公开(公告)号：US11790058B2

公开(公告)日：2023-10-17

申请号：US17814366

申请日：2022-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Ali Baghani ,  Patrick MacLaine Compton ,  Andrew Katz ,  Gabriel Mastey ,  Adam Alexander Emerson Wong

IPC: G06F21/12 ,  G06F21/44 ,  G06F8/33

CPC classification number: G06F21/125 ,  G06F8/33 ,  G06F21/44

Abstract: Computer systems and methods are disclosed to implement a role manager that automatically analyzes code accessing various resources to generate a role with the necessary resource permissions to execute the code. In embodiments, the role manager may be implemented as part of a workflow orchestration or resource provisioning system that employs code requiring access to different types of resources. In embodiments, the role manager may analyze a code segment to identify the different resources accessed by the code segment and the permissions needed for each access, and generate a role that has the needed permissions. In embodiments, the role manager may automatically manage these roles based on changes to associated code segments. Advantageously, the disclosed role manager removes the need to manually create roles need by code segments ahead of time, and creates roles with minimal privileges required for the code, thereby simplifying achievement of system security.

公开(公告)号：US20220358190A1

公开(公告)日：2022-11-10

申请号：US17814366

申请日：2022-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Ali Baghani ,  Patrick MacLaine Compton ,  Andrew Katz ,  Gabriel Mastey ,  Adam Alexander Emerson Wong

IPC: G06F21/12 ,  G06F21/44 ,  G06F8/33

Abstract: Computer systems and methods are disclosed to implement a role manager that automatically analyzes code accessing various resources to generate a role with the necessary resource permissions to execute the code. In embodiments, the role manager may be implemented as part of a workflow orchestration or resource provisioning system that employs code requiring access to different types of resources. In embodiments, the role manager may analyze a code segment to identify the different resources accessed by the code segment and the permissions needed for each access, and generate a role that has the needed permissions. In embodiments, the role manager may automatically manage these roles based on changes to associated code segments. Advantageously, the disclosed role manager removes the need to manually create roles need by code segments ahead of time, and creates roles with minimal privileges required for the code, thereby simplifying achievement of system security.

公开(公告)号：US10911379B1

公开(公告)日：2021-02-02

申请号：US16439545

申请日：2019-06-12

Applicant: Amazon Technologies, Inc.

Inventor： Timothy William Bray ,  Ali Baghani ,  Jakub Mateusz Narloch ,  Jamie Christopher Dool ,  Ahmed Usman Khalid

IPC: G06F9/44 ,  H04L12/58 ,  G06F16/242

Abstract: Based on analysis of messages transmitted to a communication channel, a schema for a category of messages is generated. The schema indicates one or more data types and an ordering of instances of the data types. The schema is stored in a registry. A code artifact generated in accordance with the schema is provided to automate event processing tasks associated with the message category.