公开(公告)号：US20210044590A1

公开(公告)日：2021-02-11

申请号：US16941121

申请日：2020-07-28

Applicant: Amazon Technologies, Inc.

Inventor： David Walker ,  Bertram Dorn

IPC: H04L29/06 ,  G06F21/62

Abstract: Approaches provide for mandatory access controls and account identification masking controls in an electronic environment. For example, a customer can configure a client device to access an API gateway which acts as a proxy for a resource in a resource provider environment. Requests for resources or services can be redirected to the API gateway. A registered function may be triggered when the request is received and may filter the request. After filtering, the request can be forwarded on to the actual API endpoint to access the requested resource. From the client's perspective, the resource is being accessed directly, and from the resource's perspective, it is being accessed by the proxy. This layer of indirection enables data to be protected preemptively, rather than waiting for an undesirable condition to exist and then reactively attending to the issue. Additionally, log data may be redacted and/or masked automatically as it is created, protecting sensitive data before it is accessible to administrators or other users.

公开(公告)号：US10771468B1

公开(公告)日：2020-09-08

申请号：US15384044

申请日：2016-12-19

Applicant: Amazon Technologies, Inc.

Inventor： David Walker ,  Bertram Dorn

IPC: H04L29/06 ,  G06F21/62

Abstract: Approaches provide for mandatory access controls and account identification masking controls in an electronic environment. For example, a customer can configure a client device to access an API gateway which acts as a proxy for a resource in a resource provider environment. Requests for resources or services can be redirected to the API gateway. A registered function may be triggered when the request is received and may filter the request. After filtering, the request can be forwarded on to the actual API endpoint to access the requested resource. From the client's perspective, the resource is being accessed directly, and from the resource's perspective, it is being accessed by the proxy. This layer of indirection enables data to be protected preemptively, rather than waiting for an undesirable condition to exist and then reactively attending to the issue. Additionally, log data may be redacted and/or masked automatically as it is created, protecting sensitive data before it is accessible to administrators or other users.