用于配置和启动产品的服务相关角色 AWS Marketplace - AWS Marketplace

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

用于配置和启动产品的服务相关角色 AWS Marketplace

AWS Marketplace 使用名为的服务相关角色AWSServiceRoleForMarketplaceDeployment AWS Marketplace 来允许代表您管理与部署相关的参数,这些参数作为密钥存储在AWS Secrets Manager中。卖家可以在 AWS CloudFormation 模板中引用这些秘密,您可以在配置启用了 Quick Launch 的产品时启动这些模板 AWS Marketplace。

AWSServiceRoleForMarketplaceDeployment服务相关角色信任以下服务来代入该角色:

  • deployment.marketplace.amazonaws.com

使用名为的角色权限策略AWSMarketplaceDeploymentServiceRolePolicy AWS Marketplace 允许对您的资源完成操作。

注意

有关 AWS Marketplace 托管政策的更多信息,请参阅AWS Marketplace 买家AWS托管政策

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "ManageMarketplaceDeploymentSecrets",
			"Effect": "Allow",
			"Action": [
				"secretsmanager:CreateSecret",
				"secretsmanager:PutSecretValue",
				"secretsmanager:DescribeSecret",
				"secretsmanager:DeleteSecret",
				"secretsmanager:RemoveRegionsFromReplication"
			],
			"Resource": [
				"arn:aws:secretsmanager:*:*:secret:marketplace-deployment*!*"
			],
			"Condition": {
				"StringEquals": {
					"aws:ResourceAccount": "${aws:PrincipalAccount}"
				}
			}
		},
		{
			"Sid": "ListSecrets",
			"Effect": "Allow",
			"Action": [
				"secretsmanager:ListSecrets"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "TagMarketplaceDeploymentSecrets",
			"Effect": "Allow",
			"Action": [
				"secretsmanager:TagResource"
			],
			"Resource": "arn:aws:secretsmanager:*:*:secret:marketplace-deployment!*",
			"Condition": {
				"Null": {
					"aws:RequestTag/expirationDate": "false"
				},
				"ForAllValues:StringEquals": {
					"aws:TagKeys": [
						"expirationDate"
					]
				},
				"StringEquals": {
					"aws:ResourceAccount": "${aws:PrincipalAccount}"
				}
			}
		}
	]
}

您必须配置允许用户、组或角色创建、编辑或删除服务相关角色的权限。有关更多信息,请参阅《IAM用户指南》中的服务相关角色权限