公开(公告)号：US12058176B1

公开(公告)日：2024-08-06

申请号：US17161491

申请日：2021-01-28

Applicant: Amazon Technologies, Inc.

Inventor： Gokul Ramanan Subramanian ,  Sayantan Chakravorty ,  Dennis Tighe ,  Carlos Alessandro Chiconato ,  Damian Wylie

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0807 ,  H04L63/0876 ,  H04L63/1483

Abstract: A connection-based service impersonates request-based security for requests from clients that do not include credentials for the requests (e.g., data plane requests made via a connection-oriented security). A connection between a client and a connection-based service is established based on connection credentials that are based on security credentials from a request-based security service. The credentials are sent by a security component of the service to a local agent of the remote security service to be authenticated by the security service. An impersonation token is returned by the security service and cached by the local agent. Requests from the client to perform operations do not include credentials. For each request, the service passes an identifier for the client and the operation to a local authorization component that calls the agent for authorization of the requested operation. The agent uses the impersonation token to obtain authorization for the requested operation.

公开(公告)号：US20240223674A1

公开(公告)日：2024-07-04

申请号：US18609987

申请日：2024-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Sayantan Chakravorty ,  Nagarjuna Koduru ,  Nabanita Maji ,  Vijaya Rama Reddy Kistampalli ,  Sankalp Bhatia ,  Sahil Dorwat

IPC: H04L67/562 ,  H04L9/40 ,  H04L41/50 ,  H04L65/60

CPC classification number: H04L67/562 ,  H04L41/509 ,  H04L63/08 ,  H04L65/60

Abstract: Various embodiments of systems and methods for providing virtualized (e.g., serverless) broker clusters for a data streaming service are disclosed. A data streaming service uses a front-end proxy layer and a back-end broker layer to provide virtualized broker clusters, for example in a Kafka-based streaming service. Resources included in a virtualized broker cluster are monitored and automatically scaled-up, scaled-down, or re-balanced in a way that is transparent to data producing and/or data consuming clients of the data streaming service.

公开(公告)号：US11509700B2

公开(公告)日：2022-11-22

申请号：US17062435

申请日：2020-10-02

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Warren Mercier ,  Sayantan Chakravorty ,  Yasemin Avcular ,  Charlie Paucard

IPC: H04L65/61 ,  G06F3/06 ,  H04L67/02 ,  H04L67/1097 ,  H04L65/612 ,  H04L65/75 ,  H04L65/80 ,  H04L67/1095 ,  H04L67/55

Abstract: From a stream management service, indications of transmissions of data records of a first data stream via a persistent network connection associated with a subscription are provided to a stream processing application. In response to detecting that a transfer throttling condition associated with the subscription has been met, a delay is introduced before additional data records are transmitted via the same persistent network connection. After a subscription expiration period has elapsed, an indication of the expiration is provided to the application via the persistent connection.

公开(公告)号：US11070600B1

公开(公告)日：2021-07-20

申请号：US16143343

申请日：2018-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Warren Mercier ,  Sayantan Chakravorty ,  Yasemin Avcular ,  Charlie Paucard

IPC: H04L29/06 ,  H04L29/08 ,  G06F16/28

Abstract: At a stream management service, one or more storage servers of a first repository are assigned to store at least a first partition of a first data stream. At the first repository, records of different partitions are interleaved. In response to determining that a set of data records of the first partition meet a first criterion, a rearranged version of the set in which the data records of the first partition are contiguous is stored at a second repository. Using the rearranged version, one or more records of the first partition are provided to an application which meets a lag criterion.

公开(公告)号：US20210084102A1

公开(公告)日：2021-03-18

申请号：US17105287

申请日：2020-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Warren Mercier ,  Sayantan Chakravorty ,  Yasemin Avcular ,  Charlie Paucard

IPC: H04L29/08 ,  G06F16/28

Abstract: In response to a first programmatic request, metadata indicating that a first isolated read channel of a real-time category has been associated with a first target stream is stored at a stream management service. In response to another request, metadata indicating that a second isolated read channel of a non-real-time category has been associated with a second target stream is stored. In response to a read request indicating the first channel or the second channel, one or more data records of the corresponding target streams are provided.

公开(公告)号：US20240356985A1

公开(公告)日：2024-10-24

申请号：US18762541

申请日：2024-07-02

Applicant: Amazon Technologies, Inc.

Inventor： Gokul Ramanan Subramanian ,  Sayantan Chakravorty ,  Dennis Tighe ,  Carlos Alessandro Chiconato ,  Damian Wylie

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0807 ,  H04L63/0876 ,  H04L63/1483

Abstract: A connection-based service impersonates request-based security for requests from clients that do not include credentials for the requests (e.g., data plane requests made via a connection-oriented security). A connection between a client and a connection-based service is established based on connection credentials that are based on security credentials from a request-based security service. The credentials are sent by a security component of the service to a local agent of the remote security service to be authenticated by the security service. An impersonation token is returned by the security service and cached by the local agent. Requests from the client to perform operations do not include credentials. For each request, the service passes an identifier for the client and the operation to a local authorization component that calls the agent for authorization of the requested operation. The agent uses the impersonation token to obtain authorization for the requested operation.

公开(公告)号：US11675501B2

公开(公告)日：2023-06-13

申请号：US17013441

申请日：2020-09-04

Applicant: Amazon Technologies, Inc.

Inventor： Vasudeva Gade ,  Benjamin Warren Mercier ,  Sayantan Chakravorty ,  Yasemin Avcular ,  Charlie Paucard

IPC: G06F3/06

CPC classification number: G06F3/0617 ,  G06F3/065 ,  G06F3/0644 ,  G06F3/0647 ,  G06F3/0653 ,  G06F3/0659 ,  G06F3/0673

Abstract: At a data stream management service, a first set of metadata indicating that a first isolated read channel has been associated with a first data stream is stored. The first isolated read channel has an associated read performance limit setting. A second set of metadata indicating that a second isolated read channel, with its own performance limit setting, has been associated with a data stream is also stored. Based on determining that the difference between a metric of read operations associated with the first channel and the read performance limit setting of the first channel meets a first criterion, the service initiates a throttling operation for reads associated with the first channel. The throttling decision is made independently of read metrics of the second channel.

公开(公告)号：US11621999B2

公开(公告)日：2023-04-04

申请号：US17105287

申请日：2020-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Benjamin Warren Mercier ,  Sayantan Chakravorty ,  Yasemin Avcular ,  Charlie Paucard

IPC: G06F15/173 ,  H04L67/1029 ,  G06F16/28

Abstract: In response to a first programmatic request, metadata indicating that a first isolated read channel of a real-time category has been associated with a first target stream is stored at a stream management service. In response to another request, metadata indicating that a second isolated read channel of a non-real-time category has been associated with a second target stream is stored. In response to a read request indicating the first channel or the second channel, one or more data records of the corresponding target streams are provided.

公开(公告)号：US10812543B1

公开(公告)日：2020-10-20

申请号：US15444131

申请日：2017-02-27

Applicant: Amazon Technologies, Inc.

Inventor： Sayantan Chakravorty ,  Benjamin Warren Mercier

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08

Abstract: Configuration information indicating that one or more stream consumers are granted read-only access to contents of a shared-access data stream is stored at a stream management service. A virtual stream associated with the shared-access stream may be established. In response to a read request directed to the virtual stream, contents of a particular record of the shared-access data stream are provided.

公开(公告)号：US10768830B1

公开(公告)日：2020-09-08

申请号：US16143341

申请日：2018-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Vasudeva Gade ,  Benjamin Warren Mercier ,  Sayantan Chakravorty ,  Yasemin Avcular ,  Charlie Paucard

IPC: G06F3/00 ,  G06F3/06

Abstract: At a data stream management service, a first set of metadata indicating that a first isolated read channel has been associated with a first data stream is stored. The first isolated read channel has an associated read performance limit setting. A second set of metadata indicating that a second isolated read channel, with its own performance limit setting, has been associated with a data stream is also stored. Based on determining that the difference between a metric of read operations associated with the first channel and the read performance limit setting of the first channel meets a first criterion, the service initiates a throttling operation for reads associated with the first channel. The throttling decision is made independently of read metrics of the second channel.