本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 在 License Manager 中跟踪卖家颁发的许可证使用情况所需的权限
<a name="seller-issued-license-requirements"></a>

要开始使用此功能，您需要具有调用以下 License Manager API 操作的权限。

------
#### [ JSON ]

****  

```
{ 
    "Version":"2012-10-17",		 	 	      
    "Statement": [ 
      { 
        "Effect": "Allow",
        "Action": [
            "license-manager:CreateLicense",
            "license-manager:CreateLicenseVersion",
            "license-manager:ListLicenses",
            "license-manager:ListLicenseVersions",
            "license-manager:GetLicense",
            "license-manager:DeleteLicense",
            "license-manager:CheckoutLicense",
            "license-manager:CheckInLicense",
            "license-manager:ExtendLicenseConsumption",
            "license-manager:GetLicenseUsage",
            "license-manager:CreateGrant",
            "license-manager:CreateGrantVersion",
            "license-manager:DeleteGrant",
            "license-manager:GetGrant",
            "license-manager:ListDistributedGrants"
        ], 
        "Resource": "*"
      } 
    ] 
}
```

------

如果您要与 License Manager 集成，以便没有 Amazon 账户的客户可以使用在外部出售的许可证 Amazon Web Services Marketplace，则必须创建一个 IAM 角色以使您的软件应用程序能够调用 License Manager API。

如果您使用 Amazon Web Services 管理控制台 向没有临时凭证的客户分发临时证书 Amazon Web Services 账户，License Manager 将自动`AWSLicenseManagerConsumptionRole`代表您创建临时证书。有关更多信息，请参阅 [为没有账户的 ISV 客户获取临时证书 Amazon](granting-temporary-credentials.md)。要从中创建此角色 Amazon CLI，请使用 Amazon IAM [create-ro](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/create-role.html) le 命令，如以下示例所示。

```
aws iam create-role 
    --role-name AWSLicenseManagerConsumptionRole 
    --description "Role used to consume licenses using Amazon License Manager" 
    --max-session-duration 3600 
    --assume-role-policy-document file://trust-policy-document.json
```

提供的`trust-policy-document.json`文件应类似于以下示例，使用您自己的 Amazon Web Services 账户 ID 替换为代币发行者账户。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "openid-license-manager.amazonaws.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "ForAnyValue:StringLike": {
                    "openid-license-manager.amazonaws.com:amr": "aws:license-manager:token-issuer-123456789012:{{123456789012}}"
                }
            }
        }
    ]
}
```

------

接下来，使用[attach-role-policy](https://docs.amazonaws.cn/cli/latest/reference/iam/attach-role-policy.html)命令将**AWSLicenseManagerConsumptionPolicy** Amazon 托管策略添加到**AWSLicenseManagerConsumptionRole**角色中。

```
aws iam attach-role-policy 
    --policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy
    --role-name AWSLicenseManagerConsumptionRole
```