公开(公告)号：US20210173948A1

公开(公告)日：2021-06-10

申请号：US17177496

申请日：2021-02-17

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L29/06 ,  H04L9/32

Abstract: An encoding of a cryptographic key is obtained in a form of an encrypted key. Request is provided to a service provider including a fulfillment involving performing a cryptographic operation on data. Upon fulfillment of the request, a response is then received which indicates the fulfillment of the request.

公开(公告)号：US20210152632A1

公开(公告)日：2021-05-20

申请号：US17163242

申请日：2021-01-29

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L29/08 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  H04L29/12

Abstract: Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

公开(公告)号：US20210089239A1

公开(公告)日：2021-03-25

申请号：US16581619

申请日：2019-09-24

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Jason Brandwine

IPC: G06F3/06 ,  H04L29/08 ,  G06F9/455 ,  H05K7/14

Abstract: A peripheral device includes one or more processors and a memory storing program instructions that when executed implement virtualization offloading components of a virtualized computing service, including a storage manager. The offloading components establish network connectivity with a control plane of the service. Based on detecting that a hardware server, in a separate enclosure, has been linked to the peripheral device, the hardware server is presented as a virtualization host of the service. The offloading components initiate compute instance configuration operations at the server in response to commands issued to the control plane, including at least one configuration operation initiated by the storage manager to enable access to a logical storage device from a compute instance.

公开(公告)号：US20210073031A1

公开(公告)日：2021-03-11

申请号：US16951697

申请日：2020-11-18

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine

IPC: G06F9/50 ,  G06F8/65 ,  H04L29/08 ,  G06F8/71

Abstract: A customer having a deployment in a resource provider environment can request one or more changes to the deployment using one or more application programming interface (API) requests. Along with the one or more changes, the customer can specify one or more metrics or behaviors, or a function thereof, to be monitored for the deployment for at least a period of time after the change is implemented. The customer can also specify acceptable or unacceptable values or ranges for the metrics. If the value of a specified metric is determined during the monitoring to have an unacceptable value, the change can be automatically rolled back or undone. The roll back in some embodiments takes the form of a change in state to yet another state that will cause the deployment to operate similar to a state before the change was implemented.

公开(公告)号：US20200266976A1

公开(公告)日：2020-08-20

申请号：US16869423

申请日：2020-05-07

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Matthew James Wren ,  Eric Jason Brandwine ,  Brian Irl Pratt

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04L9/06 ,  H04L9/32

Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system.

公开(公告)号：US10721238B2

公开(公告)日：2020-07-21

申请号：US15924038

申请日：2018-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Eric Jason Brandwine ,  Nathan R. Fitch ,  Cristian M. Ilac ,  Eric D. Crahen

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/33 ,  H04L9/32

Abstract: A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.

公开(公告)号：US10685119B2

公开(公告)日：2020-06-16

申请号：US16195125

申请日：2018-11-19

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Matthew John Campagna ,  Gregory Alan Rubin

IPC: G06F21/56 ,  H04L29/06 ,  H04L9/32

Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The co-processor can execute malware detection software, and can use this software to analyze data and/or code obtained from the relevant resources of the host machine. The trusted co-processor can notify the customer or another appropriate entity of the results of the scan, such that an appropriate action can be taken if malware is detected. The results of the scan can be trusted, as malware will be unable to falsify such a notification or modify the operation of the trusted co-processor.

公开(公告)号：US10601909B2

公开(公告)日：2020-03-24

申请号：US15154818

申请日：2016-05-13

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: G06F15/173 ,  H04L29/08 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  H04L29/12

Abstract: Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

公开(公告)号：US10572315B1

公开(公告)日：2020-02-25

申请号：US15250125

申请日：2016-08-29

Applicant: Amazon Technologies, Inc.

Inventor： Andrew James Lusk ,  Eric Jason Brandwine

IPC: G06F9/54

Abstract: An API gateway hosts one or more APIs for use by client applications. The API gateway includes facilities for maintaining state information on behalf of a client application, a backend service, or an API. The state information may include cached information retrieved from backend services as well as cached results returned from the API to the customer applications. Cached results generated by the API may be shared across a number of customers or across a set of APIs managed by a single API gateway. Cached information associated with a backend service may be shared across a number of APIs that access the backend service. In some examples, session information associated with secure connections between an API gateway service and a backend service provider is maintained by the API gateway service and shared among APIs hosted by the API gateway service.

公开(公告)号：US10552442B1

公开(公告)日：2020-02-04

申请号：US15249972

申请日：2016-08-29

Applicant: Amazon Technologies, Inc.

Inventor： Andrew James Lusk ,  Eric Jason Brandwine

IPC: G06F17/30 ,  G06F16/25 ,  G06F21/60 ,  H04L29/06 ,  G06F9/54 ,  G06F9/445 ,  G06F16/28

Abstract: An application programming interface gateway service generates an application programming interface that, in various examples, allows client applications to access database functionality without maintaining active database connections, managing database credentials, or providing SQL code. The application programming interface maintains state information between invocations that allows for improved database performance. The state information may include SQL statements and subroutines, compiled SQL code, database credentials, active database connections, and connection pools. When invoked by a client application, the application programming interface may select an active database connection from a connection pool based at least in part on the activity history of each connection in the connection pool so that the expected cache performance of the database may be improved. Access to the application programming interface may be controlled via fine-grained access controls independent of the credentials used to access the database.