AWS Marketplace
针对 AWS Marketplace 订阅者的用户指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

控制对 AWS Marketplace 订阅的访问

让您组织中的其他人管理订阅的推荐方式是使用 AWS Identity and Access Management (IAM) 创建用户和组。例如,如果只允许 John 查看订阅,您可以为他创建 IAM 用户并将其 IAM 用户添加到只读组中。如果 John 在组织中的职位发生变化或者离开公司,您可以更改其 IAM 用户所属的组,或者更改她在 IAM 中的用户设置。

重要

您的所有用户使用相同的 AWS Marketplace 账户。用户对于管理软件订阅所做的任何更改是全局性的,会应用于该订阅的所有用户。

创建用户

要允许公司中的人员管理订阅,建议您为每个人员创建一个 IAM 用户。有关更多信息,请参阅 IAM 用户指南 中的 IAM 用户。我们还建议您为自己创建用户名和密码,即使您是 AWS 账户所有者也是如此。对于在 AWS Marketplace 中作为 IAM 用户工作的所有人(甚至包括账户所有者),这是建议的最佳实践。要了解如何为您自己创建具有管理许可的 IAM 用户权限,请参阅创建您的第一个 IAM 管理员用户和组。有关使用 IAM 的建议实践的更多信息,请参阅 IAM 最佳实践

创建组以用于 AWS Marketplace 访问并将用户添加到组

创建用于分配 AWS Marketplace 权限的组

  1. 通过以下网址打开 IAM 控制台:https://console.amazonaws.cn/iam/

  2. 在左侧导航窗格中,选择 Groups (组),然后选择 Create New Group (创建新组)

  3. 对于组名,输入组的名称,例如 MarketplaceReadOnlyMarketplaceFullAccess,然后选择下一步

  4. 附加策略页面上,选中以下策略之一旁边的框:

    • 要允许只查看订阅(但不能更改)的权限,请选择 AWS MarketplaceRead-only

    • 要允许订阅和取消订阅的权限,请选择 AWSMarketplaceManageSubscriptions

    • 要允许完全控制您的订阅,请选择 AWSMarketplaceFullAccess

  5. 选择下一步,然后选择创建组

将用户添加到刚创建的组

  1. 在组列表中,选择相应组的名称。

  2. Users (用户) 下,选择 Add Users to Group (将多个用户添加到组)

  3. 选择要添加到组的用户,然后选择 Add Users (添加用户)

重复上述步骤,创建具有不同权限的多个组并将用户分配到这些组。

您不限于此处描述的 AWS 托管策略中的权限。您可以使用 IAM 创建具有自定义权限的策略,然后将这些策略添加到 IAM 组。有关更多信息,请参阅 IAM 用户指南 中的管理 IAM 策略将策略附加到 IAM 组

适用于 AWS Marketplace 的 AWS 托管策略

创建用户后,我们建议您创建组并应用 AWS 托管策略来提供基本的 AWS Marketplace 权限。然后,对于任何特定方案,您可以创建自己的策略并将其应用到具有方案特定要求的组。使用以下四个基本 AWS Marketplace 策略控制用户拥有的权限:

  • AWSMarketplaceRead-only

    { "Version": "2012-10-17", "Statement": [ { "Resource": "*", "Action": [ "aws-marketplace:ViewSubscriptions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ] } ] }
  • AWSMarketplaceManageSubscriptions

    { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect": "Allow", "Resource": "*" } ] }
  • AWSMarketplaceFullAccess

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:UpdateDocumentDefaultVersion", "ssm:CreateDocument", "ssm:StartAutomationExecution", "ssm:ListDocuments", "ssm:UpdateDocument", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ssm.amazonaws.com" ] } } } ] }
  • AWSPrivateMarketplaceAdminFullAccess

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:CreatePrivateMarketplace", "aws-marketplace:CreatePrivateMarketplaceProfile", "aws-marketplace:UpdatePrivateMarketplaceProfile", "aws-marketplace:StartPrivateMarketplace", "aws-marketplace:StopPrivateMarketplace", "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", "aws-marketplace:DescribePrivateMarketplaceProfile", "aws-marketplace:DescribePrivateMarketplaceStatus", "aws-marketplace:ListPrivateMarketplaceProducts", "aws-marketplace:DescribePrivateMarketplaceProducts" ], "Resource": [ "*" ] } ] }

其他资源

有关管理 IAM 用户和组的更多信息,请参阅 IAM 用户指南 中的身份(用户、组和角色)

有关管理 IAM 权限和策略的更多信息,请参阅 IAM 用户指南 中的使用策略控制访问