公开(公告)号：US20220182297A1

公开(公告)日：2022-06-09

申请号：US17504138

申请日：2021-10-18

Applicant: Amazon Technologies, Inc.

Inventor： Varun Verma ,  Daniel Rabinovich ,  Shobha Agrawal ,  Josephine Reiko Gibney ,  Rucha Nene

IPC: H04L41/5054 ,  H04L67/62 ,  H04L41/0893

Abstract: Policies can be applied to, and enforced for, specific resources by applying a corresponding tag to those resources. An entity, such as a customer of a resource provider, can generate one or more policies to be applied to a set of resources, where those policies can relate to data retention, backup, lifecycle events, and other such aspects. Each policy can be associated with a particular tag, which may comprise a key-value pair to be applied to various resources. A policy enforcement manager can determine the tagged resources and ensure that the relevant policies are applied. The policies can include logic or intelligence for performing a variety of tasks with respect to resources, groups of resources, or types of resources, as identified using the tags.

公开(公告)号：US11153182B2

公开(公告)日：2021-10-19

申请号：US16933172

申请日：2020-07-20

Applicant: Amazon Technologies, Inc.

Inventor： Varun Verma ,  Daniel Rabinovich ,  Shobha Agrawal ,  Josephine Reiko Gibney ,  Rucha Nene

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/08

Abstract: Policies can be applied to, and enforced for, specific resources by applying a corresponding tag to those resources. An entity, such as a customer of a resource provider, can generate one or more policies to be applied to a set of resources, where those policies can relate to data retention, backup, lifecycle events, and other such aspects. Each policy can be associated with a particular tag, which may comprise a key-value pair to be applied to various resources. A policy enforcement manager can determine the tagged resources and ensure that the relevant policies are applied. The policies can include logic or intelligence for performing a variety of tasks with respect to resources, groups of resources, or types of resources, as identified using the tags.

公开(公告)号：US10740156B1

公开(公告)日：2020-08-11

申请号：US15902930

申请日：2018-02-22

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Stephen James Oglesby ,  Varun Verma

IPC: G06F15/173 ,  G06F9/50 ,  G06F11/07

Abstract: A router receives a request to access a resource. In response to the request, the router identifies routing metadata comprising first metadata specifying a first location of the resource and a first merit value and second metadata specifying a second location of the resource and a second merit value. The router determines, based at least in part on the first merit value of the first metadata and the second merit value of the second metadata, an authoritative state of the resource associated with the first location or the second location. Based at least in part on the determination, the router identifies a preferred location for a new resource. In the event of a rollback, merit values are assigned to cause a reversal of the preferred path for the creation of new resources.

公开(公告)号：US10728025B2

公开(公告)日：2020-07-28

申请号：US15952743

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Danny Wei ,  Lalit Jain ,  Varun Verma ,  Oscar Allen Grim Courchaine ,  Kristina Kraemer Brenneman ,  Sriram Venugopal ,  Arvind Chandrasekar

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/14

Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

公开(公告)号：US20180336059A1

公开(公告)日：2018-11-22

申请号：US16049508

申请日：2018-07-30

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Salman Aftab Paracha ,  Varun Verma

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5061 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F2209/5011

Abstract: Methods, systems, and computer-readable media for management of virtual desktop instance pools are disclosed. A plurality of virtual desktop instances are provisioned in a pool for a client organization. The number of virtual desktop instances does not exceed a number of virtual desktop slots for the client organization. To a first client device associated with a first user, access is provided to a particular virtual desktop instance based (at least in part) on a determination that a current number of connected virtual desktop instances is less than the number. To a second client device associated with a second user, access is denied to the plurality of virtual desktop instances based (at least in part) on a determination that a current number of connected virtual desktop instances meets the number.

公开(公告)号：US10037221B2

公开(公告)日：2018-07-31

申请号：US14981587

申请日：2015-12-28

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Salman Aftab Paracha ,  Varun Verma

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5061 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F2209/5011

Abstract: Methods, systems, and computer-readable media for management of virtual desktop instance pools are disclosed. A plurality of virtual desktop instances are provisioned in a pool for a client organization. The number of virtual desktop instances does not exceed a number of virtual desktop slots for the client organization. To a first client device associated with a first user, access is provided to a particular virtual desktop instance based (at least in part) on a determination that a current number of connected virtual desktop instances is less than the number. To a second client device associated with a second user, access is denied to the plurality of virtual desktop instances based (at least in part) on a determination that a current number of connected virtual desktop instances meets the number.