公开(公告)号：US10824476B1

公开(公告)日：2020-11-03

申请号：US15628108

申请日：2017-06-20

Applicant: Amazon Technologies, Inc.

Inventor： Shihua Zhang ,  Patrick McFalls ,  Amjad Hussain ,  Sivaprasad Venkata Padisetty

IPC: G06F9/50 ,  H04L29/06

Abstract: Techniques for operating a multi-homed computing instance process are described herein. First credentials associated with a first attribute of a first account may be obtained. A process executing on a computing instance may communicate with the first account over a first communication channel based at least in part on the first credentials. Instructions may be received for the process to communicate with both the first account and a second account. Second credentials associated with a second attribute of the second account may be obtained. The second credentials may be obtained based, at least in part, on the first attribute acquiring the second attribute. The process may communicate with the second account over a second communication channel based at least in part on the second credentials. Additionally, the process may communicate with multiple different representations of a particular account, such as different representations that are hosted in different respective regions.

公开(公告)号：US10771337B1

公开(公告)日：2020-09-08

申请号：US15989836

申请日：2018-05-25

Applicant: Amazon Technologies, Inc.

Inventor： Munindra N. Das ,  Patrick McFalls ,  Amjad Hussain ,  Anantharam Vaidyanathan

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/911 ,  H04L29/06 ,  G06F9/455

Abstract: This disclosure describes techniques for defining a set of permissions, or privileges, for users who manage resources of a network-based service provisioned in a network-based service platform managed by a service provider. The techniques may include mapping cloud identities of the users to operating system (OS) user groups defined local to the resources that specify the set of permissions for user group members. Systems-manager agents that execute locally on the resources may determine to which OS user group the user belongs based on their cloud identity, and launch shells that are restricted by the set of permissions. Using these shells, a network-based service platform may allow users to remotely manage resources of the network-based service in various ways, such as through batch run commands and/or remote user sessions, while ensuring that the users are unable to execute commands on the resources that are outside the set of permissions.

公开(公告)号：US10599483B1

公开(公告)日：2020-03-24

申请号：US15446927

申请日：2017-03-01

Applicant: Amazon Technologies, Inc.

Inventor： Sivaprasad Venkata Padisetty ,  Matthew Adam Ford ,  Patrick McFalls ,  Amjad Hussain

IPC: G06F9/48 ,  G06F9/50 ,  G06F9/54

Abstract: Methods, systems, and computer-readable media for decentralized task execution that bypasses a task execution service are disclosed. A connection is established over one or more communication channels between a task execution interface and agent software of a compute instance. The agent software is executable to receive task execution documents from a task execution service and initiate local task execution based (at least in part) on the task execution documents. A task execution document is sent from the task execution interface to the agent software over the one or more channels. In sending the task execution document from the task execution interface to the compute instance, the task execution service is bypassed. Execution of one or more tasks is initiated on the compute instance by the agent software based (at least in part) on the task execution document.

公开(公告)号：US10467003B1

公开(公告)日：2019-11-05

申请号：US15793463

申请日：2017-10-25

Applicant: Amazon Technologies, Inc.

Inventor： Melonia Mendonca ,  Patrick McFalls ,  Sivaprasad Venkata Padisetty ,  Amjad Hussain ,  Ananth Vaidyanathan

IPC: G06F8/71 ,  G06F8/73 ,  G06F8/60 ,  G06F8/10

Abstract: A processing device executes a first script, wherein the first script comprises one or more actions to be performed. The processing device determines that the first script comprises a reference to a second script stored in a remote data store. The processing device retrieves the second script over a network from the remote data store and executes the second script. The first script and the second script may be stand-alone scripts or scripts encapsulated within documents.

公开(公告)号：US11290336B1

公开(公告)日：2022-03-29

申请号：US16989583

申请日：2020-08-10

Applicant: Amazon Technologies, Inc.

Inventor： Munindra N. Das ,  Patrick McFalls ,  Amjad Hussain ,  Anantharam Vaidyanathan

IPC: H04L41/0893 ,  H04L41/50 ,  H04L29/06 ,  G06F9/455 ,  H04L47/70

Abstract: This disclosure describes techniques for defining a set of permissions, or privileges, for users who manage resources of a network-based service provisioned in a network-based service platform managed by a service provider. The techniques may include mapping cloud identities of the users to operating system (OS) user groups defined local to the resources that specify the set of permissions for user group members. Systems-manager agents that execute locally on the resources may determine to which OS user group the user belongs based on their cloud identity, and launch shells that are restricted by the set of permissions. Using these shells, a network-based service platform may allow users to remotely manage resources of the network-based service in various ways, such as through batch run commands and/or remote user sessions, while ensuring that the users are unable to execute commands on the resources that are outside the set of permissions.

公开(公告)号：US10684840B1

公开(公告)日：2020-06-16

申请号：US15449208

申请日：2017-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Patrick McFalls ,  Matthew Adam Ford ,  Sivaprasad Venkata Padisetty

IPC: G06F8/61 ,  G06F9/455 ,  H04L29/08

Abstract: Software packages may be installed, uninstalled and/or updated across a group of computing instances by way of a single issuance of a user request. The request may include information such as a software package name, a software package version, an action (e.g., install or uninstall), and one or more operating constraints for the software package. For an installation request, an agent on a given computing instance may process the request by accessing a manifest that indicates various computing instance characteristics (e.g., operating system types, architecture types, etc.) and various respective available versions of the software package. The agent may then select, based on characteristics of the computing instance, a package type for the computing instance. An installation request may also allow operating constraints (e.g. regarding usage of processing, memory, I/O and other resources) to be set and enforced for the software package.

公开(公告)号：US10466991B1

公开(公告)日：2019-11-05

申请号：US15449065

申请日：2017-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Patrick McFalls ,  Matthew Adam Ford ,  Sivaprasad Venkata Padisetty

IPC: G06F8/61 ,  G06F8/65 ,  G06F9/455 ,  G06F9/445

Abstract: Software packages may be installed, uninstalled and/or updated across a group of computing instances by way of a single issuance of a user request. The request may include information such as a software package name, a software package version, an action (e.g., install or uninstall), and one or more operating constraints for the software package. For an installation request, an agent on a given computing instance may process the request by accessing a manifest that indicates various computing instance characteristics (e.g., operating system types, architecture types, etc.) and various respective available versions of the software package. The agent may then select, based on characteristics of the computing instance, a package type for the computing instance. An installation request may also allow operating constraints (e.g. regarding usage of processing, memory, I/O and other resources) to be set and enforced for the software package.