Posted On: Nov 14, 2022

Catalog API now supports tag-based authorization of resources. As a seller or a private marketplace administrator, you can now exercise IAM policy-based control over resources such as Entities and ChangeSets by tagging them and allowing/disallowing actions based on those tags. You can either add tags on resources when you create them using the StartChangeSet API action or add tags on existing resources using the new TagResource API action. You can also list all the tags on a resource using ListTagsForResource API and remove tags from resources using the UntagResourceAPI.

Only owners of the target resource can perform tag-related actions, such as adding a tag, removing a tag, and listing all the tags on the resource. As an owner, you can also grant an IAM user/role permission to perform actions on resources based on the tags associated with them. Previously, if you wanted to grant an IAM user/role access to update a group of product listings, you had to define an IAM policy with Amazon Resource Name (ARN) of each product in the group. Now, with tag-based authorization, you can accomplish this efficiently by tagging the resources and defining tag-based permissions on them.

For information on how to control resources using tags, refer to API Access Control and Controlling access to AWS resources using tags.

For more information on tags themselves, refer to Tagging AWS resources.