AWS Marketplace has several managed policies you can use with the AWS Marketplace Management Portal. In addition, you can use individual permissions to create your own AWS Identity and Access Management (IAM) policy.
You can also provide fine-grained access to the AWS Marketplace Management Portal for the Settings, Contact Us, File Upload, and Insights tabs. Fine-grained access enables you to do the following:
For more information about policies and permissions in AWS Data Exchange for data products, see Identity and Access Management in AWS Data Exchange in the AWS Data Exchange User Guide.
For more information about policies and permissions for AWS Marketplace buyers, see Controlling access to AWS Marketplace subscriptions in the AWS Marketplace Buyer Guide.
You can use the following managed policies to provide users with controlled access to the AWS Marketplace Management Portal:
AWSMarketplaceSellerFullAccessAllows full access to all of the pages in the AWS Marketplace Management Portal and other AWS services, such as Amazon Machine Image (AMI) management.
AWSMarketplaceSellerProductsFullAccess
Allows full access to the Products pages in the AWS Marketplace Management Portal.
AWSMarketplaceSellerProductsReadOnly
Allows read-only access to the Products pages in the AWS Marketplace Management Portal.
AWS Marketplace buyers can use managed policies to manage the subscriptions they purchase. The names of the managed policies that you use with AWS Marketplace Management Portal start with AWSMarketplaceSeller . When you search for policies in IAM, make sure to search for policy names that start with AWSMarketplaceSeller .
AWS Marketplace also provides specialized managed policies for specific scenarios. For a full list of AWS managed policies for AWS Marketplace sellers and descriptions of what permissions they provide, see AWS managed policies for AWS Marketplace sellers.
You can use the following permissions in IAM policies for the AWS Marketplace Management Portal:
aws-marketplace-management:PutSellerVerificationDetailsAllows access to start the Know Your Customer (KYC) process.
aws-marketplace-management:GetSellerVerificationDetails
Allows access to view the KYC status in the AWS Marketplace Management Portal.
aws-marketplace-management:PutBankAccountVerificationDetails
Allows access to start the bank account verification process.
aws-marketplace-management:GetBankAccountVerificationDetails
Allows access to view the bank account verification status in the AWS Marketplace Management Portal.
aws-marketplace-management:PutSecondaryUserVerificationDetails
Allows access to add secondary users in the AWS Marketplace Management Portal.
aws-marketplace-management:GetSecondaryUserVerificationDetails
Allows access to view the secondary user status in the AWS Marketplace Management Portal.
aws-marketplace-management:GetAdditionalSellerNotificationRecipients
Allows access to view email contacts for AWS Marketplace notifications.
aws-marketplace-management:PutAdditionalSellerNotificationRecipients
Allows access to update email contacts for AWS Marketplace notifications.
tax:PutTaxInterview
Allows access to take the tax interview in the AWS Marketplace Management Portal.
tax:GetTaxInterview
Allows access to view the tax interview status in the AWS Marketplace Management Portal.
tax:GetTaxInfoReportingDocument
Allows AWS Marketplace sellers to view and download tax documents (for example, 1099-K forms) from the Tax dashboard
payments:CreatePaymentInstrument
Allows access to add a bank account to the AWS Marketplace Management Portal.
payments:GetPaymentInstrument
Allows access to view existing bank accounts in the AWS Marketplace Management Portal.
aws-marketplace:ListTasks
Allows access to view a list of tasks pending seller action.
aws-marketplace:DescribeTask
Allows access to view the details of any tasks pending seller action.
aws-marketplace:UpdateTask
Allows access to edit a task pending seller action.
aws-marketplace:CompleteTask
Allows access to submit edits made to a task pending seller action.
support:CreateCaseAllows access to create an AWS Marketplace case within the AWS Marketplace Management Portal.
aws-marketplace-management:viewSupport
Allows access to the Customer Support Eligibility page in the AWS Marketplace Management Portal.
aws-marketplace-management:viewReports
Allows access to the Reports page in the AWS Marketplace Management Portal.
aws-marketplace:ListEntities
Allows access to list objects in AWS Marketplace Management Portal. Required to access the File Upload , Offers and Partners pages in the AWS Marketplace Management Portal.
To allow access to view the Settings tab, you can use this permission, the ListEntity permission, and the following Amazon Resource Name (ARN): arn: < partition>: < aws-marketplace>: < region>: < account-id>:AWSMarketplace/Seller/ < entity-id>.
aws-marketplace:DescribeEntityAllows access to view details of objects in AWS Marketplace Management Portal. Required to access the File Upload , Offers , Partners , and Agreements pages in the AWS Marketplace Management Portal.
To allow access to view the Settings tab, you can use this permission, the DescribeEntity permission, and the following ARN: arn: < partition>: < aws-marketplace>: < region>: < account-id>:AWSMarketplace/Seller/* .
aws-marketplace:StartChangeSetAllows access to create product changes in AWS Marketplace Management Portal. Required to make changes in the File Upload , Offers , Partners , and Agreements pages in the AWS Marketplace Management Portal.
To allow access to register as a seller in AWS Marketplace, you can use this permission, the catalog:ChangeType: "CreateSeller" condition key, and the following ARN: arn: < partition>: < aws-marketplace>: < region>: < account-id>:AWSMarketplace/Seller/ < entity-id>.
To allow access to update the seller profile in AWS Marketplace, you can use this permission, the catalog:ChangeType: "UpdateInformation" condition key, and the following ARN: arn: < partition>: < aws-marketplace>: < region>: < account-id>:AWSMarketplace/Seller/ < entity-id>.
To allow access to update disbursement preferences for Amazon Web Services, you can use this permission, the catalog:ChangeType: "UpdateDisbursementPreferences" condition key, and the following ARN: arn: < partition>: < aws-marketplace>: < region>: < account-id>:AWSMarketplace/Seller/ < entity-id>.
aws-marketplace:SearchAgreementsAllows viewing the high-level list of agreements on the Agreements page, and opportunities between ISVs and channel partners on the Partners page.
aws-marketplace:DescribeAgreement
Allows viewing of high-level agreement details on the Agreements page, and opportunities between ISVs and channel partners on the Partners page.
aws-marketplace:GetAgreementTerms
Allows viewing all agreement term details on the Agreements page, and opportunities between ISVs and channel partners on the Partners page.
aws-marketplace:GetSellerDashboard
Allows access to the dashboards on the Insights page in the AWS Marketplace Management Portal.
To enable a user to access the Manage Products page, you must use either the AWSMarketplaceSellerProductsFullAccess or AWSMarketplaceSellerProductsReadOnly managed permissions.
You can combine the preceding permissions into a single IAM policy to grant the permissions that you want. See the following examples.
To grant permissions to view KYC status in the AWS Marketplace Management Portal, use a policy similar to the following example.
To grant permissions to view the KYC status in the AWS Marketplace Management Portal, use a policy similar to the following example.
"Version": "2012-10-17", "Statement": [ "Effect": "Allow", "Action": [ "aws-marketplace-management:GetSellerVerificationDetails" ], "Resource": ["*"] >] > To grant permissions to view and use the Agreements page to create upgrades and renewals for private offers, use a policy similar to the following example.
"Version": "2012-10-17", "Statement": [ "Action": [ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet" ], "Effect": "Allow", "Resource": "*", "Condition": "StringEquals": "aws-marketplace:PartyType": "Proposer" >, "ForAllValues:StringEquals": "aws-marketplace:AgreementType": [ "PurchaseAgreement" ] > > > ] > To grant permissions to view and use the Offers page to view existing private offers and create private offers, use a policy similar to the following example.
"Version": "2012-10-17", "Statement": [ "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet" ], "Effect": "Allow", "Resource": "*", > ] > To grant permissions to view and use the Settings page, use a policy similar to the following example.
"Version": "2012-10-17", "Statement": [ "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet" ], "Effect": "Allow", "Resource": "arn:partition>:aws-marketplace>:region>:account-id>:AWSMarketplace/Seller/*", > ] >To grant permissions to view and use the File Upload page, use a policy similar to the following example.
"Version": "2012-10-17", "Statement": [ "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet" ], "Effect": "Allow", "Resource": "*", > ] >Alternatively, you can create separate IAM groups for granting access to each individual page in the AWS Marketplace Management Portal. Users can belong to more than one group. So, if a user needs access to more than one page, you can add the user to all of the appropriate groups. For example, create one IAM group and grant that group permission to access the Insights page, create another group and grant that group permission to access the File Upload page, and so on. If a user needs permission to access both the Insights page and the File Upload page, add the user to both groups.
For more information about users and groups, see IAM Identities (users, groups, and roles) in the IAM User Guide.