AWS Security ChangesHomeSearch

AWS marketplace documentation change

Service: marketplace · 2026-01-28 · Documentation medium

File: marketplace/latest/userguide/single-ami-marketplace-ami-access.md

Summary

Added new section 'Giving AWS Marketplace access to your FPGA images' with IAM policy configuration for ec2 FPGA image management permissions

Security assessment

Documents new IAM permissions policy required for FPGA image management during Marketplace ingestion. While related to access control (security feature), there's no evidence of addressing a specific vulnerability. The change adds security documentation about required ec2 permissions (DescribeFpgaImages, CopyFpgaImage, etc.) for Marketplace operations.

Diff

diff --git a/marketplace/latest/userguide/single-ami-marketplace-ami-access.md b/marketplace/latest/userguide/single-ami-marketplace-ami-access.md
index 3830247a5..d25832d06 100644
--- a//marketplace/latest/userguide/single-ami-marketplace-ami-access.md
+++ b//marketplace/latest/userguide/single-ami-marketplace-ami-access.md
@@ -4,0 +5,2 @@
+Giving AWS Marketplace access to your FPGA images
+
@@ -41,0 +44,46 @@ On this page, when you select the role that you just created, you can see its AR
+## Giving AWS Marketplace access to your FPGA images
+
+If your AMI includes FPGA images (AFIs), you must also grant AWS Marketplace additional permissions to access and manage these FPGA images. In addition to the **AWSMarketplaceAmiIngestion** policy, you need to create an inline policy that allows AWS Marketplace to perform actions on your FPGA images.
+
+###### To add FPGA image permissions to your AWS Marketplace AMI assets ingestion role
+
+  1. Sign in to the AWS Management Console, open the IAM console and go to the [Roles page](https://console.aws.amazon.com/iam/home?region=us-east-1#/roles).
+
+  2. Select the role that you created for AWS Marketplace AMI assets ingestion.
+
+  3. On the role details page, select the **Permissions** tab, and then select **Add inline policy**.
+
+  4. Select the **JSON** tab and enter the following policy:
+
+JSON
+    
+
+****
+    
+    
+        {
+       "Version":"2012-10-17",		 	 	 
+       "Statement":[
+          {
+             "Effect":"Allow",
+             "Action":[
+                "ec2:DescribeFpgaImages",
+                "ec2:DescribeFpgaImageAttribute",
+                "ec2:CopyFpgaImage",
+                "ec2:ModifyFpgaImageAttribute"
+             ],
+             "Resource":"*"
+          }
+       ]
+    }
+    
+
+  5. Select **Review policy**.
+
+  6. Provide a name for the policy, such as **AWSMarketplaceAfiIngestion** , and then select **Create policy**.
+
+
+
+
+After you add this inline policy, AWS Marketplace will have the necessary permissions to access and manage your FPGA images during the ingestion and scanning process.
+