Temporarily providing a software product access to a resource

What is claimed is: 1. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computer, cause the computer to: receive a request to access a resource of a service provider network from a first software product associated with a customer of the service provider network, wherein the first software product is not authorized to access the resource; identify, from an access policy specified by a third party software provider, a subscription to a second software product that is required to access the resource, wherein the second software product is provided to the service provider network by the third party software provider and wherein the second software product is configured to execute in the service provider network; and determine to grant the request to access the resource based, at least in part, upon a determination that the customer has the subscription to the second software product. 2. The non-transitory computer-readable storage medium of claim 1 , wherein receiving the request comprises receiving a web services request from a virtual machine instance executing in the service provider network. 3. The non-transitory computer-readable storage medium of claim 1 , wherein the access policy includes permissions that specify actions that are allowed to be performed on the resource, the actions including one or more of a read action that allows read access to the resource, a write action that allows write access to the resource, or a cross-service action that allows the resource to access another resource provided by the service provider network. 4. The non-transitory computer-readable storage medium of claim 1 , wherein the resource is at least one of a record in a non-relational database service, an object in an object storage service, a database in a relational database hosting service, a cache in a caching service, a compute instance in a compute service, a role, a cryptographic key in a key management service, a configuration of a network, a message within a queuing service, a record within a data warehouse service, or a real-time data stream within a data stream processing service. 5. The non-transitory computer-readable storage medium of claim 1 , wherein the subscription to the software product is between the customer and the service provider network. 6. A system, comprising: one or more computing devices operating in a service provider network, the one or more computing devices operative to receive a request from a first software product associated with a customer of the service provider network to access a resource hosted in a first service of the service provider network, wherein the first software product is not authorized to access the resource; determine to grant the request to access the resource based, at least in part, upon a determination that the customer has a subscription to a second software product, wherein an access policy provided by a third party specifies the subscription to the second software product that is required to access the resource, and wherein the second software product is provided to the service provider network by the third party; and permit access to the resource in response to the determination that the customer has the subscription to the second software product. 7. The system of claim 6 , wherein the one or more computing devices are further configured to decline the request to access the resource in response to a determination that the subscription to the second software product has ended. 8. The system of claim 6 , wherein the request is a web service request that includes first data that identifies the resource and second data that identifies the customer. 9. The system of claim 6 , wherein the one or more computing devices are further configured to execute a virtual machine instance in response to a customer request from the customer of the service provider network. 10. The system of claim 6 , wherein the first service of the service provider network is configured to: receive the request to access the resource; send an access-determination request to an access management server comprising information based at least in part on the request; and permit the request to access the resource in response to the access management server allowing access to the resource. 11. The system of claim 6 , wherein the one or more computing devices are further configured to generate security credentials based, at least in part, on the access policy, that are used to access the resource and are used to generate additional requests to access one or more additional resources in one or more services provided by the service provider network. 12. The system of claim 6 , wherein the one or more computing devices are further configured to identify subscriptions purchased by the customer, the subscriptions including a free subscription. 13. The system of claim 6 , wherein the one or more computing devices are further configured to receive permissions that specify actions that are allowed to be performed on the resource, the specified actions including one or more of a read action, a write action, or a cross-service action that allows the resource to access another service provided by the service provider network, the permissions stored in the access policy. 14. The system of claim 6 , wherein the second software product is available from an electronic marketplace that is associated with the service provider network. 15. The system of claim 6 , wherein the one or more computing devices are further configured to generate an accounting record for at least one of the customer or a third party software provider that provided the second software product to the service provider network. 16. A computer-implemented method to provide access to a resource of a service provider network, the method comprising: receiving, at an access management server in the service provider network, a request to access the resource, the request being received from a first software product associated with a customer of the service provider network, wherein the first software product is not authorized to access the resource; determining, at the access management server, that the customer has a subscription to a second software product provided to the service provider network by a third party software provider, wherein the third party software provider specifies the subscription; and permitting, a computing device executing the first software product, access to the resource in response to determining that the customer has the subscription to the second software product. 17. The computer-implemented method of claim 16 , further comprising accessing an access policy that is provided by the third party software provider that specifies the subscription to the second software product required to access the resource, wherein the access policy includes permissions specified by the third party software provider that specifies actions that are allowed to be performed on the resource. 18. The computer-implemented method of claim 16 , further comprising preventing access to the resource in response to a determination that the subscription to the second software product ended. 19. The computer-implemented method of claim 16 , wherein the request is received at a second service of the service provider network from an instance executing in a first service of the service provider network. 20. The computer-implemented method of claim 16 , wherein receiving the request