本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS 買方的 AWS Marketplace 受管政策
AWS 受管政策是由 AWS AWS .managed 政策建立和管理的獨立政策旨在為許多常見使用案例提供許可,以便您可以開始將許可指派給使用者、群組和角色。
請記住, AWS 受管政策可能不會授予特定使用案例的最低權限許可,因為這些許可可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。
您無法變更 AWS 受管政策中定義的許可。如果 AWS 更新受管政策中 AWS 定義的許可,則更新會影響政策連接的所有主體身分 (使用者、群組和角色)。 AWS 最有可能在 AWS 服務 啟動新的 或現有 服務可用的新API操作時更新受 AWS 管政策。
如需詳細資訊,請參閱 IAM 使用者指南 中的 AWS 受管政策。
本節列出用於管理買方對 存取權的每個政策 AWS Marketplace。如需賣方政策的相關資訊,請參閱AWS Marketplace 賣方指南 中的AWSAWS Marketplace 賣方受管政策。
主題
- AWS 受管政策:AWSMarketplaceDeploymentServiceRolePolicy
- AWS 受管政策:AWSMarketplaceFullAccess
- AWS 受管政策:AWSMarketplaceLicenseManagementServiceRolePolicy
- AWS 受管政策:AWSMarketplaceManageSubscriptions
- AWS 受管政策:AWSMarketplaceProcurementSystemAdminFullAccess
- AWS 受管政策:AWSMarketplaceRead-only
- AWS 受管政策:AWSPrivateMarketplaceAdminFullAccess
- AWS 受管政策:AWSPrivateMarketplaceRequests
- AWS 受管政策:AWSServiceRoleForPrivateMarketplaceAdminPolicy
- AWS 受管政策:AWSVendorInsightsAssessorFullAccess
- AWS 受管政策:AWSVendorInsightsAssessorReadOnly
- AWS 受管政策:AWSServiceRoleForProcurementInsightsPolicy
- AWS Marketplace 受管政策的 AWS 更新
AWS 受管政策:AWSMarketplaceDeploymentServiceRolePolicy
您無法AWSMarketplaceDeploymentServiceRolePolicy連接至IAM實體。此政策會連接至服務連結角色, AWS Marketplace 允許 代表您執行動作。如需詳細資訊,請參閱使用 AWS Marketplace的服務連結角色。
此政策會授予貢獻者許可, AWS Marketplace 允許AWS Secrets Manager代表您管理部署相關參數,這些參數會作為秘密存放在 中。
AWS 受管政策:AWSMarketplaceFullAccess
您可以將AWSMarketplaceFullAccess政策連接至身分IAM。
此政策授予管理許可,允許以買方和賣方身分完整存取 AWS Marketplace 和 相關服務。這些許可包括訂閱和取消訂閱 AWS Marketplace 軟體、從 管理 AWS Marketplace 軟體執行個體 AWS Marketplace、在帳戶中建立和管理私有市集,以及存取 Amazon EC2 AWS CloudFormation、 和 Amazon EC2 Systems Manager 的功能。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:StartAutomationExecution" ], "Resource": [ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ssm.amazonaws.com" ], "iam:AssociatedResourceARN": [ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] } } } ] }
AWS 受管政策:AWSMarketplaceLicenseManagementServiceRolePolicy
您無法AWSMarketplaceLicenseManagementServiceRolePolicy連接至IAM實體。此政策會連接至服務連結角色, AWS Marketplace 允許 代表您執行動作。如需詳細資訊,請參閱使用 AWS Marketplace的服務連結角色。
此政策會授予貢獻者許可, AWS Marketplace 允許 代表您管理授權。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowLicenseManagerActions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "license-manager:ListReceivedGrants", "license-manager:ListDistributedGrants", "license-manager:GetGrant", "license-manager:CreateGrant", "license-manager:CreateGrantVersion", "license-manager:DeleteGrant", "license-manager:AcceptGrant" ], "Resource": [ "*" ] } ] }
AWS 受管政策:AWSMarketplaceManageSubscriptions
您可以將AWSMarketplaceManageSubscriptions政策連接至身分IAM。
此政策授予貢獻者許可,允許訂閱和取消訂閱 AWS Marketplace 產品。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect": "Allow", "Resource": "*" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateListings" ] } ] }
AWS 受管政策:AWSMarketplaceProcurementSystemAdminFullAccess
您可以將AWSMarketplaceProcurementSystemAdminFullAccess政策連接至身分IAM。
此政策授予管理員許可,允許管理 eProcurement 整合的所有層面 AWS Marketplace ,包括列出組織中的帳戶。如需 eProcurement 整合的詳細資訊,請參閱 AWS Marketplace 與採購系統整合 。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:PutProcurementSystemConfiguration", "aws-marketplace:DescribeProcurementSystemConfiguration", "organizations:Describe*", "organizations:List*" ], "Resource": [ "*" ] } ] }
AWS 受管政策:AWSMarketplaceRead-only
您可以將AWSMarketplaceRead-only政策連接至身分IAM。
此政策授予唯讀許可,允許在 上檢視您帳戶的產品、私有優惠和訂閱 AWS Marketplace,以及檢視帳戶中的 Amazon AWS Identity and Access Management EC2、 和 Amazon SNS 資源。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Resource": "*", "Action": [ "aws-marketplace:ViewSubscriptions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateListings" ] } ] }
AWS 受管政策:AWSPrivateMarketplaceAdminFullAccess
您可以將AWSPrivateMarketplaceAdminFullAccess政策連接至身分IAM。
此政策授予管理員許可,允許完全存取以管理您帳戶 (或組織) 中的私有市集。如需使用多個管理員的詳細資訊,請參閱 私人市集管理員的範例政策。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PrivateMarketplaceRequestPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": [ "*" ] }, { "Sid": "PrivateMarketplaceCatalogAPIPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet" ], "Resource": "*" }, { "Sid": "PrivateMarketplaceCatalogTaggingPermissions", "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Sid": "PrivateMarketplaceOrganizationPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListParents", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Resource": "*" } ] }
AWS 受管政策:AWSPrivateMarketplaceRequests
您可以將AWSPrivateMarketplaceRequests政策連接至身分IAM。
此政策授予貢獻者許可,允許將請求產品新增至您的私有市集,以及檢視這些請求。這些請求必須由私有市場管理員核准或拒絕。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": "*" } ] }
AWS 受管政策:AWSServiceRoleForPrivateMarketplaceAdminPolicy
您無法AWSServiceRoleForPrivateMarketplaceAdminPolicy連接至IAM實體。此政策會連接到服務連結角色,而此角色可讓 AWS Marketplace
代表您執行動作。如需詳細資訊,請參閱使用 AWS Marketplace的服務連結角色。
此政策會授予貢獻者許可, AWS Marketplace 允許 描述和更新 Private Marketplace 資源,以及描述 AWS Organizations。
AWS 受管政策:AWSVendorInsightsAssessorFullAccess
您可以將AWSVendorInsightsAssessorFullAccess政策連接至身分IAM。
此政策授予檢視具備權限的 AWS Marketplace Vendor Insights 資源和管理 AWS Marketplace Vendor Insights 訂閱的完整存取權。這些請求必須由管理員核准或拒絕。它允許唯讀存取 AWS Artifact 第三方報告。
AWS Marketplace Vendor Insights 識別評估者等於買方,而供應商等於賣方。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "vendor-insights:GetProfileAccessTerms", "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Resource": "*" }, { "Action": [ "aws-marketplace:CreateAgreementRequest", "aws-marketplace:GetAgreementRequest", "aws-marketplace:AcceptAgreementRequest", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:SearchAgreements", "aws-marketplace:CancelAgreement" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws-marketplace:AgreementType": "VendorInsightsAgreement" } } }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS 受管政策:AWSVendorInsightsAssessorReadOnly
您可以將AWSVendorInsightsAssessorReadOnly政策連接至身分IAM。
此政策會授予唯讀存取權,以檢視具備權限的 AWS Marketplace Vendor Insights 資源。這些請求必須由管理員核准或拒絕。它允許唯讀存取 中的報告 AWS Artifact。
請求必須由管理員核准或拒絕。它允許唯讀存取 AWS Artifact 第三方報告。
AWS Marketplace Vendor Insights 將評估者識別為買方,而廠商在本指南中等於賣方。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Resource": "*" }, { "Effect": "Allow",/ "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Resource": "arn:aws:artifact:*::report/*" } ] }
AWS 受管政策:AWSServiceRoleForProcurementInsightsPolicy
您可以將AWSServiceRoleForProcurementInsightsPolicy政策連接至身分IAM。
此政策會授予對 AWS 組織中資源資料的AWSServiceRoleForProcurementInsightsPolicy存取權。。 AWS Marketplace 會使用資料來填入採購洞察儀表板 。儀表板可讓具有管理帳戶的買方檢視組織中所有帳戶的所有協議。
許可詳細資訊
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ProcurementInsightsPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Resource": [ "*" ] } ] }
AWS Marketplace 受管政策的 AWS 更新
檢視自此服務開始追蹤這些變更 AWS Marketplace 以來, 受 AWS 管政策更新的詳細資訊。如需此頁面變更的自動提醒,請訂閱頁面上 AWS Marketplace AWS Marketplace 買方指南的文件歷史記錄的RSS摘要。
| 變更 | 描述 | 日期 |
|---|---|---|
| 已新增 AWSServiceRoleForProcurementInsightsPolicy。 | AWS Marketplace 已新增存取和描述 Organizations 中資料的新政策。 AWS Marketplace 會使用資料填入採購洞察儀表板 。 | 2024 年 10 月 3 日 |
已移除舊版AWSMarketplaceImageBuildFullAccess AWS Marketplace 政策 |
AWS Marketplace 已停止 Private Image Build 交付方法,因此AWSMarketplaceImageBuildFullAcces政策也已停止。 |
2024 年 5 月 30 日 |
| AWSServiceRoleForPrivateMarketplaceAdminPolicy – 新增 中新功能的政策 AWS Marketplace | AWS Marketplace 已新增支援管理 Private Marketplace 資源和描述 的新政策 AWS Organizations。 | 2024 年 2 月 16 日 |
|
AWSPrivateMarketplaceAdminFullAccess – 更新現有政策 |
AWS Marketplace 已更新政策以支援讀取 AWS Organizations 資料。 |
2024 年 2 月 16 日 |
| AWSMarketplaceDeploymentServiceRolePolicy – 新增 中新功能的政策 AWS Marketplace | AWS Marketplace 新增了支援管理部署相關參數的新政策。 | 2023 年 11 月 29 日 |
| AWSMarketplaceRead僅限 和 AWSMarketplaceManageSubscriptions 現有政策的更新 | AWS Marketplace 已更新現有政策,以允許存取 Private Offer 頁面。 | 2023 年 1 月 19 日 |
|
AWSPrivateMarketplaceAdminFullAccess – 更新現有政策 |
AWS Marketplace 已更新新標籤型授權功能的政策。 |
2022 年 12 月 9 日 |
AWSVendorInsightsAssessorReadOnly AWS Marketplace 已更新 AWSVendorInsightsAssessorReadOnly |
AWS Marketplace 已更新AWSVendorInsightsAssessorReadOnly,以新增 AWS Artifact 第三方報告 (預覽) 中報告的唯讀存取權。 |
2022 年 11 月 30 日 |
AWSVendorInsightsAssessorFullAccess AWS Marketplace 已更新 AWSVendorInsightsAssessorFullAccess |
AWS Marketplace 更新 |
2022 年 11 月 30 日 |
|
AWSVendorInsightsAssessorFullAccess 和 AWSVendorInsightsAssessorReadOnly – 新增 中新功能的政策 AWS Marketplace |
AWS Marketplace 已新增新功能 AWS Marketplace Vendor Insights 的政策: |
2022 年 7 月 26 日 |
|
AWSMarketplaceFullAccess 和 AWSMarketplaceImageBuildFullAccess – 現有政策的更新 |
AWS Marketplace 已移除不再需要的許可,以改善安全性。 |
2022 年 3 月 4 日 |
|
AWSPrivateMarketplaceAdminFullAccess – 更新現有政策 |
AWS Marketplace 已移除 |
2021 年 8 月 27 日 |
|
AWSMarketplaceFullAccess – 更新現有政策 |
AWS Marketplace 已從 |
2021 年 7 月 20 日 |
|
AWS Marketplace 已開始追蹤變更 |
AWS Marketplace 已開始追蹤其 AWS 受管政策的變更。 |
2021 年 4 月 20 日 |
