AWS Security ChangesHomeSearch

AWS marketplace documentation change

Service: marketplace · 2026-05-01 · Documentation low

File: marketplace/latest/userguide/security-iam-awsmanpol.md

Summary

Added S3 permission for uploading to ephemeral file upload bucket and updated AWSMarketplaceSellerFullAccess policy with new permissions

Security assessment

Documents new IAM permissions (s3:PutObject and aws-marketplace:ListInvoiceSubmissionTasks) which are security-relevant but shows no evidence of addressing a specific vulnerability

Diff

diff --git a/marketplace/latest/userguide/security-iam-awsmanpol.md b/marketplace/latest/userguide/security-iam-awsmanpol.md
index 35e3080c8..30b660392 100644
--- a//marketplace/latest/userguide/security-iam-awsmanpol.md
+++ b//marketplace/latest/userguide/security-iam-awsmanpol.md
@@ -146,0 +147,2 @@ This policy includes the following permissions:
+  * `s3` – Allows principals to upload objects to the AWS Marketplace ephemeral file upload bucket scoped to the caller's account.
+
@@ -228,0 +231 @@ Change | Description | Date
+AWSMarketplaceSellerFullAccess – Update to an existing policy |  AWS Marketplace added a new `MarketplaceEphemeralWriteS3Access` statement with `s3:PutObject` permission for write access to the AWS Marketplace ephemeral file upload bucket, scoped to the caller's account. Added `aws-marketplace:ListInvoiceSubmissionTasks` to the `SellerSettings` statement. | April 29, 2026