View a markdown version of this page

Giving AWS Marketplace access to your AMI - AWS Marketplace
Giving AWS Marketplace access to your FPGA images

Giving AWS Marketplace access to your AMI

When you create a request that includes adding a new Amazon Machine Image (AMI) to AWS Marketplace, the AMI must be copied into the AWS Marketplace system and then scanned for security issues. You must give AWS Marketplace access to the AMI by creating an AWS Identity and Access Management (IAM) role with permissions to perform actions on your AMI and a trust policy that allows AWS Marketplace to assume the role. You only need to create the IAM role once. The following procedure shows you how to create a role for AWS Marketplace assets ingestion that gives AWS Marketplace access to your AMI.

To create a role for AWS Marketplace AMI assets ingestion

  1. Sign in to the AWS Management Console, open the IAM console and go to the Roles page.

  2. Select Create role.

  3. On the Create role page, make the following selections:

    • Select type of trusted entity – Choose AWS Service.

    • Choose a use case – Choose AWS Marketplace.

    • Select your use case – Choose Marketplace – AMI Assets Ingestion.

    • To move to the next page, select Next: Permissions.

  4. Select the AWSMarketplaceAmiIngestion policy. Add a permissions boundary if required, and then select Next: Tags to continue.

    Note

    You can use permissions boundaries to limit the access that you give AWS Marketplace with this role. For more information, see Permissions boundaries for IAM entities in the AWS Identity and Access Management User Guide.

  5. To continue, select Next: Review.

  6. Provide a name for the role, and select Create role.

  7. You should see "The role rolename has been created" at the top of the page, and the role should appear in the list of roles.

On this page, when you select the role that you just created, you can see its ARN in the form arn:aws:iam::123456789012:role/exampleRole. Use the ARN for the IAM access role ARN when you create change requests, for example, when adding a new version to your product.

Giving AWS Marketplace access to your FPGA images

If your AMI includes FPGA images (AFIs), you must also grant AWS Marketplace additional permissions to access and manage these FPGA images. In addition to the AWSMarketplaceAmiIngestion policy, you need to create an inline policy that allows AWS Marketplace to perform actions on your FPGA images.

To add FPGA image permissions to your AWS Marketplace AMI assets ingestion role

  1. Sign in to the AWS Management Console, open the IAM console and go to the Roles page.

  2. Select the role that you created for AWS Marketplace AMI assets ingestion.

  3. On the role details page, select the Permissions tab, and then select Add inline policy.

  4. Select the JSON tab and enter the following policy:

    JSON
    {
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "ec2:DescribeFpgaImages",
            "ec2:DescribeFpgaImageAttribute",
            "ec2:CopyFpgaImage",
            "ec2:ModifyFpgaImageAttribute"
         ],
         "Resource":"*"
      }
   ]
}

  5. Select Review policy.

  6. Provide a name for the policy, such as AWSMarketplaceAfiIngestion, and then select Create policy.

After you add this inline policy, AWS Marketplace will have the necessary permissions to access and manage your FPGA images during the ingestion and scanning process.