AWS marketplace medium security documentation change
Summary
Expanded documentation for AWSPrivateMarketplaceAdminFullAccess policy to detail service-linked role management, Organizations integration, and granular permissions
Security assessment
The change adds explicit documentation about IAM policy permissions required for managing Private Marketplace security controls, including service-linked roles and organizational access management. This helps enforce least privilege and proper access controls for marketplace administration.
Diff
diff --git a/marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md b/marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md index 32c97ed89..c6e246dd9 100644 --- a//marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md +++ b//marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md @@ -110 +110,38 @@ You can attach the `AWSPrivateMarketplaceAdminFullAccess` policy to your IAM ide -This policy grants administrator permissions that allow full access to manage private marketplaces in your account (or organization). For more information about using multiple administrators, see [Example policies for private marketplace administrators](./it-administrator.html#creating-custom-policies-for-private-marketplace-admin). +This identity-based policy enables administrators to manage AWS Private Marketplace configurations and associated organizational controls. This policy includes IAM and Organizations permissions. It grants permissions to do the following actions: + + 1. Manage Private Marketplace service-linked roles (SLR). + + 1. Get role information for `AWSServiceRoleForPrivateMarketplaceAdmin`. + + 2. Create service-linked roles for Private Marketplace administration. + + 2. Handle organizational delegated administration. + + 1. Register and deregister delegated administrators for Private Marketplace. + + 2. Enable AWS service access for Private Marketplace within Organizations. + + 3. Manage Private Marketplace products and requests. + + 1. Associate and disassociate products with Private Marketplace. + + 2. List and describe Private Marketplace requests. + + 3. Perform catalog operations (list entities, describe entities, manage change sets). + + 4. Handle resource tagging for AWS Marketplace resources. + + 4. Access Organizations information. + + 1. View organization details, organizational units, and accounts. + + 2. List organizational hierarchy information. + + 3. Monitor AWS service access and delegated administrators. + + + + +This policy is designed for administrators who need to set up and manage Private Marketplace across an Organizations structure, granting both console and programmatic access to these functions. + +The policy includes specific conditions to ensure Private Marketplace service principal validation and appropriate resource-level permissions for IAM roles and organizational management. For more information about using multiple administrators, see [Example policies for private marketplace administrators](./it-administrator.html#creating-custom-policies-for-private-marketplace-admin). @@ -169,0 +207 @@ Change | Description | Date +AWSPrivateMarketplaceAdminFullAccess — updates to existing policy | AWS Marketplace added service-linked role and Organizations integration permissions for Private Marketplace administrators. | June 5, 2025