AWS Security ChangesHomeSearch

AWS marketplace documentation change

Service: marketplace · 2025-11-07 · Documentation medium

File: marketplace/latest/buyerguide/buyer-purchase-order-troubleshooting.md

Summary

Added 'Insufficient permissions—during purchase' scenario explaining required Subscribe permission and service-linked roles

Security assessment

Documents IAM permissions (aws-marketplace:Subscribe) and service-linked role requirements for purchase orders. While this clarifies security controls, there is no evidence of addressing a specific vulnerability.

Diff

diff --git a/marketplace/latest/buyerguide/buyer-purchase-order-troubleshooting.md b/marketplace/latest/buyerguide/buyer-purchase-order-troubleshooting.md
index 915306957..757a63bdc 100644
--- a//marketplace/latest/buyerguide/buyer-purchase-order-troubleshooting.md
+++ b//marketplace/latest/buyerguide/buyer-purchase-order-troubleshooting.md
@@ -10,0 +11 @@ Scenario | Details
+Insufficient permissions—during purchase | The note appears near the **Purchase order entry** field if you don't have the `aws-marketplace:Subscribe` permission to subscribe. The management account must also enable the AWS Billing integration. For information about enabling the integration, see [Creating a service-linked role for AWS Marketplace](https://docs.aws.amazon.com/marketplace/latest/buyerguide/using-service-linked-roles-purchase-orders.html#create-service-linked-role-purchase-orders).  
@@ -41 +42 @@ Using purchase orders
-Canceling product subscriptions
+Working with variable payment requests