Amazon Selling Partner API Guard support topics

How do I manually clean up the Selling Partner API Guard EC2 Command Line Interface?

  1. Sign in to the AWS CloudFormation console.
  2. Navigate to the Amazon EC2 console
  3. Select the EC2 instance.
  4. Choose Delete.
  5. Delete the Security Group associated with the name GuardSecurityGroup.
  6. Delete the VPC associated with GuardCLI tags. For more information, refer to Delete your VPC in the Amazon Virtual Private Cloud User Guide.

What if I don’t receive email communication during the Selling Partner API Guard scan?

You might not receive an email because of your email filtering policies or SNS service communication. If you’re experiencing email communication issues, you can use the Connect to your Linux instance using Session Manager procedure in the Amazon Elastic Compute Cloud User Guide for Linux Instances to manually retrieve communication.

Selling Partner API Guard installation cannot create EC2 instances. How should I proceed with installation?

Issue: EBS encryption with custom KMS Key and KMS Key policy does not allow Selling Partner API Guard to encrypt the EC2 Instance Volume created by default. The Selling Partner API Guard instance is terminated as soon as it is created.

Solution: Use the following procedure to add the necessary permission to the custom KMS Key that encrypts EBS Volumes.

  1. Add the following KMS Policy to the custom KMS Key that encrypts EBS Encryption by default.
    1. Sign in to the AWS CloudFormation console.
    2. Open CloudFormation service and search for Selling-Partner-API-Guard-Stack.
    3. Navigate to the Resources tab and search for IAM Role with Logical ID - LambdaCustomExecutionRole95EB5515.
    4. Copy the respective IAM ARN and replace <LAMBDA_IAM_ROLE_ARN_CREATED_BY_GUARD> in the following code block.
 "Sid": "Allow Guard Execution Role role use of the customer managed key",
 "Effect": "Allow",
 "Principal": {
 "AWS": [
 "Action": [
 "Resource": "*"
  1. Restart the Amazon EC2 instance creation.
    1. Sign in to your AWS account.
    2. Select the following Amazon EventBridge link:
    3. Choose Enable.
    4. Open the EC2 instance link sent via email notification.

Where can I get technical support for Selling Partner API Guard?

Sign in to Seller Central and open a support case with Developer Support.