公开(公告)号：US20230262111A1

公开(公告)日：2023-08-17

申请号：US18155654

申请日：2023-01-17

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Jason Brandwine

IPC: H04L67/10 ,  H04L67/141 ,  H04L12/46 ,  H04L61/50

CPC classification number: H04L67/10 ,  H04L67/141 ,  H04L12/4633 ,  H04L12/4641 ,  H04L61/50

Abstract: A peripheral device includes one or more processors and a memory storing program instructions that when executed implement an extension manager of a virtualized computing service. The extension manager establishes a secure network channel for communications between the peripheral device, which is located at a premise external to a provider network, and a data center of the provider network. The extension manager assigns a network address of the substrate network of the service to a hardware server at the external premise. The substrate address is also assigned to an extension traffic intermediary at the data center. In response to a command directed to the virtualized computing service, one or more compute instance configuration operations are performed at the hardware server.

公开(公告)号：US11620387B2

公开(公告)日：2023-04-04

申请号：US17321356

申请日：2021-05-14

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Eric Jason Brandwine ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs

IPC: G06F21/57 ,  H04L9/40 ,  H04L9/32 ,  H04L9/08 ,  G06F21/64 ,  H04L9/14 ,  H04L67/01

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

公开(公告)号：US11516080B2

公开(公告)日：2022-11-29

申请号：US17119944

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L41/0816 ,  H04L45/02 ,  H04L45/586 ,  H04L41/12

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

公开(公告)号：US11477076B2

公开(公告)日：2022-10-18

申请号：US17459955

申请日：2021-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Daniel T. Cohn ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: G06F15/177 ,  H04L41/0803 ,  G06F9/455 ,  H04L67/10 ,  H04L45/02 ,  H04L12/46 ,  H04L41/0806 ,  H04L41/12 ,  H04L45/00 ,  G06F9/50 ,  H04L61/10 ,  H04L41/0893 ,  H04L41/0213

Abstract: Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

公开(公告)号：US11245701B1

公开(公告)日：2022-02-08

申请号：US15993455

申请日：2018-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  John Cook

IPC: H04L29/06 ,  G06F9/54 ,  G06F9/455

Abstract: At an authorization manager, an indication is obtained that a request pre-processing tool has been designated as a validator for a category of requests directed to a network-accessible service. The authorization manager determines, based at least in part on a validation result set indicated in a request of the category, that the request pre-processing tool has verified that the request meets an authorization requirement. The authorization manager approves one or more operations indicated in the request.

公开(公告)号：US20210337016A1

公开(公告)日：2021-10-28

申请号：US17371772

申请日：2021-07-09

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Jason Brandwine

IPC: H04L29/08 ,  H04L29/12 ,  H04L12/46

Abstract: A peripheral device includes one or more processors and a memory storing program instructions that when executed implement an extension manager of a virtualized computing service. The extension manager establishes a secure network channel for communications between the peripheral device, which is located at a premise external to a provider network, and a data center of the provider network. The extension manager assigns a network address of the substrate network of the service to a hardware server at the external premise. The substrate address is also assigned to an extension traffic intermediary at the data center. In response to a command directed to the virtualized computing service, one or more compute instance configuration operations are performed at the hardware server.

公开(公告)号：US11146627B1

公开(公告)日：2021-10-12

申请号：US16512208

申请日：2019-07-15

Applicant: Amazon Technologies, Inc.

Inventor： Andrew B. Dickinson ,  Eric Jason Brandwine

IPC: H04L29/08 ,  H04L12/725

Abstract: Systems and methods utilize network destination identifiers, such as IP addresses, that are simultaneously advertised from multiple locations. The network destination identifiers may be announced in multiple geographic regions. Network traffic routed to devices advertising the network destination identifiers may be routed to appropriate endpoints. When a device receives such traffic, it may send the traffic to an endpoint in a network served by the device. In some instances, such as when such an endpoint is not available, the network traffic may be sent to another network that is served by another device that advertises the network destination identifiers.

公开(公告)号：US11102189B2

公开(公告)日：2021-08-24

申请号：US14316675

申请日：2014-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Ross O'Neill ,  Gregory B. Roth ,  Eric Jason Brandwine ,  Brian Irl Pratt ,  Bradley Jeffery Behm ,  Nathan R. Fitch

IPC: H04L29/06 ,  H04L9/32

Abstract: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

公开(公告)号：US11063819B2

公开(公告)日：2021-07-13

申请号：US16517446

申请日：2019-07-19

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/715 ,  H04L12/18 ,  H04L12/761 ,  H04L12/707

Abstract: Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling.

公开(公告)号：US10951586B2

公开(公告)日：2021-03-16

申请号：US15382403

申请日：2016-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Todd Cohn ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L12/46 ,  H04L29/06 ,  G06F9/30 ,  G06F9/38 ,  H04L12/24 ,  H04L29/12 ,  G06F9/455

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to automatically include access control information to limit access to particular resources to computing nodes at the location of that provided computer network.