公开(公告)号：US09276812B1

公开(公告)日：2016-03-01

申请号：US13836575

申请日：2013-03-15

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Mark Edward Stalzer

IPC: H04L12/24 ,  G06F11/30

CPC classification number: H04L41/0806 ,  G06F11/3006 ,  H04L41/5054 ,  H04L43/0811 ,  H04L43/50

Abstract: A direct network connection is established between a customer network and a service provider network. Computing resources are then provisioned in the service provider network in an automated fashion. The network connection between the service provider network and the customer network is also configured such that data can be transmitted from one of the computing resources to another one of the computing resources by way of at least a portion of the customer network. Test data is then transmitted from one computing resource to another computing resource by way of at least a portion of the customer network. One or more test results are then generated based upon characteristics of the transmission of the test data from one resource to the other resource by way of the customer network. The resources may be de-provisioned in an automated fashion following completion of the testing.

Abstract translation: 在客户网络和服务提供商网络之间建立直接网络连接。 然后，计算资源以自动方式在服务提供商网络中提供。 服务提供商网络和客户网络之间的网络连接也被配置成使得可以通过客户网络的至少一部分，将数据从计算资源中的一个传输到另一个计算资源。 然后，测试数据通过客户网络的至少一部分从一个计算资源传输到另一个计算资源。 然后根据通过客户网络将测试数据从一个资源传输到另一个资源的特性，产生一个或多个测试结果。 在完成测试之后，资源可以以自动化的方式被去除。

公开(公告)号：US09141683B1

公开(公告)日：2015-09-22

申请号：US14034445

申请日：2013-09-23

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Michael Brooke Furr

IPC: G06F17/30 ,  G06F11/14

CPC classification number: G06F17/30575 ,  G06F11/1464 ,  G06F11/1469 ,  G06F2201/84 ,  H04L41/0859 ,  H04L41/12

Abstract: Distributed computer systems prepare and instantiate snapshots by processing sets of nodes representing computer resources that are portions of a larger system. A user may choose to prepare or instantiate a snapshot containing all or only a portion of the data within the distributed computer system, such as a template of the distributed computer system. A template snapshot may be available in an electronic marketplace for other users to purchase and instantiate into a replica of the distributed computer system.

Abstract translation: 分布式计算机系统通过处理表示作为较大系统的部分的计算机资源的节点组来准备和实例化快照。 用户可以选择准备或实例化包含分布式计算机系统中的全部或仅一部分数据的快照，例如分布式计算机系统的模板。 模板快照可能在电子市场中可供其他用户购买并实例化为分布式计算机系统的副本。

公开(公告)号：US10944758B1

公开(公告)日：2021-03-09

申请号：US16146439

申请日：2018-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Shane Anil Pereira

IPC: H04L29/06 ,  G06F16/27

Abstract: Devices and methods are provided for determining computer resource connectivity and providing computer resource protection. A computer system may identify a first indication of each network configuration between a computing resource and a data resource. The system may identify a second indication of a request for credentials associated with accessing at least one of the computing resource or the data resource. The system may determine an action including accessing the computing resource and the data resource using a network configuration and a credential. The system may determine that the action has occurred a number of times that is less than a threshold. The system may cancel a credential or network configuration associated with the action.

公开(公告)号：US09426019B1

公开(公告)日：2016-08-23

申请号：US13948434

申请日：2013-07-23

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Kevin Christopher Miller

IPC: G06F9/50 ,  H04L12/24

CPC classification number: H04L41/00 ,  G06F9/50 ,  G06F9/5011 ,  G06F9/5027 ,  G06F9/5072 ,  G06F2209/5011

Abstract: Various electronic resources, such as multi-tenant or cloud resources, can be pooled together for access by specified members associated with a given pool. For example, users with access to different resources can enable their resources to be pooled together for purposes such as reduced pricing and increased flexibility. In some instances, a user can pool resources configured for a particular purpose, such that the user can effectively lease out an entire environment. The users accessing the pool can pay for some or all portion of the cost of the resources during the period of usage.

公开(公告)号：US09871854B2

公开(公告)日：2018-01-16

申请号：US14685104

申请日：2015-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Bashuman Deb

IPC: G06F17/50 ,  H04L12/24 ,  H04L12/46 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  G06F17/5009 ,  H04L12/4641 ,  H04L41/0866 ,  H04L67/42

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

公开(公告)号：US09830179B2

公开(公告)日：2017-11-28

申请号：US14454631

申请日：2014-08-07

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Bashuman Deb

IPC: G06F9/455 ,  H04L12/713 ,  H04L12/26

CPC classification number: G06F9/45533 ,  G06F9/455 ,  H04L43/08 ,  H04L45/586

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

公开(公告)号：US20150288750A1

公开(公告)日：2015-10-08

申请号：US14685104

申请日：2015-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Aparna Nagargadde ,  Bashuman Deb

IPC: H04L29/08 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L67/10 ,  G06F17/5009 ,  H04L12/4641 ,  H04L41/0866 ,  H04L67/42

Abstract: Systems and method for the management of virtual machine instances are provided. A network data transmission analysis system can host virtual machine networks. A component of a hosted virtual machine network is configured in a manner to receive commands directed towards a simulated network device. The component may then execute a process or processes on the hosted virtual machine network which correspond to the received command.

Abstract translation: 提供了用于管理虚拟机实例的系统和方法。 网络数据传输分析系统可以托管虚拟机网络。 托管虚拟机网络的组件被配置为接收指向模拟网络设备的命令。 然后，组件可以在对应于所接收的命令的托管虚拟机网络上执行进程或进程。

公开(公告)号：US11803766B1

公开(公告)日：2023-10-31

申请号：US16712242

申请日：2019-12-12

Applicant: Amazon Technologies, Inc.

Inventor： Preethi Srinivasan ,  Sreekanth Reddy Polaka ,  Christopher Wooram Yi ,  John David Backes ,  Everett Richard Anthony ,  Aparna Nagargadde ,  Mark Edward Stalzer

IPC: G06N5/04 ,  H04L9/40 ,  G06F9/455

CPC classification number: G06N5/04 ,  G06F9/45558 ,  H04L63/1433 ,  H04L63/20 ,  G06F2009/45579

Abstract: An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.

公开(公告)号：US11216563B1

公开(公告)日：2022-01-04

申请号：US15600554

申请日：2017-05-19

Applicant: Amazon Technologies, Inc.

Inventor： Vladimir Veselov ,  Aparna Nagargadde ,  Adrian-Radu Grajdeanu

IPC: G06F21/00 ,  G06F21/57 ,  H04L29/06 ,  G06F9/455

Abstract: Systems for performing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a scanning service that facilitates duplication of all or a portion of the target computing resource, and then performs the security assessment on the duplicate computing resource to avoid consuming processing time, processing power, and storage space of the target computing resource. A snapshot of the target computing resource, containing the data necessary to reproduce the portion to be assessed, is captured and used to implement the duplicate computing resource in newly allocated resources. The snapshot can be an image of a logical volume implementing the target computing resource. To reproduce a target virtual machine, the snapshot may include a configuration used to instantiate the target virtual machine; the scanning service may implement a duplicate virtual machine that is instantiated with the same configuration.

公开(公告)号：US10362046B1

公开(公告)日：2019-07-23

申请号：US15473511

申请日：2017-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Preethi Srinivasan ,  Aparna Nagargadde

IPC: G06F12/14 ,  H04L29/06

Abstract: Customers of a computing resource service provider may operate one or more computing resource provided by the computing resource service provider. In addition, the customers may execute agent using the one or more computing resources provided by the computing resource service provider. Operational information from customer-operated computing resources may be obtained by the agents and evaluated for security threats. The operational information may be evaluated based at least in part on a set of security rules. The security rules may be generated at least in part on customer input to generate customer defined security rules.