本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
用于配置和启动产品的服务相关角色 AWS Marketplace
AWS Marketplace 使用名为的服务相关角色AWSServiceRoleForMarketplaceDeployment AWS Marketplace 来允许代表您管理与部署相关的参数,这些参数作为密钥存储在AWS Secrets Manager中。卖家可以在 AWS CloudFormation 模板中引用这些秘密,您可以在配置启用了 Quick Launch 的产品时启动这些模板 AWS Marketplace。
AWSServiceRoleForMarketplaceDeployment 服务相关角色信任以下服务代入该角色:
AWSMarketplaceDeploymentServiceRolePolicy 可使 AWS Marketplace 对您的资源完成以下操作。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ManageMarketplaceDeploymentSecrets",
"Effect": "Allow",
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:PutSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:RemoveRegionsFromReplication"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:marketplace-deployment*!*"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "ListSecrets",
"Effect": "Allow",
"Action": [
"secretsmanager:ListSecrets"
],
"Resource": [
"*"
]
},
{
"Sid": "TagMarketplaceDeploymentSecrets",
"Effect": "Allow",
"Action": [
"secretsmanager:TagResource"
],
"Resource": "arn:aws:secretsmanager:*:*:secret:marketplace-deployment!*",
"Condition": {
"Null": {
"aws:RequestTag/expirationDate": "false"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"expirationDate"
]
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
您必须配置使用户、组或角色能够创建、编辑或删除服务相关角色的权限。有关更多信息,请参阅《IAM 用户指南》中的服务相关角色权限。
