公开(公告)号：US11914696B1

公开(公告)日：2024-02-27

申请号：US17039864

申请日：2020-09-30

申请人： Amazon Technologies, Inc.

发明人： Dean H Saxe ,  Conor P Cahill ,  Dennis Tighe ,  Jonathan Robert Hurd ,  Brian Mead Tyler ,  Cristian Marius Ilac ,  Mark Ryland

IPC分类号： G06F21/40 ,  G06F21/62 ,  G06F9/48

CPC分类号： G06F21/40 ,  G06F9/4843 ,  G06F21/62 ,  G06F2221/2137 ,  G06F2221/2141

摘要： Quorum-based access control management may be implemented. Quorum controls may be created for determining whether to perform or deny access control operations to perform privileged tasks. When an access control operation is received, approval of the operation may be requested from members for the quorum control. If a policy for the quorum control is satisfied by approval responses, then approval to perform the access control operation may be provided.

公开(公告)号：US11947657B2

公开(公告)日：2024-04-02

申请号：US17108854

申请日：2020-12-01

申请人： Amazon Technologies, Inc.

发明人： Rachit Jain ,  Douglas Spencer Hewitt ,  Conor P Cahill ,  Ogbeide Derrick Oigiagbe

IPC分类号： G06F21/45 ,  H04L9/40

CPC分类号： G06F21/45 ,  H04L63/0884 ,  H04L63/102 ,  H04L63/20

摘要： An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

公开(公告)号：US11831773B1

公开(公告)日：2023-11-28

申请号：US16915950

申请日：2020-06-29

申请人： Amazon Technologies, Inc.

发明人： Uma Ganesh Sadras Sudhakar ,  Chase Kernan ,  Divyank Duvedi ,  Mohammed Noman Mulla ,  Conor P Cahill

IPC分类号： H04L29/08 ,  H04L9/32 ,  G06F11/14 ,  H04L9/40 ,  G06F9/54 ,  H04L9/08 ,  G06F21/62

CPC分类号： H04L9/3213 ,  G06F9/547 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L63/0853 ,  H04L63/10 ,  G06F2201/80

摘要： A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.