本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 用于配置和启动产品的服务相关角色 AWS Marketplace AWS Marketplace 使用名为的服务相关角色`AWSServiceRoleForMarketplaceDeployment` AWS Marketplace 来允许代表您管理与部署相关的参数,这些参数作为密钥存储在[AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)中。卖家可以在 CloudFormation 模板中引用这些秘密,您可以在配置启用了 Quick Launch 的产品时启动这些模板 AWS Marketplace。 `AWSServiceRoleForMarketplaceDeployment` 服务相关角色信任以下服务代入该角色: + `deployment.marketplace.amazonaws.com` `AWSMarketplaceDeploymentServiceRolePolicy` 可使 AWS Marketplace 对您的资源完成以下操作。 **注意** 有关 AWS Marketplace 托管策略的更多信息,请参阅[AWS AWS Marketplace 买家托管政策](buyer-security-iam-awsmanpol.md)。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "ManageMarketplaceDeploymentSecrets", "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:PutSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:RemoveRegionsFromReplication" ], "Resource": [ "arn:aws:secretsmanager:*:*:secret:marketplace-deployment*!*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "ListSecrets", "Effect": "Allow", "Action": [ "secretsmanager:ListSecrets" ], "Resource": [ "*" ] }, { "Sid": "TagMarketplaceDeploymentSecrets", "Effect": "Allow", "Action": [ "secretsmanager:TagResource" ], "Resource": "arn:aws:secretsmanager:*:*:secret:marketplace-deployment!*", "Condition": { "Null": { "aws:RequestTag/expirationDate": "false" }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "expirationDate" ] }, "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] } ``` ------ 您必须配置使用户、组或角色能够创建、编辑或删除服务相关角色的权限。有关更多信息,请参阅*《IAM 用户指南》*中的[服务相关角色权限](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#service-linked-role-permissions)。