Set up permissions for creating private offers on Marketplace | Amazon Web Services

00:00

In this video, you’ll see how to set up permissions for creating private offers

00:04

or channel partner private offers in AWS Marketplace.

00:09

Using permission sets in AWS IAM Identity Center, you can provide AWS

00:15

accounts with granular access to the AWS Marketplace Management Portal

00:19

and manage who can create private offers and channel partner private offers.

00:25

Imagine your sales operation team has two employees, Jane and Joe.

00:31

You would like Jane and Joe to have access to the AWS Marketplace Management

00:35

Portal to create private offers or channel partner private offers for your buyers.

00:41

To do this, you'll need to ensure that Jane and Joe have credentials to log

00:45

into the AWS Marketplace seller account.

00:49

You'll also want to group Jane and Joe to manage their permissions centrally

00:53

and make sure any new people added to that group will have the same required permissions.

00:59

If you only have one stand-alone account,

01:01

you will do this by creating credentials and assigning permissions in this account.

01:06

If you have a multi-account environment set up with AWS Organizations,

01:11

you can use your delegated administrator account to give users access to the

01:15

AWS Marketplace Management Portal in your AWS seller account.

01:21

If you use an external identity provider, you can create your user's credentials and groups on it,

01:26

and later assign permissions using AWS IAM Identity Center to create

01:32

the users credentials and group.

01:34

In this video, we will depict the multi-account environment and set everything up using

01:39

AWS IAM Identity Center.

01:43

Let’s get started.

01:46

We’ll begin in the AWS console, where we’re logged in to a management account.

01:51

Let’s navigate to the IAM Identity Center.

01:57

Let’s enable IAM Identity Center in our current region.

02:00

Make sure you are in your preferred region.

02:03

IAM Identity Center has been enabled.

02:07

Next, we’ll go to Settings to register a delegated administrator AWS

02:12

account with IAM Identity Center.

02:15

We’ll scroll down to the Management tab.

02:20

Let's register a delegated administrator account to minimize the number of

02:24

people who require access to the management account,

02:27

following the principle of least privilege.

02:32

The account has been registered successfully as an IAM Identity

02:35

Center delegated administrator.

02:39

Now let's use the delegated admin account to set up a group for our sales operation team.

02:45

This group will be for people with permissions to create private offers on AWS Marketplace.

02:51

We’ll provide a name and description and then create the group.

03:00

The group created successfully.

03:02

Next, we’ll create a user for our group.

03:05

Let’s add Jane.

03:19

We have the option to add the user’s contact methods, job-related information, and more.

03:24

For this example, we’ll leave these fields blank and continue.

03:30

Next, let’s add Jane to the group that we just created.

03:35

We’ll review the information and add the user.

03:40

We can repeat the process to create a user for other employees on the sales operation team.

03:45

Now let’s create a permission set.

03:51

Permission sets are templates containing IAM policies that determine

03:55

a user’s permissions to access an AWS account.

03:59

Permission sets simplify the assignment

04:01

of AWS account access for users and groups in your organization.

04:06

We’ll create a custom permission set.

04:11

Next, we need to specify a policy for our permission set.

04:15

We’ll select the inline policy, which allows us to define fine-grained custom

04:20

permissions that are identical across every AWS account in which

04:24

the permission set is provisioned.

04:27

We’ll replace the text block with an IAM policy that includes the required

04:32

permissions to log in to the Management Portal and create private offers.

04:38

You can get this policy and other policies from the video description

04:41

and links for this video.

04:44

IAM Identity Center will create this policy in each AWS account where we

04:49

assign the permission set.

04:52

Our policy has no errors, so we can continue.

04:57

Next, we’ll specify a name and description for the permission set.

05:04

We can set the session duration for how long users can be logged into the management portal.

05:09

We’ll leave that set to one hour.

05:13

Let’s create the permission set.

05:18

Now that our permission set has been successfully created, we need to provision

05:22

it in our AWS Marketplace seller account.

05:27

First, we’ll select our seller account.

05:31

Next, we’ll assign the group we created for the sales operation team.

05:37

Next, we’ll select the permission set we created.

05:42

Finally, we’ll review and submit the assignments.

05:46

Now, we are provisioning the credentials and permissions for the group to access

05:50

the AWS Marketplace seller account.

05:55

The provisioning is now complete, and the assigned users can begin to create

05:58

private offers in the AWS Marketplace Management Portal.

06:04

Next, if you want to share and accept authorizations to create Channel Partner

06:08

Private Offers, you also want to set up the AWS Marketplace service-linked role

06:13

for AWS Marketplace Resale Authorization.

06:17

We’ll do this from the AWS Marketplace Management Portal, where we’re signed

06:22

in to our seller account with admin permissions.

06:25

Let’s go to the Settings page.

06:29

Next, we’ll open the Service-linked roles tab and create a service-linked

06:33

role for Resale Authorizations.

06:41

The role has been set up successfully.

06:44

Now the team can receive and accept resell opportunities.

06:49

Now let’s switch to the perspective of Jane, our team member.

06:53

We received an e-mail inviting us to join AWS IAM Identity Center.

06:58

We’ll accept it.

06:59

In the login portal we’ll create a new password.

07:06

Next, we’ll log in with our new credentials.

07:14

Our organization requires Multi-Factor Authentication, so we’ll register our device now.

07:20

For this example, we’ll select the built-in authenticator option.

07:26

Next, we’ll follow the instructions to activate a passkey with the

07:29

fingerprint identifier on our device.

07:33

The built-in authenticator has been registered.

07:35

Clicking Done opens the access portal.

07:39

Here, we can view all the accounts and roles we have access to.

07:43

In this example, we can access the AWS Marketplace seller account to create

07:48

private offers or channel partner private offers.

07:55

You’ve just seen how to set up permissions for creating private offers or channel partner

08:00

private offers in AWS Marketplace.

08:04

You can learn more about this topic in the description and links for this video.

08:09

Thanks for watching. Now it’s your turn to try.