公开(公告)号：US10678582B2

公开(公告)日：2020-06-09

申请号：US16004050

申请日：2018-06-08

Applicant: Amazon Technologies, Inc.

Inventor： Deepak Singh ,  Anthony Joseph Suarez ,  William Andrew Thurston ,  Anirudh Balachandra Aithal ,  Daniel Robert Gerdesmeier ,  Euan Skyler Kemp ,  Kiran Kumar Meduri ,  Muhammad Umer Azad

IPC: G06F9/455 ,  G06F9/50

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

公开(公告)号：US09256467B1

公开(公告)日：2016-02-09

申请号：US14538663

申请日：2014-11-11

Applicant: Amazon Technologies, Inc.

Inventor： Deepak Singh ,  Anthony Joseph Suarez ,  William Andrew Thurston ,  Anirudh Balachandra Aithal ,  Daniel Robert Gerdesmeier ,  Euan Skyler Kemp ,  Kiran Kumar Meduri ,  Muhammad Umer Azad

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45533 ,  G06F9/5005 ,  G06F9/5055 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: A system and method for a container service that obtains a software image of a software container that has been configured to be executed within a computer system instance registered to a cluster by one or more processors. The container service is configured to receive a request to launch the software image in accordance with a task definition, wherein the task definition specifies an allocation of resources for the software container. The container service may then determine, according to a placement scheme, a subset of a set of container instances registered to the cluster in which to launch the software image in accordance with the task definition. Upon determining the subset of the set of container instances, the container service may launch the software image as one or more running software containers in the set of container instances in accordance with the task definition.

Abstract translation: 一种用于容器服务的系统和方法，其获得已被配置为在由一个或多个处理器注册到集群的计算机系统实例内执行的软件容器的软件映像。 容器服务被配置为接收根据任务定义启动软件映像的请求，其中任务定义指定软件容器的资源分配。 然后，容器服务可以根据放置方案来确定根据任务定义在其中发布软件映像的集群注册的一组容器实例的子集。 在确定容器实例集合的子集之后，容器服务可以根据任务定义将软件映像作为容器实例集中的一个或多个运行的软件容器启动。

公开(公告)号：US11314541B2

公开(公告)日：2022-04-26

申请号：US16894395

申请日：2020-06-05

Applicant: Amazon Technologies, Inc.

Inventor： Deepak Singh ,  Anthony Joseph Suarez ,  William Andrew Thurston ,  Anirudh Balachandra Aithal ,  Daniel Robert Gerdesmeier ,  Euan Skyler Kemp ,  Kiran Kumar Meduri ,  Muhammad Umer Azad

IPC: G06F9/455 ,  G06F9/50

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

公开(公告)号：US20200301726A1

公开(公告)日：2020-09-24

申请号：US16894395

申请日：2020-06-05

Applicant: Amazon Technologies, Inc.

Inventor： Deepak Singh ,  Anthony Joseph Suarez ,  William Andrew Thurston ,  Anirudh Balachandra Aithal ,  Daniel Robert Gerdesmeier ,  Euan Skyler Kemp ,  Kiran Kumar Meduri ,  Muhammad Umer Azad

IPC: G06F9/455 ,  G06F9/50

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

公开(公告)号：US10320813B1

公开(公告)日：2019-06-11

申请号：US14701455

申请日：2015-04-30

Applicant: Amazon Technologies, Inc.

Inventor： Khaja Ehteshamuddin Ahmed ,  Anthony Joseph Suarez ,  Dmitry Petrovich Andreychuk

IPC: H04L29/06 ,  G06N20/00

Abstract: A service provider may deploy a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes pluggable data collection, data analysis, and response components. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats, such as denial of service attacks, botnets, scans, or remote desktop attacks. A data collection layer may collect, filter, organize, and curate network packet traffic data, network packet header data, or other information emitted by computing instances or applications executing on them, and provide the curated data as streams to the analysis layer. A response layer may automatically take action in response to threat detections (which may be overridden by an administrator) and may store classification data for subsequent analysis, feedback, and predictor refinement.

公开(公告)号：US09535754B1

公开(公告)日：2017-01-03

申请号：US14615135

申请日：2015-02-05

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Joseph Suarez ,  Jason Roy Rupard ,  Eden Grail Adogla ,  Michael Francis Quigley

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/48

CPC classification number: G06F9/5011 ,  G06F9/4881 ,  G06F9/5027

Abstract: Dynamic provisioning of computing resources may be implemented to provision computing resources for a data center or other collection of computing resources. Computing resources for provisioning may be detected. A build manifest describing configuration operations to provision the computing resources to perform respective tasks may be identified. The build manifest may be evaluated to direct the computing resources to perform the configuration operations according to the build manifest. In some embodiments, the provisioning of the computing resources may be paused or undone according to the build manifest. Upon completion of the configuration operations, the computing resources may be made available to perform the respective tasks.

Abstract translation: 可以实现计算资源的动态配置以为数据中心或其他计算资源集合提供计算资源。 可以检测用于供应的计算资源。 可以识别描述配置操作以构建计算资源以执行相应任务的构建清单。 可以评估构建清单以指导计算资源根据构建清单执行配置操作。 在一些实施例中，计算资源的供应可以根据构建清单暂停或撤消。 在完成配置操作之后，可以使计算资源可用于执行相应的任务。

公开(公告)号：US11789723B2

公开(公告)日：2023-10-17

申请号：US17941613

申请日：2022-09-09

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Joseph Suarez ,  Scott Kerns Windsor ,  Nare Hayrapetyan ,  Daniel Robert Gerdesmeier ,  Pooja Kalpana Prakash

IPC: G06F21/00 ,  G06F8/71 ,  G06F9/455 ,  G06F21/53 ,  G06F8/61 ,  G06F21/62

CPC classification number: G06F8/71 ,  G06F8/63 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/6209 ,  G06F2009/4557 ,  G06F2221/033

Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.

公开(公告)号：US20220357972A1

公开(公告)日：2022-11-10

申请号：US17728830

申请日：2022-04-25

Applicant: Amazon Technologies, Inc.

Inventor： Deepak Singh ,  Anthony Joseph Suarez ,  William Andrew Thurston ,  Anirudh Balachandra Aithal ,  Daniel Robert Gerdesmeier ,  Euan Skyler Kemp ,  Kiran Kumar Meduri ,  Muhammad Umer Azad

IPC: G06F9/455 ,  G06F9/50

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

公开(公告)号：US20190235861A1

公开(公告)日：2019-08-01

申请号：US16383523

申请日：2019-04-12

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Joseph Suarez ,  Scott Kerns Windsor ,  Nare Hayrapetyan ,  Daniel Robert Gerdesmeier ,  Pooja Kalpana Prakash

IPC: G06F8/71 ,  G06F21/53 ,  G06F21/62 ,  G06F9/455 ,  G06F8/61

CPC classification number: G06F8/71 ,  G06F8/63 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/6209 ,  G06F2009/4557 ,  G06F2221/033

Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.

公开(公告)号：US10032032B2

公开(公告)日：2018-07-24

申请号：US14975637

申请日：2015-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Joseph Suarez ,  Scott Kerns Windsor ,  Nare Hayrapetyan ,  Daniel Robert Gerdesmeier ,  Pooja Kalpana Prakash

IPC: G06F21/00 ,  G06F21/57 ,  G06F17/30 ,  G06F21/60

Abstract: A request to a scan a software image for specified criteria is received, the software image comprising layers stored in a first data store. Metadata in a second data store, different from the first data store, is searched through to obtain information corresponding to the software image. A first set of the layers that matches the specified criteria is determined, based at least in part on the information. The first set of layers is marked as un-referenceable. Asynchronous to fulfillment of the request, a second set of layers of the layers to be deleted is determined, based at least in part on the metadata, the second set of layers including layers marked as un-referenceable, and the second set of layers is deleted.