管策略是由创建和管理的独立策略 AWS。 AWS 托管策略旨在为许多常见用例提供权限,以便您可以开始为用户、组和角色分配权限。
请记住, AWS 托管策略可能不会为您的特定用例授予最低权限权限,因为它们可供所有 AWS 客户使用。我们建议通过定义特定于您的使用场景的客户托管式策略来进一步减少权限。
您无法更改 AWS 托管策略中定义的权限。如果 AWS 更新 AWS 托管策略中定义的权限,则更新会影响该策略所关联的所有委托人身份(用户、组和角色)。 AWS 当新服务启动或现有服务 AWS 服务 有新API操作可用时,最有可能更新 AWS 托管策略。
有关更多信息,请参阅《IAM用户指南》中的AWS 托管策略。
本部分列出了用于管理买家对 AWS Marketplace的访问的每项策略。有关卖家政策的信息,请参阅《卖家指南》中的 AWS Marketplace AWS Marketplace 卖家AWS 托管政策。
主题
- AWS 托管策略:AWSMarketplaceDeploymentServiceRolePolicy
- AWS 托管策略: AWSMarketplaceFullAccess
- AWS 托管策略: AWSMarketplaceLicenseManagementServiceRolePolicy
- AWS 托管策略: AWSMarketplaceManageSubscriptions
- AWS 托管策略: AWSMarketplaceProcurementSystemAdminFullAccess
- AWS 托管策略: AWSMarketplaceRead-仅限
- AWS 托管策略: AWSPrivateMarketplaceAdminFullAccess
- AWS 托管策略: AWSPrivateMarketplaceRequests
- AWS 托管策略: AWSServiceRoleForPrivateMarketplaceAdminPolicy
- AWS 托管策略: AWSVendorInsightsAssessorFullAccess
- AWS 托管策略: AWSVendorInsightsAssessorReadOnly
- 对 AWS 托管式策略的AWS Marketplace 更新
AWS 托管策略:AWSMarketplaceDeploymentServiceRolePolicy
你无法附着AWSMarketplaceDeploymentServiceRolePolicy在你的IAM实体上。此策略附加到允许代表您执行操作 AWS Marketplace 的服务相关角色。有关更多信息,请参阅 将服务相关角色用于 AWS Marketplace。
此策略向贡献者授予权限, AWS Marketplace 允许他们代表您管理与部署相关的参数,这些参数作为机密存储在AWS Secrets Manager中。
AWS 托管策略: AWSMarketplaceFullAccess
您可以将AWSMarketplaceFullAccess策略附加到您的IAM身份。
该政策授予管理权限,允许买家 AWS Marketplace 和卖家完全访问和相关服务。这些权限包括订阅和取消订阅软件、管理来自的 AWS Marketplace AWS Marketplace 软件实例、在您的账户中创建和管理私有市场,以及访问亚马逊EC2和Amazon S EC2 ystems Manager。 AWS Marketplace AWS CloudFormation
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:StartAutomationExecution" ], "Resource": [ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ssm.amazonaws.com" ], "iam:AssociatedResourceARN": [ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] } } } ] }
AWS 托管策略: AWSMarketplaceLicenseManagementServiceRolePolicy
你无法附着 AWSMarketplaceLicenseManagementServiceRolePolicy 在你的IAM实体上。此策略附加到允许代表您执行操作 AWS Marketplace 的服务相关角色。有关更多信息,请参阅 将服务相关角色用于 AWS Marketplace。
此政策授予贡献者权限, AWS Marketplace 允许他们代表您管理许可证。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowLicenseManagerActions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "license-manager:ListReceivedGrants", "license-manager:ListDistributedGrants", "license-manager:GetGrant", "license-manager:CreateGrant", "license-manager:CreateGrantVersion", "license-manager:DeleteGrant", "license-manager:AcceptGrant" ], "Resource": [ "*" ] } ] }
AWS 托管策略: AWSMarketplaceManageSubscriptions
您可以将AWSMarketplaceManageSubscriptions策略附加到您的IAM身份。
此策略授予参与者权限,允许订阅和取消订阅 AWS Marketplace 产品。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect": "Allow", "Resource": "*" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateListings" ] } ] }
AWS 托管策略: AWSMarketplaceProcurementSystemAdminFullAccess
您可以将AWSMarketplaceProcurementSystemAdminFullAccess策略附加到您的IAM身份。
此策略授予管理员权限,允许管理 AWS Marketplace eProcurement 集成的各个方面,包括列出组织中的账户。有关 eProcurement 集成的更多信息,请参阅AWS Marketplace 与采购系统集成。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:PutProcurementSystemConfiguration", "aws-marketplace:DescribeProcurementSystemConfiguration", "organizations:Describe*", "organizations:List*" ], "Resource": [ "*" ] } ] }
AWS 托管策略: AWSMarketplaceRead-仅限
您可以将AWSMarketplaceRead-only策略附加到您的IAM身份。
此政策授予只读权限,允许您在账户上查看产品 AWS Marketplace、私人优惠和订阅 EC2 AWS Identity and Access Management,以及查看账户中的亚马逊和亚马逊SNS资源。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Resource": "*", "Action": [ "aws-marketplace:ViewSubscriptions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateListings" ] } ] }
AWS 托管策略: AWSPrivateMarketplaceAdminFullAccess
您可以将AWSPrivateMarketplaceAdminFullAccess策略附加到您的IAM身份。
此策略授予管理员完全访问权限,允许管理您的账户(或组织)中的 Private Marketplace。有关使用多个管理员的更多信息,请参阅私有市场管理员的政策示例。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PrivateMarketplaceRequestPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": [ "*" ] }, { "Sid": "PrivateMarketplaceCatalogAPIPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet" ], "Resource": "*" }, { "Sid": "PrivateMarketplaceCatalogTaggingPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "PrivateMarketplaceOrganizationPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListParents", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Resource": "*" } ] }
AWS 托管策略: AWSPrivateMarketplaceRequests
您可以将AWSPrivateMarketplaceRequests策略附加到您的IAM身份。
此策略授予参与者权限,允许请求将产品添加到您的 Private Marketplace 及查看这些请求。这些请求必须由 Private Marketplace 管理员批准或拒绝。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": "*" } ] }
AWS 托管策略: AWSServiceRoleForPrivateMarketplaceAdminPolicy
你无法附着AWSServiceRoleForPrivateMarketplaceAdminPolicy在你的IAM实体上。此策略附加至服务相关角色,允许 AWS Marketplace
代表您执行操作。有关更多信息,请参阅 将服务相关角色用于 AWS Marketplace。
此政策授予贡献者权限,允许 AWS Marketplace 他们描述和更新私有市场(Private Marketplace)资源并进行描述 AWS Organizations。
AWS 托管策略: AWSVendorInsightsAssessorFullAccess
您可以将AWSVendorInsightsAssessorFullAccess策略附加到您的IAM身份。
此政策授予查看授权的 “ AWS Marketplace 供应商见解” 资源和管理 AWS Marketplace 供应商见解订阅的完全访问权限。这些请求必须由管理员批准或拒绝。它允许对 AWS Artifact 第三方报告进行只读访问。
AWS Marketplace Vendor Insights 确定评估者等于买方,供应商等于卖方。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "vendor-insights:GetProfileAccessTerms", "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Resource": "*" }, { "Action": [ "aws-marketplace:CreateAgreementRequest", "aws-marketplace:GetAgreementRequest", "aws-marketplace:AcceptAgreementRequest", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:SearchAgreements", "aws-marketplace:CancelAgreement" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws-marketplace:AgreementType": "VendorInsightsAgreement" } } }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS 托管策略: AWSVendorInsightsAssessorReadOnly
您可以将AWSVendorInsightsAssessorReadOnly策略附加到您的IAM身份。
此政策授予查看授权 AWS Marketplace 供应商见解资源的只读访问权限。这些请求必须由管理员批准或拒绝。它允许对中的报告进行只读访问 AWS Artifact。
请求必须由管理员批准或拒绝。它允许对 AWS Artifact 第三方报告进行只读访问。
AWS Marketplace 在本指南中,Vendor Insights将评估人确定为买方和供应商等同于卖方。
权限详细信息
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
对 AWS 托管式策略的AWS Marketplace 更新
查看 AWS Marketplace 自该服务开始跟踪这些更改以来 AWS 托管策略更新的详细信息。要获得有关此页面变更的自动提醒,请订RSS阅该 AWS Marketplace 《 AWS Marketplace 买家指南》的文档历史记录页面上的订阅源。
| 更改 | 描述 | 日期 |
|---|---|---|
已移除旧版AWSMarketplaceImageBuildFullAccess AWS Marketplace 政策 |
AWS Marketplace 已停止使用私有镜像构建交付方法,因此该AWSMarketplaceImageBuildFullAcces政策也已停止。 |
2024 年 5 月 30 日 |
| AWSServiceRoleForPrivateMarketplaceAdminPolicy— 为新功能添加了政策 AWS Marketplace | AWS Marketplace 添加了一项新政策,以支持管理 Private Marketplace 资源和描述 AWS Organizations。 | 2024 年 2 月 16 日 |
|
AWSPrivateMarketplaceAdminFullAccess - 对现有策略的更新 |
AWS Marketplace 更新了政策以支持读取 AWS Organizations 数据。 |
2024 年 2 月 16 日 |
| AWSMarketplaceDeploymentServiceRolePolicy— 为新功能添加了政策 AWS Marketplace | AWS Marketplace 添加了支持管理与部署相关的参数的新策略。 | 2023 年 11 月 29 日 |
| AWSMarketplaceRead-only 和 AWSMarketplaceManageSubscriptions— 现有政策的更新 | AWS Marketplace 更新了现有政策以允许访问私人优惠页面。 | 2023 年 1 月 19 日 |
|
AWSPrivateMarketplaceAdminFullAccess - 对现有策略的更新 |
AWS Marketplace 更新了新的基于标签的授权功能的策略。 |
2022 年 12 月 9 日 |
AWSVendorInsightsAssessorReadOnly AWS Marketplace 已更新 AWSVendorInsightsAssessorReadOnly |
AWS Marketplace 更新AWSVendorInsightsAssessorReadOnly为添加对 AWS Artifact 第三方报告中的报告的只读访问权限(预览)。 |
2022 年 11 月 30 日 |
AWSVendorInsightsAssessorFullAccess AWS Marketplace 已更新 AWSVendorInsightsAssessorFullAccess |
AWS Marketplace 更新 |
2022 年 11 月 30 日 |
|
AWSVendorInsightsAssessorFullAccess和 AWSVendorInsightsAssessorReadOnly— 中为新功能添加了政策 AWS Marketplace |
AWS Marketplace 为新功能 “ AWS Marketplace 供应商见解” 添加了政策: |
2022 年 7 月 26 日 |
|
AWSMarketplaceFullAccess以及 AWSMarketplaceImageBuildFullAccess — 对现有政策的更新 |
AWS Marketplace 删除了不再需要的权限以提高安全性。 |
2022 年 3 月 4 日 |
|
AWSPrivateMarketplaceAdminFullAccess – 现有策略更新 |
AWS Marketplace 已删除 |
2021 年 8 月 27日 |
|
AWSMarketplaceFullAccess – 更新到现有策略 |
AWS Marketplace 从 |
2021 年 7 月 20 日 |
|
AWS Marketplace 开始跟踪更改 |
AWS Marketplace 开始跟踪其 AWS 托管策略的更改。 |
2021 年 4 月 20 日 |
