AWS Marketplace Integration

Grant Suger the necessary permissions to manage your AWS Marketplace on hour behalf, no more no less.


  1. Visit the Integration page of suger console.
  2. Click the button CONNECT and redirect to new browser tab. It will automatically start a AWS CloudFormation Stack on your AWS account to create an IAM role for Suger to access & manage your AWS Marketplace on your behalf. Contact for the Suger AWS Account ID to fill the stack field AccountId.
  3. Check the box of I acknowledge that ... and click button Create stack.
  4. Wait for a few minutes, the AWS Marketplace integration status will be updated as VERIFIED.
    • You may need to click the button VERIFY to verify whether the AWS marketplace integration works correctly.

Edit Integration

Editing an existing AWS integration is not supported. The practical way is to delete it and then re-connect it with new inputs.

Delete Integration

The AWS integration can be deleted like all other integrations. Once the deletion icon is clicked & confirmed, the integration info will be deleted immediately & permanently from Suger. No time window or methods to recover.

  • To completely delete the IAM Role created for Suger, please visit your AWS CloudFormation, and delete the stack SugerAccessMarketplaceStack, which will remove all resources including IAM Role created for Suger.

AWS IAM Policies

Here is the list of AWS managed policies included in the Suger Access IAM role.

Policy NameDescription
arn:aws:iam::aws:policy/AWSMarketplaceFullAccessThis policy grants Suger full access to AWS Marketplace and related services, as well as access to Amazon EC2, AWS CloudFormation, and Amazon EC2 Systems Manager.
arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccessThis policy grants Suger to manage your sales (product listings, offers, entitlements & metering) on marketplace.
SugerAccessMarketplacePolicyThis policy grants Suger necessary-only permissions on AWS s3 & AWS SNS to configure & access your AWS Marketplace Commerce Analytics Service and AWS Marketplace Data Feeds Service.

Set up AWS Marketplace Commerce Analytics Service (MCAS)

The Commerce Analytics Service accesses the Amazon S3 bucket and Amazon SNS topic after you configure the service with the ARN for the topic and name of the bucket. To enable access:

  1. Log in to the AWS Marketplace Management Portal with the AWS account you use to manage your AWS Marketplace products.
  2. Ensure you have the necessary IAM permissions to enroll in the AWS Marketplace Commerce Analytics Service.
  3. Create a S3 bucket in region us-east-1 with name suger-mcas-s3-bucket-{aws-account-id}, and a SNS topic in region us-east-1 with name suger-mcas-sns-topic.
  4. Navigate to the Commerce Analytics Service enrollment page. Enter the Amazon S3 bucket name suger-mcas-s3-bucket-{aws-account-id} and Amazon SNS topic ARN arn:aws:sns:us-east-1:{aws-account-id}:suger-mcas-sns-topic, and choose Enroll. On the permissions page, choose Allow.
  5. On the AWS Marketplace Management Portal, record the Role Name ARN in the success message.

More details can be found here.

Set up AWS Marketplace Data Feeds Service (MDFS)

To get the full structured, up-to-date product billing and customer information from AWS Marketplace, it is highly recommended to set up the Data Feeds Service. Follow the below steps:

  1. Go to the Data Feed Configuration page. Click Configure with Cloud Formation, a new page with stack template will be opened. Type in the Stack name with mp-data-feed (don't change this name since it is recognized by Suger service), and the S3BucketName with an unique S3 name suger-mdfs-s3-bucket-{aws-account-id}. Then click button Create stack.
    • The stack name must be mp-data-feed. Otherwise, Suger service won't recognize.
    • The S3BucketName must start with suger-. Otherwise, suger service won't have permissions to access.
    • The stack must be running in the AWS region us-east-1, not other regions.
  2. Once the upper Cloud Formation stack is 'CREATE_COMPLETE', find the S3 Bucket ARN (for example: arn:aws:s3:::suger-mdfs-s3-bucket-{aws-account-id}) and the KMS Key ARN (for example: arn:aws:kms:us-west-2:awsAccountId:key/keyId), and input them to the Data Feed Configuration page. Click buttion Submit.
  3. Suger service take all the rest of setup and cron data sync pipeline.