公开(公告)号：US11483317B1

公开(公告)日：2022-10-25

申请号：US16206859

申请日：2018-11-30

Applicant: Amazon Technologies, Inc.

Inventor： Pauline Virginie Bolignano ,  John Byron Cook ,  Andrew Jude Gacek ,  Kasper Luckow ,  Neha Rungta ,  Cole Schlesinger ,  Ian Sweet ,  Carsten Varming

IPC: H04L9/40 ,  G06F16/901 ,  G06F9/54

Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.