公开(公告)号：US10033691B1

公开(公告)日：2018-07-24

申请号：US15245847

申请日：2016-08-24

Applicant: Amazon Technologies, Inc.

Inventor： Andrey Mizik ,  Lee-Ming Zen ,  Gavin Derek McCullagh ,  Yohanes Santoso ,  Vadim Meleshuk ,  Yu Gu ,  Minli Lai ,  Ivan Mistrianu ,  Rebecca Claire Weiss ,  Yi Cheng Chen ,  Ronald Andrew Hoskinson

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/08 ,  H04L12/931

CPC classification number: H04L61/1511 ,  G06F9/445 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L49/354 ,  H04L67/10

Abstract: Systems and methods are described to enable adaptive handling of domain resolution requests originating from a virtual private cloud (VPC) networking environment. An administrator of the VPC can provide a set of rules specific to the VPC that designates how requests for a domain name should be handled. The rules may specify, for example, that a request for a given domain name should be routed to a particular domain name server, which may include a private domain name server, should be dropped, or should be routed according to a default behavior (e.g., a public domain name system). Resolution requests originating in the VPC can be associated with a VPC identifier. When an adaptive resolution system receives the request, it can retrieve rules associated with the VPC identifier, and apply the rules to determine further routing for the request.

公开(公告)号：US10986013B1

公开(公告)日：2021-04-20

申请号：US16584848

申请日：2019-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Marvin Michael Theimer ,  Joshua M. Burgin ,  Rebecca Claire Weiss ,  Brad Eugene Marshall ,  Allan Henry Vermeulen ,  Peter Sven Vosshall

IPC: G06F11/26 ,  H04L12/26 ,  G06F11/36 ,  H04L12/24

Abstract: A collection of fault categories, including faults associated with internal resources at a provider network, is presented via an interface of a fault injection service. A fault injection mode, selected from a set which comprises a non-randomized mode, to be used to inject faults into a target environment is determined. Fault injection agents introduce faults into the target environment in accordance with the fault injection mode.

公开(公告)号：US10958653B1

公开(公告)日：2021-03-23

申请号：US15634163

申请日：2017-06-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Rebecca Claire Weiss

IPC: G06F16/23 ,  G06F16/24 ,  G06F21/00 ,  G06F21/31 ,  G06F21/32 ,  G06F21/44 ,  G06F21/45 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  H04L29/06

Abstract: A computing resource service provider grants a first set of security permissions to a principal (e.g., a user) which may be used to access a plurality of computing resources. The permissions may be associated with a first security token. The principal may access resources using the first set of security permissions, and a system (e.g., a service provider) may identify a subset of security permissions that are sufficient to provide access to the computing resources accessed by the principal using the first set of permissions. The subset may be associated with the principal. In some cases, the principal operating under the subset of permissions may be denied access to a computing resource and may be granted access to the computing resource by operating under the first set of permissions.

公开(公告)号：US10469442B2

公开(公告)日：2019-11-05

申请号：US16042584

申请日：2018-07-23

Applicant: Amazon Technologies, Inc.

Inventor： Andrey Mizik ,  Lee-Ming Zen ,  Gavin Derek McCullagh ,  Yohanes Santoso ,  Vadim Meleshuk ,  Yu Gu ,  Minli Lai ,  Ivan Mistrianu ,  Rebecca Claire Weiss ,  Yi Cheng Chen ,  Ronald Andrew Hoskinson

IPC: G06F15/16 ,  H04L29/12 ,  H04L12/931 ,  H04L29/08 ,  G06F9/445 ,  H04L12/46 ,  G06F9/455

Abstract: Systems and methods are described to enable adaptive handling of domain resolution requests originating from a virtual private cloud (VPC) networking environment. An administrator of the VPC can provide a set of rules specific to the VPC that designates how requests for a domain name should be handled. The rules may specify, for example, that a request for a given domain name should be routed to a particular domain name server, which may include a private domain name server, should be dropped, or should be routed according to a default behavior (e.g., a public domain name system). Resolution requests originating in the VPC can be associated with a VPC identifier. When an adaptive resolution system receives the request, it can retrieve rules associated with the VPC identifier, and apply the rules to determine further routing for the request.

公开(公告)号：US20180351904A1

公开(公告)日：2018-12-06

申请号：US16042584

申请日：2018-07-23

Applicant: Amazon Technologies, Inc.

Inventor： Andrey Mizik ,  Lee-Ming Zen ,  Gavin Derek McCullagh ,  Yohanes Santoso ,  Vadim Meleshuk ,  Yu Gu ,  Minli Lai ,  Ivan Mistrianu ,  Rebecca Claire Weiss ,  Yi Cheng Chen ,  Ronald Andrew Hoskinson

IPC: H04L29/12 ,  H04L12/931 ,  H04L29/08

CPC classification number: H04L61/1511 ,  G06F9/445 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L49/354 ,  H04L67/10

Abstract: Systems and methods are described to enable adaptive handling of domain resolution requests originating from a virtual private cloud (VPC) networking environment. An administrator of the VPC can provide a set of rules specific to the VPC that designates how requests for a domain name should be handled. The rules may specify, for example, that a request for a given domain name should be routed to a particular domain name server, which may include a private domain name server, should be dropped, or should be routed according to a default behavior (e.g., a public domain name system). Resolution requests originating in the VPC can be associated with a VPC identifier. When an adaptive resolution system receives the request, it can retrieve rules associated with the VPC identifier, and apply the rules to determine further routing for the request.

公开(公告)号：US12010227B1

公开(公告)日：2024-06-11

申请号：US16588889

申请日：2019-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Jasmeet Chhabra ,  Rebecca Claire Weiss ,  Eric Robert Northup

IPC: H04L9/40 ,  G06F9/455 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0894 ,  G06F9/45558 ,  H04L9/0861 ,  H04L9/3247 ,  G06F2009/45587

Abstract: A customer in a computing resource provider environment launches a virtual machine with an associated role. A key is generated that is specific to the instance and the role. An enclave is generated specifically for the virtual machine to securely store the key such that the virtual machine uses the enclave to sign requests pursuant to the role to access one or more web services in the environment.

公开(公告)号：US11677789B2

公开(公告)日：2023-06-13

申请号：US17119663

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Daniel George Peebles ,  Andrew Jude Gacek ,  Marvin Theimer ,  Rebecca Claire Weiss ,  Brigid Ann Johnson

IPC: G06F15/16 ,  H04L9/40 ,  H04L41/5051 ,  H04L41/50

CPC classification number: H04L63/205 ,  H04L41/5051 ,  H04L41/5096 ,  H04L63/102

Abstract: Techniques for intent-based access control are described. A method of intent-based access control may include receiving, via a user interface of an intent-based governance service, one or more intent statements associated with user resources in a provider network, the one or more intent statements expressing at least one type of action allowed to be performed on the user resources, compiling the one or more intent statements into at least one access control policy, and associating the at least one access control policy with the user resources.

公开(公告)号：US11477183B1

公开(公告)日：2022-10-18

申请号：US16915720

申请日：2020-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Rebecca Claire Weiss

IPC: H04L9/40

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

公开(公告)号：US11334661B1

公开(公告)日：2022-05-17

申请号：US16915726

申请日：2020-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Rebecca Claire Weiss

IPC: G06F21/45 ,  H04L29/06

Abstract: Techniques are described for enabling software applications to obtain temporary security credentials used to interact with a cloud provider network and, upon the revocation of an active set of temporary security credentials used by an application (e.g., due to concerns about the temporary credential's potential exposure to one or more unauthorized third parties), to readily obtain new temporary security credentials that the application can use to continue operation with minimal interruption. The temporary security credentials can be used, for example, to enable the cloud provider network to authenticate requests sent by software applications or users to various services or other components of the cloud provider network. An operator of a cloud provider network may provide a software development kit (SDK) that application developers can use to incorporate functionality related to the management of temporary security credentials.

公开(公告)号：US20190007366A1

公开(公告)日：2019-01-03

申请号：US15636523

申请日：2017-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Michael Siaosi Voegele ,  Kevin Christopher Miller ,  Justin Canfield Crites ,  Andriy Palamarchuk ,  Andrew Bruce Dickinson ,  Christopher Carson Thomas ,  Rebecca Claire Weiss

IPC: H04L29/12 ,  H04L12/741 ,  H04L12/803 ,  H04L12/46

Abstract: A customer may request a service endpoint for a service in their virtual network on a provider network. In response, a service endpoint is generated in the customer's virtual network, a local IP address in the IP address range of the customer's virtual network is assigned to the service endpoint, and a DNS name is assigned to the service endpoint. Resources on the customer's virtual network resolve the DNS name of the service endpoint to obtain the local IP address of the service endpoint and send service requests for the service to the local IP address of the service endpoint. The service endpoint adds routing information to the service requests and sends the service requests over the network substrate to be routed to the service.