公开(公告)号：US20240121095A1

公开(公告)日：2024-04-11

申请号：US18490686

申请日：2023-10-19

Applicant: Amazon Technologies, Inc.

Inventor： Uma Ganesh Sadras Sudhakar ,  Chase Kernan ,  Divyank Duvedi ,  Mohammed Noman Mulla ,  Conor P. Cahill

IPC: H04L9/32 ,  G06F9/54 ,  G06F11/14 ,  G06F21/62 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/3213 ,  G06F9/547 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L63/0853 ,  H04L63/10 ,  G06F2201/80

Abstract: A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.

公开(公告)号：US20240248979A1

公开(公告)日：2024-07-25

申请号：US18595317

申请日：2024-03-04

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Jain ,  Douglas Spencer Hewitt ,  Conor P. Cahill ,  Ogbeide Derrick Oigiagbe

IPC: G06F21/45 ,  H04L9/40

CPC classification number: G06F21/45 ,  H04L63/0884 ,  H04L63/102 ,  H04L63/20

Abstract: An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

公开(公告)号：US20220171842A1

公开(公告)日：2022-06-02

申请号：US17108854

申请日：2020-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Jain ,  Douglas Spencer Hewitt ,  Conor P. Cahill ,  Ogbeide Derrick Oigiagbe

IPC: G06F21/45 ,  H04L29/06

Abstract: An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

公开(公告)号：US11032287B1

公开(公告)日：2021-06-08

申请号：US16122192

申请日：2018-09-05

Applicant: Amazon Technologies, Inc.

Inventor： Mingkun Wang ,  Jasmeet Chhabra ,  Hang Li ,  Chenguang Yin ,  Dan Popick ,  Alazel Acheson ,  Apurv Awasthi ,  Brigid Ann Johnson ,  Conor P. Cahill

IPC: H04L29/06 ,  G06F21/62 ,  G06F17/00 ,  G06F21/60

Abstract: A method and system for generating permissions policies and permission boundary policies are described. The system receives a first request from a central administrator to create a delegated administrator, the first request specifying with one or more access permissions. The system generates a permission boundary policy that specifies the one or more access permissions and a first permissions policy that grants permissions to the delegated administrator to at least one of create an IAM principal with the permission boundary policy or attach a second permissions policy to the IAM principal. An effective permission given to the IAM principal is an intersection of access permissions specified in the first permissions policy and the one or more access permissions in the permission boundary policy. The system attaches the first permissions policy and the permission boundary policy to the delegated administrator.