公开(公告)号：US12015603B2

公开(公告)日：2024-06-18

申请号：US17643784

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Mikhail Danilov ,  Deepthi Chelupati ,  David Nasi ,  Dylan Owen Marriner ,  Suganya Rajendran ,  Sean Tyler Myers

IPC: H04L29/06 ,  G06F9/50 ,  H04L9/40

CPC classification number: H04L63/083 ,  G06F9/5077 ,  H04L63/20

Abstract: Systems and methods are described for a multi-tenant mode of a serverless code execution system. For instance, a method may include maintaining a set of execution environments, wherein each execution environment is associated with a serverless function, wherein the serverless function is associated with a software as a service (SaaS) provider that is a tenant of a cloud services provider, wherein the SaaS provider provides services to sub-tenants, wherein the set of execution environments are partitioned based on sub-tenants of the SaaS provider; receiving a call to execute a serverless function, wherein the call includes a serverless function identifier and a sub-tenant identifier; identifying a sub-tenant-specific execution environment of the set of execution environments that is associated with the sub-tenant; and in response to identifying the tenant-specific execution environment, invoking the serverless function on the sub-tenant-specific execution environment.

公开(公告)号：US11836516B2

公开(公告)日：2023-12-05

申请号：US17445699

申请日：2021-08-23

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Mikhail Danilov ,  Douglas Stewart Laurence ,  Anthony Nicholas Liguori

IPC: G06F9/455 ,  G06F11/14

CPC classification number: G06F9/45558 ,  G06F11/1451 ,  G06F2009/45562 ,  G06F2009/45575 ,  G06F2201/84

Abstract: Systems and methods are described for reducing latency to service requests to execute code on an on-demand code execution system by maintaining snapshots of virtual machine instances in a ready state to execute such code. A user may submit code to the on-demand code execution system, which code depends on other software, such as an operating system or runtime. The on-demand code execution system can generate a virtual machine instance provisioned with the other software, and initialize the instance into a state at which it is ready to execute the code. The on-demand code execution system can then generate a snapshot of the state of the instance, and halt the instance. When a request to execute the code is received, the snapshot can be used to quickly restore the instance. The code can then be executed within the instance, reducing the need to initialize the instance or maintain the instance in an executing state.

公开(公告)号：US20230188516A1

公开(公告)日：2023-06-15

申请号：US17643784

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Mikhail Danilov ,  Deepthi Chelupati ,  David Nasi ,  Dylan Owen Marriner ,  Suganya Rajendran ,  Sean Tyler Myers

IPC: H04L9/40 ,  G06F9/50

CPC classification number: H04L63/083 ,  G06F9/5077 ,  H04L63/20

Abstract: Systems and methods are described for a multi-tenant mode of a serverless code execution system. For instance, a method may include maintaining a set of execution environments, wherein each execution environment is associated with a serverless function, wherein the serverless function is associated with a software as a service (SaaS) provider that is a tenant of a cloud services provider, wherein the SaaS provider provides services to sub-tenants, wherein the set of execution environments are partitioned based on sub-tenants of the SaaS provider; receiving a call to execute a serverless function, wherein the call includes a serverless function identifier and a sub-tenant identifier; identifying a sub-tenant-specific execution environment of the set of execution environments that is associated with the sub-tenant; and in response to identifying the tenant-specific execution environment, invoking the serverless function on the sub-tenant-specific execution environment.

公开(公告)号：US11604669B2

公开(公告)日：2023-03-14

申请号：US16782873

申请日：2020-02-05

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Mikhail Danilov ,  Osman Surkatty ,  Tao Chen

IPC: G06F9/455 ,  G06F12/0882 ,  G06F12/0891

Abstract: Systems and methods are provided for efficiently configuring an execution environment for an on-demand code execution system to handle a single request (or session) for a single user. Once the session or request is complete, the execution environment is reset, such as by having the hardware processor state, memory, and storage reset. In particular, prior to the execution of code, state of the execution environment of the host computing device is retrieved, such as hardware processor(s), memory, and/or storage state. Moreover, during execution of the code instructions, intermediate state can be gathered. Following the execution of the code, the execution environment is reset based on the saved state related to the hardware processor(s), memory, and/or storage. A subsequent code execution securely occurs in the execution environment and the execution environment is reset again, and so forth.

公开(公告)号：US11546324B1

公开(公告)日：2023-01-03

申请号：US16782774

申请日：2020-02-05

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Osman Surkatty ,  Mikhail Danilov

IPC: H04L9/40 ,  G06F16/23 ,  G06F16/24

Abstract: Systems and methods are provided for scoped credentials within secure execution environments executing within virtual machines instances in an on-demand code execution system. In the on-demand code execution system, the execution environments are reset after every request or session. By resetting the single execution environment after each request or session, security issues are addressed, such as side-channel attacks and persistent malware. Additionally, the use of scoped credentials improves security by limiting the access rights for each code execution request or session to the smallest atomic level for the request or session. Following the request or session, the scoped credential is invalidated.

公开(公告)号：US10884722B2

公开(公告)日：2021-01-05

申请号：US16872033

申请日：2020-05-11

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Mikhail Danilov ,  Tobias Holgers

IPC: G06F9/44 ,  G06F8/41 ,  G06F11/36 ,  G06F11/34 ,  G06F9/455

Abstract: Systems and methods are described for enabling cross-environment application of tracing information for code, such as code executed within an on-demand (or “serverless”) code execution system. Various optimizations exist that allow execution of code to proceed faster or more efficiently over time, by collecting tracing information regarding the execution and using that tracing information to guide compilation of the code. These optimizations are typically designed for long-lived environments. However, executions within an on-demand code execution system often occur in short-lived environments, reducing or eliminating any gains from these optimizations. To address this issue, optimizations made in a first environment based on tracing information can be passed to a subsequent environment, enabling those optimizations to persist across short-lived environments.

公开(公告)号：US10649749B1

公开(公告)日：2020-05-12

申请号：US16019384

申请日：2018-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Mikhail Danilov ,  Tobias Holgers

IPC: G06F9/44 ,  G06F8/41 ,  G06F11/36 ,  G06F9/455 ,  G06F11/34

Abstract: Systems and methods are described for enabling cross-environment application of tracing information for code, such as code executed within an on-demand (or “serverless”) code execution system. Various optimizations exist that allow execution of code to proceed faster or more efficiently over time, by collecting tracing information regarding the execution and using that tracing information to guide compilation of the code. These optimizations are typically designed for long-lived environments. However, executions within an on-demand code execution system often occur in short-lived environments, reducing or eliminating any gains from these optimizations. To address this issue, tracing information can be maintained across multiple environments on the system, allowing subsequent executions to be optimized based on tracing information of prior executions in other environments.

公开(公告)号：US11900152B1

公开(公告)日：2024-02-13

申请号：US17218015

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  David Nasi ,  Trishika Pattabiraman ,  Holly Mesrobian ,  Mikhail Danilov ,  Peter Barry ,  Peter Martin McDonnell

IPC: G06F3/00 ,  G06F9/48 ,  G06F8/71 ,  G06F11/34 ,  G06F16/18 ,  G06F11/30 ,  G06F8/65

CPC classification number: G06F9/4843 ,  G06F8/65 ,  G06F8/71 ,  G06F11/3034 ,  G06F11/3409 ,  G06F16/1873

Abstract: Systems and methods are described for providing updating of disk images supporting serverless code execution and controlled deployment of updated disk images. A disk image can be defined as a set of layers that represent a file system include code of a serverless function and other data used by the code. A function owner can designate one layer as containing software or other data subject to update. When a new version of the layer is obtained at a serverless compute system, the system can generate a new disk image containing the updated layer. The system can then gradually transition the function to the new disk image, by dividing calls to the function among two versions of the function—one using the prior disk image, and one using the new disk image. Performance data gained from the new version of the function can be used to control the gradual transition.

公开(公告)号：US20220103339A1

公开(公告)日：2022-03-31

申请号：US17037427

申请日：2020-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  Osman Surkatty ,  Derek Manwaring ,  Mikhail Danilov ,  Peter Martin McDonnell ,  Stefan Schneider

IPC: H04L9/06 ,  H04L9/08

Abstract: Systems and methods are described for providing storage of encrypted data sets, deduplication of such data sets, and control of the redundancy of those data sets. A form of modified convergent encryption can be employed, whereby an encryption key for a data set is selected based on a combination of the plaintext of the data set and a salt value, with the salt value being selected from a number of permutations corresponding to a desired redundancy of the data set in a storage system. Accordingly, a given data set can result in a number of ciphertexts equal to the desired redundancy, and deduplication can occur by removing duplicative instances of individual ciphertexts. Salt values can be selected according to a variety of criteria, including user-based, time-based, and location-based criteria.

公开(公告)号：US11099870B1

公开(公告)日：2021-08-24

申请号：US16045593

申请日：2018-07-25

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Mikhail Danilov ,  Douglas Stewart Laurence ,  Anthony Nicholas Liguori

IPC: G06F9/455 ,  G06F11/14

Abstract: Systems and methods are described for reducing latency to service requests to execute code on an on-demand code execution system by maintaining snapshots of virtual machine instances in a ready state to execute such code. A user may submit code to the on-demand code execution system, which code depends on other software, such as an operating system or runtime. The on-demand code execution system can generate a virtual machine instance provisioned with the other software, and initialize the instance into a state at which it is ready to execute the code. The on-demand code execution system can then generate a snapshot of the state of the instance, and halt the instance. When a request to execute the code is received, the snapshot can be used to quickly restore the instance. The code can then be executed within the instance, reducing the need to initialize the instance or maintain the instance in an executing state.