公开(公告)号：US10541871B1

公开(公告)日：2020-01-21

申请号：US14657095

申请日：2015-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Prashant Prahlad ,  Rajesh Viswanathan ,  Adam Daniel Everett Wright ,  Benjamin John Ullom ,  Tanya Bansal ,  Veeraraghavan Vijayaraj ,  William Trotter Shelton

IPC: H04L12/24 ,  H04L12/26

Abstract: Configurations of computing resources established in a network-based computing service can be tested to assess impacts of proposed changes to the configuration states of the computing resources or to policies governing the configurations of such computing resources. Test environments can be established to simulate an operational computing environment under study. Changes to the configuration of one or more computing resources can be introduced to the test environment, and impacts to the test environment can be assessed. Changes to configuration policy can also be introduced and subsequent impacts can be observed.

公开(公告)号：US10057184B1

公开(公告)日：2018-08-21

申请号：US14657033

申请日：2015-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Prashant Prahlad ,  Rajesh Viswanathan ,  Adam Daniel Everett Wright ,  Benjamin John Ullom ,  Tanya Bansal ,  Veeraraghavan Vijayaraj ,  William Trotter Shelton

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/923 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04L41/0859 ,  H04L41/0853 ,  H04L41/0869 ,  H04L43/0811 ,  H04L47/762

Abstract: Configurations of computing resources established on a web-based computing service can be monitored, managed and controlled. According to an embodiment, a configuration compliance service is implemented. Policy rules governing attributes of configuration states for computing resources in a subscriber's account are defined. The computing resources in the account are monitored for changes to configuration states. In response to detection of a change to a configuration state that violates a rule, a predefined action is taken. The predefined action can include sending a notification to the subscriber's account, reconfiguring the configuration state of the computing resource, and deactivating the computing resource.

公开(公告)号：US11017107B2

公开(公告)日：2021-05-25

申请号：US15913741

申请日：2018-03-06

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Pauline Virginie Bolignano ,  Catherine Dodge ,  Carsten Varming ,  John Cook ,  Rajesh Viswanathan ,  Daryl Stephen Cooke ,  Santosh Kalyankrishnan

IPC: G06F21/44 ,  H04L29/06 ,  G06F21/62 ,  G06F9/455 ,  G06F9/445 ,  G06F9/50 ,  G06F9/48

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.

公开(公告)号：US11425140B1

公开(公告)日：2022-08-23

申请号：US15608658

申请日：2017-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Tanya Bansal ,  Veeraraghavan Vijayaraj ,  Ravikanth Repaka ,  William Frederick Hingle Kruse ,  Rodolfo Flores Hinojosa ,  Rajesh Viswanathan

IPC: H04L9/40 ,  H04L67/51 ,  H04L41/0803 ,  G06F21/62

Abstract: A configuration management service provides data identifying its subscribers to a secure sharing service that executes in an account that has a higher security level than a service account used to provide the configuration management service. The secure sharing service securely determines whether each subscriber has authorized producer services to share resource configuration data with the configuration management service. If a subscriber has authorized such sharing, information identifying the subscriber can be stored in a location accessible to the producer services. If a subscriber has not authorized such sharing, the secure sharing service will not make the subscriber's information available to the producer services. The producer services can use the subscriber data to provide resource configuration data to the configuration management service only for those subscribers that subscribe to both the configuration management service and to the producer services.

公开(公告)号：US10257040B1

公开(公告)日：2019-04-09

申请号：US14657130

申请日：2015-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Prashant Prahlad ,  Rajesh Viswanathan ,  Adam Daniel Everett Wright ,  Benjamin John Ullom ,  Tanya Bansal ,  Veeraraghavan Vijayaraj ,  William Trotter Shelton

IPC: H04L12/24

Abstract: A configuration history service for web-based computing resources is implemented by capturing and storing a historical record of each configuration state for each computing resource in a subscriber's account. Files of the configuration history store information about a computing resource type offered by the web service. The file comprises records for each particular resource of that type that is or was actively configured in the subscriber's account during the period that the configuration history service is active in the account. Each record lists a particular configuration state, at a particular point in time, for a particular computing resource. The configuration history of a computing resource can be displayed as a timeline by which a subscriber can access information describing the configuration state of the particular computing resource at any point in time.

公开(公告)号：US11115272B1

公开(公告)日：2021-09-07

申请号：US15951921

申请日：2018-04-12

Applicant: Amazon Technologies, Inc.

Inventor： Anil Kumar ,  Matthew John Hinkle ,  Rajesh Viswanathan ,  Prashant Prahlad

IPC: H04L12/24

Abstract: Techniques are described for identifying “out-of-band” modifications to an interrelated set of computing resources, also referred to herein as a computing resource stack, that was provisioned at a service provider network using an infrastructure modeling service. An infrastructure modeling service generally allows users to describe a computing resource stack in a text file or other type of descriptive representation, referred to herein as an infrastructure template, and to automatically provision computing resource stacks defined in templates at a service provider network. Users may at times make so-called out-of-band modifications to one or more computing resources of a provisioned computing resource stack, either inadvertently or in response to time-sensitive demands, where an out-of-band modification is made outside of the infrastructure modeling service.

公开(公告)号：US10225208B1

公开(公告)日：2019-03-05

申请号：US14657026

申请日：2015-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Prashant Prahlad ,  Rajesh Viswanathan ,  Adam Daniel Everett Wright ,  Benjamin John Ullom ,  Tanya Bansal ,  Veeraraghavan Vijayaraj ,  William Trotter Shelton

IPC: H04L12/923 ,  H04L12/26

Abstract: Configurations of computing resources established on a web-based computing service can be monitored, managed and controlled. According to one embodiment, a method may include discovering a set of computing resources being used by an enterprise. The disclosed resource configuration service can deliver a set of resource-specific data that uniquely identifies each computing resource and describes each resource's configuration state. The resource configuration service monitors the computing environment and detects changes to the configurations of computing resources. The resource configuration service can deliver a stream of notifications when computing resources are created, updated, deleted or otherwise reconfigured. The notifications can be used by, for example, software tools or system administrators.