AWS managed policies for AWS Partner Central users
An AWS managed policy is a standalone policy created and administered by AWS. AWS managed policies provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies specific to your use cases. For more information, refer to AWS managed policies.
The AWS managed policies described in this section manage AWS Partner Central users' access to AWS Marketplace. For more information about AWS Marketplace seller policies, refer to AWS managed policies for AWS Marketplace sellers.
Topics
AWS managed
policy: AWSPartnerCentralFullAccess
You can attach the AWSPartnerCentralFullAccess policy to your IAM
identities.
This policy grants full access to AWS Partner Central and related AWS services.
Permissions details
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PassAWSPartnerCentralRole", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/PartnerCentralRoleFor*", "Condition": { "StringEquals": { "iam:PassedToService": "partnercentral-account-management.amazonaws.com" } } }, { "Sid": "PartnerUserRoleAssociation", "Effect": "Allow", "Action": [ "iam:ListRoles", "Partnercentral-account-management:AssociatePartnerUser", "Partnercentral-account-management:DisassociatePartnerUser" ], "Resource": "*" }, { "Sid": "AWSPartnerCentralAccess", "Effect": "Allow", "Action": [ "partnercentral:*" ], "Resource": "*", "Condition": { "StringEquals": { "partnercentral:Catalog": [ "AWS", "Sandbox" ] } } } ] }
AWS managed policy:
PartnerCentralAccountManagementUserRoleAssociation
You can attach the PartnerCentralAccountManagementUserRoleAssociation
policy to your IAM identities. This policy is used by a partner cloud admin to manage
IAM roles linked to partner users.
This policy allows the following operations:
-
List all roles.
-
Pass an IAM role with the name prefix
PartnerCentralRoleForto the AWS Partner Central account management service. -
Associate a AWS Partner Central user with an IAM role.
-
Disassociate a AWS Partner Central user from an IAM role.
Permissions details
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PassPartnerCentralRole", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/PartnerCentralRoleFor*", "Condition": { "StringEquals": { "iam:PassedToService": "partnercentral-account-management.amazonaws.com" } } }, { "Sid": "PartnerUserRoleAssociation", "Effect": "Allow", "Action": [ "iam:ListRoles", "partnercentral-account-management:AssociatePartnerUser", "partnercentral-account-management:DisassociatePartnerUser" ], "Resource": "*" } ] }
AWS
managed policy: AWSPartnerCentralOpportunityManagement
You can attach the AWSPartnerCentralOpportunityManagement policy to your
IAM identities.
This policy grants full access to manage opportunities in AWS Partner Central.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "OpportunityManagement", "Effect": "Allow", "Action": [ "partnercentral:AcceptEngagementInvitation", "partnercentral:AssignOpportunity", "partnercentral:AssociateOpportunity", "partnercentral:CreateOpportunity", "partnercentral:DisassociateOpportunity", "partnercentral:GetAwsOpportunitySummary", "partnercentral:GetEngagementInvitation", "partnercentral:GetOpportunity", "partnercentral:ListEngagementInvitations", "partnercentral:ListOpportunities", "partnercentral:ListSolutions", "partnercentral:RejectEngagementInvitation", "partnercentral:StartEngagementByAcceptingInvitationTask", "partnercentral:StartEngagementFromOpportunityTask", "partnercentral:SubmitOpportunity", "partnercentral:UpdateOpportunity" ], "Resource": "*" }, { "Sid": "ListingAWSMarketplaceEntities", "Effect": "Allow", "Action": [ "aws-marketplace:ListEntities" ], "Resource": "*" }, { "Sid": "AWSMarketplaceOffersAccess", "Effect": "Allow", "Action": [ "aws-marketplace:DescribeEntity" ], "Resource": [ "arn:aws:aws-marketplace:*:*:AWSMarketplace/Offer/*" ] } ] }
AWS
managed policy: AWSPartnerCentralSandboxFullAccess
You can attach the AWSPartnerCentralSandboxFullAccess policy to your
IAM identities.
This policy grants access for developer testing in the Sandbox catalog.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AWSPartnerCentralSandboxAccess", "Effect": "Allow", "Action": [ "partnercentral:*" ], "Resource": "*", "Condition": { "StringEquals": { "partnercentral:Catalog": "Sandbox" } } } ] }
AWS Partner Central updates to AWS managed policies
View details about updates to AWS managed policies for AWS Partner Central since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the AWS Partner Central Document history for the AWS Partner Central Getting Started Guide page.
| Change | Description | Date |
|---|---|---|
|
AWSPartnerCentralFullAccess – New policy |
AWS Partner Central added a new policy to grant full access to the AWS Partner Central service. | November 18, 2024 |
|
AWSPartnerCentralOpportunityManagement – New policy |
AWS Partner Central added a new policy to grant full access to manage opportunities in AWS Partner Central. |
November 14, 2024 |
|
AWSPartnerCentralSandboxFullAccess – New policy |
AWS Partner Central added a new policy to grant access for developer testing in the Sandbox catalog. |
November 14, 2024 |
|
AWS Partner Central started tracking changes |
AWS Partner Central started tracking changes for its AWS managed policies. |
November 14, 2024 |
