AWS Security ChangesHomeSearch

AWS marketplace medium security documentation change

Service: marketplace · 2025-06-13 · Security-related medium

File: marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md

Summary

Expanded documentation for AWSPrivateMarketplaceAdminFullAccess policy to detail service-linked role management, Organizations integration, and granular permissions

Security assessment

The change adds explicit documentation about IAM policy permissions required for managing Private Marketplace security controls, including service-linked roles and organizational access management. This helps enforce least privilege and proper access controls for marketplace administration.

Diff

diff --git a/marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md b/marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md
index 32c97ed89..c6e246dd9 100644
--- a//marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md
+++ b//marketplace/latest/buyerguide/buyer-security-iam-awsmanpol.md
@@ -110 +110,38 @@ You can attach the `AWSPrivateMarketplaceAdminFullAccess` policy to your IAM ide
-This policy grants administrator permissions that allow full access to manage private marketplaces in your account (or organization). For more information about using multiple administrators, see [Example policies for private marketplace administrators](./it-administrator.html#creating-custom-policies-for-private-marketplace-admin).
+This identity-based policy enables administrators to manage AWS Private Marketplace configurations and associated organizational controls. This policy includes IAM and Organizations permissions. It grants permissions to do the following actions: 
+
+  1. Manage Private Marketplace service-linked roles (SLR).
+
+    1. Get role information for `AWSServiceRoleForPrivateMarketplaceAdmin`.
+
+    2. Create service-linked roles for Private Marketplace administration.
+
+  2. Handle organizational delegated administration.
+
+    1. Register and deregister delegated administrators for Private Marketplace.
+
+    2. Enable AWS service access for Private Marketplace within Organizations.
+
+  3. Manage Private Marketplace products and requests.
+
+    1. Associate and disassociate products with Private Marketplace.
+
+    2. List and describe Private Marketplace requests.
+
+    3. Perform catalog operations (list entities, describe entities, manage change sets).
+
+    4. Handle resource tagging for AWS Marketplace resources.
+
+  4. Access Organizations information.
+
+    1. View organization details, organizational units, and accounts.
+
+    2. List organizational hierarchy information.
+
+    3. Monitor AWS service access and delegated administrators.
+
+
+
+
+This policy is designed for administrators who need to set up and manage Private Marketplace across an Organizations structure, granting both console and programmatic access to these functions.
+
+The policy includes specific conditions to ensure Private Marketplace service principal validation and appropriate resource-level permissions for IAM roles and organizational management. For more information about using multiple administrators, see [Example policies for private marketplace administrators](./it-administrator.html#creating-custom-policies-for-private-marketplace-admin).
@@ -169,0 +207 @@ Change | Description | Date
+AWSPrivateMarketplaceAdminFullAccess — updates to existing policy | AWS Marketplace added service-linked role and Organizations integration permissions for Private Marketplace administrators. | June 5, 2025