-
公开(公告)号:US11483317B1
公开(公告)日:2022-10-25
申请号:US16206859
申请日:2018-11-30
Applicant: Amazon Technologies, Inc.
Inventor: Pauline Virginie Bolignano , John Byron Cook , Andrew Jude Gacek , Kasper Luckow , Neha Rungta , Cole Schlesinger , Ian Sweet , Carsten Varming
IPC: H04L9/40 , G06F16/901 , G06F9/54
Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.
-
公开(公告)号:US11483350B2
公开(公告)日:2022-10-25
申请号:US16369215
申请日:2019-03-29
Applicant: Amazon Technologies, Inc.
Inventor: Pauline Virginie Bolignano , Tyler Bray , John Byron Cook , Andrew Jude Gacek , Kasper Søe Luckow , Andrea Nedic , Neha Rungta , Cole Schlesinger , Carsten Varming
Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.
-