公开(公告)号：US11483317B1

公开(公告)日：2022-10-25

申请号：US16206859

申请日：2018-11-30

Applicant: Amazon Technologies, Inc.

Inventor： Pauline Virginie Bolignano ,  John Byron Cook ,  Andrew Jude Gacek ,  Kasper Luckow ,  Neha Rungta ,  Cole Schlesinger ,  Ian Sweet ,  Carsten Varming

IPC: H04L9/40 ,  G06F16/901 ,  G06F9/54

Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.

公开(公告)号：US11483350B2

公开(公告)日：2022-10-25

申请号：US16369215

申请日：2019-03-29

Applicant: Amazon Technologies, Inc.

Inventor： Pauline Virginie Bolignano ,  Tyler Bray ,  John Byron Cook ,  Andrew Jude Gacek ,  Kasper Søe Luckow ,  Andrea Nedic ,  Neha Rungta ,  Cole Schlesinger ,  Carsten Varming

IPC: H04L9/40 ,  G06F8/41 ,  G06F9/54

Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.