公开(公告)号：US09647896B1

公开(公告)日：2017-05-09

申请号：US14135013

申请日：2013-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Brian Frederick Mulder ,  Ross Bevan Engers ,  Joshua Mentz ,  Ronen Dov Agranat ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  James Alfred Gordon Greenfield

IPC: G06F15/173 ,  H04L12/24

CPC classification number: H04L41/22 ,  H04L41/0896

Abstract: A distributed execution environment provides resources such as computing resources, hardware resources, and software resources. Resource action rules (“rules”) may be defined and associated with resources in the distributed execution environment. The rules may be evaluated based upon resource state data defining the state of one or more resources. The results of the evaluation of the rules may be utilized to take various actions. For example, the results of the evaluation of rules may be utilized to generate a user interface (UI) object for providing information regarding the evaluation of the rule, to initiate a workflow, and/or perform another type of action. The results might also be utilized to prohibit certain types of operations from being performed with regard to a resource. The results might be propagated to other resources. A UI might also be provided for use in defining the rules.

公开(公告)号：US09542296B1

公开(公告)日：2017-01-10

申请号：US14557374

申请日：2014-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Ross Bevan Engers ,  Stefan Letz

IPC: G06F11/00 ,  G06F11/34 ,  G06F11/20 ,  G06F11/10

CPC classification number: G06F11/3452 ,  G06F11/008 ,  G06F11/1092 ,  G06F11/2033 ,  G06F11/2094

Abstract: In a provider network, attributes of one of a plurality of storage devices of the provider network are identified for failure monitoring. Based on a failure prediction model, a predicted probability of failure of the selected storage device is determined. The failure prediction model is based on historical and current data associated with failures of the storage devices of the provider network that have common attributes. The selected storage device is deactivated in response to determining that the predicted probability of failure of the selected storage device meets a criterion.

Abstract translation: 在提供商网络中，识别供应商网络的多个存储设备之一的属性用于故障监控。 基于故障预测模型，确定所选择的存储设备的预测故障概率。 故障预测模型基于与具有共同属性的提供商网络的存储设备的故障相关联的历史和当前数据。 响应于确定所选择的存储设备的预测故障概率满足标准，所选择的存储设备被停用。

公开(公告)号：US09313208B1

公开(公告)日：2016-04-12

申请号：US14219930

申请日：2014-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers ,  Daniel Bauman ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Aidan Musnitzky ,  Joshua Mentz ,  Brian Frederick Mulder

IPC: G06F21/00 ,  G06F15/16 ,  H04L29/06 ,  G06F21/62 ,  G06F21/60 ,  G06F21/33

CPC classification number: H04L63/104 ,  G06F21/33 ,  G06F21/604 ,  G06F21/62 ,  G06F2221/2149 ,  H04L41/5074 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/20 ,  H04L67/1097

Abstract: Entities such as resource and service providers can utilize a ticketing system to define operational actions as primitives that can be stored, combined into more complex workflows, and executed in a restricted zone wherein a portion of the resources or services are not directly accessible to those providers. These primitives can be stored in the provider environment and shared with the restricted zone, in order to provide a structured approach to the sharing of operational knowledge. When a primitive is first received to the restricted zone, a person vetted by the customer associated with the restricted zone can review and approve the primitive, and can cause the primitive to be executed in the restricted zone. When that same primitive is subsequently received to the restricted zone, a lookup can be performed to determine that an approval exists, whereby the primitive can be executed in the restricted zone without another review.

Abstract translation: 诸如资源和服务提供商的实体可以利用票务系统将操作动作定义为可以存储的原语，组合成更复杂的工作流，并且在限制区域中执行，其中一部分资源或服务不能直接访问那些提供者 。 这些原语可以存储在供应商环境中并与限制区共享，以便提供一种结构化的方法来共享操作知识。 当一个原语被首先接收到限制区域时，与限制区域相关联的客户审查的人可以审查和批准原语，并且可以使原语在限制区域中被执行。 当相同的原语随后被接收到限制区域时，可以执行查找以确定存在批准，由此可以在限制区域中执行原语，而不进行另一次审查。

公开(公告)号：US11507439B1

公开(公告)日：2022-11-22

申请号：US16392247

申请日：2019-04-23

Applicant: Amazon Technologies, Inc.

Inventor： Ross Bevan Engers ,  Jaco Hermanus Gabriel Le Roux

IPC: G06F7/38 ,  G06F9/54 ,  G06F9/448 ,  G06F9/455 ,  G06F8/36

Abstract: An application programming interface (API) as a service is disclosed. In embodiments, a client provides code to be executed along with a configuration file for that code. Based on that, virtual machine(s) and load balancer(s) may be selected, a domain name service configured, and throttling and scaling configured. Through this, an API as a service may be provided on behalf of a client with minimal configuration required by the client or an administrator of a web service platform that provides the API as a service.

公开(公告)号：US10333901B1

公开(公告)日：2019-06-25

申请号：US14483069

申请日：2014-09-10

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Bauman ,  Willem Jacob Buys ,  Joshua Dawie Mentz ,  Aidan Musnitzky ,  Timothy Ralph Sjoberg ,  Ross Bevan Engers ,  Ronen Dov Agranat ,  Brian Frederick Mulder ,  Stefan Letz

IPC: H04L29/06 ,  G06F21/62

Abstract: A method for data aggregation of declassified sensitive data may include obtaining a policy associated with an isolated region of a service provider. The policy may identify a plurality of rules for declassifying sensitive data accessible within the isolated region. At least a portion of the plurality of rules identified by the policy may be obtained. A file with the sensitive data may be identified, the file being generated within the isolated region. An output file may be generated based on applying the obtained rules to the file. At least a portion of the sensitive data may be filtered out using the obtained rules. The generated output file may be provided for access outside of the isolated region. The sensitive data may be inaccessible by at least another region of the service provider.

公开(公告)号：US09760420B1

公开(公告)日：2017-09-12

申请号：US14476504

申请日：2014-09-03

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers

IPC: G06F11/07 ,  G06F11/30 ,  G06F11/20

CPC classification number: G06F11/0709 ,  G06F11/20 ,  G06F11/2007 ,  G06F11/2041 ,  G06F11/22 ,  G06F11/3006 ,  G06F11/3048 ,  G06F11/3051 ,  G06F11/3058 ,  G06F11/3089 ,  G06F11/3433 ,  G06F2201/805

Abstract: A fleet rebuild service examines hosts in a fleet to determine whether any of the hosts in the fleet are to be rebuilt. If a host is to be rebuilt, the fleet rebuild service moves the host to a vetting pool. The fleet rebuild service, or another service, may cause automated testing to be performed on the hardware and/or software of hosts in the vetting pool. If a host passes the automated testing, the fleet rebuild service may move the host from the vetting pool to a provisioning pool. If a host does not pass the automated testing, the host may be moved from the vetting pool to a diagnostics pool for further testing. The fleet rebuild service may select hosts from the provisioning pool for automated configuration and deployment to the fleet.

公开(公告)号：US09674275B1

公开(公告)日：2017-06-06

申请号：US14659311

申请日：2015-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Ross Bevan Engers ,  Benjamin van der Merwe ,  David Daniel de Bruyn ,  Natu Lauchande ,  Christo Pierre Langenhoven ,  Jaco Hermanus Gabriel Le Roux ,  Oliver Nigel Nightingale

IPC: H04L29/08 ,  H04L29/06

CPC classification number: G06F17/30126

Abstract: Techniques are described for providing a file system interface for use with network-accessible computing resources (e.g., located in a data center). A client computing device of a user may display information regarding at least some such computing resources to the user using a visual representation of a hierarchical file system (e.g., with the computing resources organized hierarchically), and allow standard file system commands to manipulate the computing resources, despite them not actually being part of a file system. Particular combinations of a file system command and a type of computing resource may be mapped to associated operations, which implement actions for computing resources of that type corresponding to functionality of that file system command. In some situations, the computing resources are provided by an online service, such as a configurable network service providing virtual computer networks to clients.

公开(公告)号：US09178867B1

公开(公告)日：2015-11-03

申请号：US14219827

申请日：2014-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers ,  Daniel Bauman ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Aidan Musnitzky ,  Joshua Mentz ,  Brian Frederick Mulder

IPC: H04L12/00 ,  H04L29/06

CPC classification number: H04L12/00 ,  H04L12/6418 ,  H04L63/0807 ,  H04L67/40

Abstract: A computer-implemented method includes recording one or more actions being performed by an agent using at least one resource of a resource provider environment, the at least one resource being associated with a non-restricted zone in the resource provider environment. The method includes creating a primitive that describes the one or more actions. The primitive is able to be executed on at least one different resource in a restricted zone in the resource provider environment to perform the one or more actions using the different resource. The restricted zone includes resources associated with a customer that are directly accessible only to at least one authorized entity. The method includes submitting the primitive to the restricted zone in the resource provider environment. The primitive is able to be executed by the at least one authorized entity on the at least one different resource in the restricted zone.

Abstract translation: 计算机实现的方法包括使用资源提供者环境的至少一个资源记录由代理执行的一个或多个动作，所述至少一个资源与资源提供者环境中的非受限区域相关联。 该方法包括创建描述一个或多个动作的原语。 该原语能够在资源提供者环境中的受限区域中的至少一个不同资源上执行，以使用不同的资源来执行一个或多个动作。 限制区域包括与客户相关联的资源，其仅能够被至少一个授权实体直接访问。 该方法包括将资源提交给资源提供者环境中的限制区域。 原语能够由受限区域中的至少一个不同资源上的至少一个授权实体执行。

公开(公告)号：US11301492B1

公开(公告)日：2022-04-12

申请号：US14221173

申请日：2014-03-20

Applicant: Amazon Technologies, Inc.

Inventor： Ross Bevan Engers ,  Stefan Letz

IPC: G06F16/28 ,  G06F16/245

Abstract: A database management system may be configured to receive requests related to storing and retrieving network address information. Requests may be represented in a query language as a native data type. Network address information may be stored using a data format indicative of ranges of network addresses, including bit fields indexed by a hash function and range trees. Network addresses may be located based on traversing rows in a table and traversing network address ranges stored in rows. A network address may be validated by locating the stored address and examining properties associated with the address.

公开(公告)号：US10303532B1

公开(公告)日：2019-05-28

申请号：US15799169

申请日：2017-10-31

Applicant: Amazon Technologies, Inc.

Inventor： Ross Bevan Engers ,  Jaco Hermanus Gabriel Le Roux

IPC: G06F9/455 ,  G06F9/54

Abstract: An application programming interface (API) may be provided by a service. A client of the service may provide computer instructions to the service. Configuration information may also be provided by the client. An API may be generated for the client based on the computing instructions. A number of virtual machines may be associated with the API based on the configuration information. The API may be used to process requests.