公开(公告)号：US12174854B2

公开(公告)日：2024-12-24

申请号：US17508831

申请日：2021-10-22

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Matthew Berry ,  Slavka Praus ,  Chris Baker ,  Marvin Michael Theimer ,  Anders Samuelsson ,  Khaled Salah Sedky

IPC: G06F16/27 ,  G06F16/18 ,  G06F16/23 ,  G06F16/28 ,  G06F16/901

Abstract: A distributed data store may maintain versioned hierarchical data structures. Different versions of a hierarchical data structure may be maintained consistent with a transaction log for the hierarchical data structure. When access requests directed to the hierarchical data structure are received, a version of the hierarchical data structure may be identified for processing an access request. For access requests with snapshot isolation, the identified version alone may be sufficient to consistently process the access request. For access requests with higher isolation requirements, such as serializable isolation, transactions based on the access request may be submitted to the transaction log so that access requests resulting in committed transactions may be allowed, whereas access requests resulting in conflicting transactions may be denied.

公开(公告)号：US20220058274A1

公开(公告)日：2022-02-24

申请号：US17227021

申请日：2021-04-09

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F21/60 ,  H04L29/06 ,  G06Q20/14

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

公开(公告)号：US20200097489A1

公开(公告)日：2020-03-26

申请号：US16692073

申请日：2019-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  Marvin Michael Theimer ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F16/28 ,  G06F9/50 ,  G06F16/23

Abstract: Resource data objects describing resources in a system may be maintained in multiple different hierarchies for applying policies to manage the resources. Lookup requests may access the different hierarchies to determine which policies are applicable to a given resource based on the policies identified in each of the hierarchies. Modifications to hierarchies may be performed in isolation so that the application of policies in other hierarchies is unchanged by modifications to a different hierarchy. Access restrictions may be enforced with respect to hierarchies so that different users may be permitted access to different hierarchies for system resource management.

公开(公告)号：US20180091583A1

公开(公告)日：2018-03-29

申请号：US15276711

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  MARVIN MICHAEL THEIMER ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: H04L29/08 ,  H04L12/24

CPC classification number: H04L41/5003 ,  H04L41/0813 ,  H04L41/28 ,  H04L63/20 ,  H04L67/1097 ,  H04L67/30

Abstract: Multi-party updates may be performed for distributed systems. An agreement request may be received that proposes updates to a distributed system. An authorization scheme for the agreement request may be determined and approvers for the proposed updates identified according to the authorization scheme. Notifications may be provided to the approvers indicating the proposed updates to the distributed system. Responses from the approvers may be evaluated to determine whether the authorization scheme is satisfied for the proposed updates. If the authorizations scheme is satisfied, then the proposed updates may be performed to the distributed system.

公开(公告)号：US10545950B2

公开(公告)日：2020-01-28

申请号：US15276714

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  Marvin Michael Theimer ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F16/23 ,  G06F16/21 ,  G06F16/28

Abstract: Multiple edits to a hierarchical data structure may be atomically applied. A request to perform modifications with respect to a portion or the entire hierarchical data structure may be received. A copy of the requested portion of the hierarchical data structure may be created separate from the hierarchical data structure. The portion of the hierarchical data structure may remain available for read access. Modifications may be applied to the copy of the portion of the hierarchical data structure. In response to a request to commit the modifications to the portion of the hierarchical data structure, the copy of the portion of the hierarchical data structure may atomically replace the portion of the hierarchical data structure.

公开(公告)号：US20190034642A1

公开(公告)日：2019-01-31

申请号：US16147033

申请日：2018-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F21/60 ,  G06Q20/14 ,  H04L29/06

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

公开(公告)号：US11675774B2

公开(公告)日：2023-06-13

申请号：US15275219

申请日：2016-09-23

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  Marvin Michael Theimer ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F16/23 ,  G06F16/28 ,  H04L41/0894 ,  H04L67/1095

CPC classification number: G06F16/2365 ,  G06F16/282 ,  H04L41/0894 ,  H04L67/1095

Abstract: Distributed system resources may be managed by applying user created policies to the resources. To ensure that valid policies are applied, remote validation for the policies may be implemented. A validation event for a policy may be detected. A remote validation agent may be identified for the policy and a validation request sent to the remote validation agent that includes information for validating the policy. The remote validation agent may return a validation result for the policy. If valid, a policy action that triggered the remote validation event for the policy may be allowed. If invalid, the policy action that triggered the remote validation event for the policy may be denied.

公开(公告)号：US11425126B1

公开(公告)日：2022-08-23

申请号：US14870585

申请日：2015-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Per Mikael Horal ,  Bradford Taylor Lyman ,  Luke Edward Kennedy ,  Ritwick Dhar ,  Anders Samuelsson

IPC: H04L9/00 ,  H04L9/40

Abstract: A policy management service receives a request to associate a version of a computing resource policy as a default version of the policy. In response to the request, the service identifies, from a policy database, an entry for the default version of the policy. The service updates the entry in order to associate the version specified in the request as the default version of the policy. This results in the version of the policy becoming applicable to control access to the computing resources associated with principals associated with the default version of the policy.

公开(公告)号：US11308126B2

公开(公告)日：2022-04-19

申请号：US16692073

申请日：2019-11-22

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  Marvin Michael Theimer ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F16/00 ,  G06F16/28 ,  G06F9/50 ,  G06F16/23 ,  G06F9/54

Abstract: Resource data objects describing resources in a system may be maintained in multiple different hierarchies for applying policies to manage the resources. Lookup requests may access the different hierarchies to determine which policies are applicable to a given resource based on the policies identified in each of the hierarchies. Modifications to hierarchies may be performed in isolation so that the application of policies in other hierarchies is unchanged by modifications to a different hierarchy. Access restrictions may be enforced with respect to hierarchies so that different users may be permitted access to different hierarchies for system resource management.

公开(公告)号：US10454786B2

公开(公告)日：2019-10-22

申请号：US15276711

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  Marvin Michael Theimer ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06

Abstract: Multi-party updates may be performed for distributed systems. An agreement request may be received that proposes updates to a distributed system. An authorization scheme for the agreement request may be determined and approvers for the proposed updates identified according to the authorization scheme. Notifications may be provided to the approvers indicating the proposed updates to the distributed system. Responses from the approvers may be evaluated to determine whether the authorization scheme is satisfied for the proposed updates. If the authorizations scheme is satisfied, then the proposed updates may be performed to the distributed system.