公开(公告)号：US10298577B1

公开(公告)日：2019-05-21

申请号：US15087913

申请日：2016-03-31

Applicant: Amazon Technologies, Inc.

Inventor： Anirudh Balachandra Aithal ,  Kiran Kumar Meduri ,  Samuel Benjamin Karp ,  Juan Rhenals

IPC: H04L29/06 ,  G06F9/455

Abstract: An application is comprised of a plurality of processes. A process is able to accesses a remote service using a service access credential which is adapted to the particular requirements of the process. By providing a process with customized credential, the process is constrained from performing unnecessary operations, and the overall security of the application is improved. When processes are deployed to a host computer, an agent on a host computer collects credential information and other metadata associated with the processes running on the host computer. The agent makes the metadata available to a credential provider running on the host, and the credential provider exposes an interface that is accessible to the processes. The processes include a credential proxy which communicates with the credential provider. The credential proxies relay credential requests to the credential provider, and return the provided credentials from the credential provider to the processes.