Connect your Webvar account to AWS
Create Webvar role manually (deprecated)
User should login to their AWS account.
Go IAM → Policies tab
Create policy with name: FullResaleAuthorizationAccess
- Add the following JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ram:AcceptResourceShareInvitation", "ram:GetResourceShareInvitations" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ram:CreateResourceShare" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:PutResourcePolicy", "aws-marketplace:GetResourcePolicy", "aws-marketplace:DescribeEntity" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/ResaleAuthorization/*" }, { "Effect": "Allow", "Action": [ "ram:GetResourcePolicies" ], "Resource": "*" } ] }Go IAM → Roles tab
Create role with name: WebvarAgreementsAPI
Add the following policies:
- AWSMarketplaceSellerFullAccess
- AWSMarketplaceSellerProductsFullAccess
- AWSMarketplaceSellerProductsReadOnly
- FullResaleAuthorizationAccess
Add Webvar account as a trusted entity:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "WebvarAgreementsAPI",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::342635257821:user/service-account/wv-agreements-service-account"
],
"Service": "resale-authorization.marketplace.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Give Webvar access to your transaction data (using Commerce Analytics Service (CAS))
- Within Webvar account, we need an ability to click on the link to initiate the Cloud Formation Template (CFT) that gives Webvar access to customer transaction data.
- This link will take the customer to their AWS management console, where they can review the template URL, stack name, parameters and submit the stack.
- Go to the AWS CAS enrollment form and fill the SNS Topic ARN and S3 Bucket, (available in Step 2)
- Click enroll & Allow in the bottom corner of the screen ****to create a new IAM Role.