AWS Security ChangesHomeSearch

AWS marketplace high security documentation change

Service: marketplace · 2025-05-10 · Security-related high

File: marketplace/latest/userguide/custom-metering-with-mp-metering-service.md

Summary

Added note requiring use of temporary AWS credentials via IAM roles for EC2 instances in AMI-based products with custom metering, explicitly prohibiting long-term access keys.

Security assessment

Explicit guidance to use temporary credentials (security best practice) reduces risk of long-term key exposure. Prohibition of long-term keys directly addresses credential management security concerns.

Diff

diff --git a/marketplace/latest/userguide/custom-metering-with-mp-metering-service.md b/marketplace/latest/userguide/custom-metering-with-mp-metering-service.md
index b61dadce1..5688338d4 100644
--- a//marketplace/latest/userguide/custom-metering-with-mp-metering-service.md
+++ b//marketplace/latest/userguide/custom-metering-with-mp-metering-service.md
@@ -8,0 +9,4 @@ RequirementsCall AWS Marketplace Metering Service Failure handling Limitations C
+###### Note
+
+For AMI-based products with custom metering pricing, your software must call the [MeterUsage API](https://docs.aws.amazon.com/marketplace/latest/APIReference/API_marketplace-metering_MeterUsage.html) using temporary AWS credentials of the IAM role for Amazon Elastic Compute Cloud attached to the Amazon EC2 instance. Using long-term access keys is not supported.
+