用于配置和启动产品的服务相关角色 AWS Marketplace - AWS Marketplace

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

用于配置和启动产品的服务相关角色 AWS Marketplace

AWS Marketplace 使用名为的服务相关角色AWSServiceRoleForMarketplaceDeployment AWS Marketplace 来允许代表您管理与部署相关的参数,这些参数作为密钥存储在AWS Secrets Manager中。卖家可以在 AWS CloudFormation 模板中引用这些秘密,您可以在配置启用了 Quick Launch 的产品时启动这些模板 AWS Marketplace。

AWSServiceRoleForMarketplaceDeployment 服务相关角色信任以下服务代入该角色:

  • deployment.marketplace.amazonaws.com

AWSMarketplaceDeploymentServiceRolePolicy允许 AWS Marketplace 对您的资源完成以下操作。

注意

有关 AWS Marketplace 托管政策的更多信息,请参阅AWS Marketplace 买家AWS托管政策

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ManageMarketplaceDeploymentSecrets", "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:PutSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:RemoveRegionsFromReplication" ], "Resource": [ "arn:aws:secretsmanager:*:*:secret:marketplace-deployment*!*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "ListSecrets", "Effect": "Allow", "Action": [ "secretsmanager:ListSecrets" ], "Resource": [ "*" ] }, { "Sid": "TagMarketplaceDeploymentSecrets", "Effect": "Allow", "Action": [ "secretsmanager:TagResource" ], "Resource": "arn:aws:secretsmanager:*:*:secret:marketplace-deployment!*", "Condition": { "Null": { "aws:RequestTag/expirationDate": "false" }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "expirationDate" ] }, "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] }

您必须配置允许用户、组或角色创建、编辑或删除服务相关角色的权限。有关更多信息,请参阅《IAM用户指南》中的服务相关角色权限