Abstract:
A service allowing for obfuscation of identifiers such that the obfuscated identifier values are within a set of valid identifier values. The service allows for resources to be associated with an obfuscated identifier, and for clients to request information regarding obfuscated identifiers and resources associated to obfuscated identifiers.
Abstract:
Live migration may be performed for virtual computing resources utilizing network-based storage. A virtual compute instance operating at a source host may be moved to a destination host. The virtual compute instance may be a client of a network-based storage resource that stores data for the virtual compute instance. Access to the data stored for the virtual compute instance may be limited to the source host. When migration is performed, the destination host may be prepared to assume operation of the virtual compute instance. Operation of the virtual compute instance at the source host may be paused and the access to the data at the network-based storage resource may be modified to limit access to the destination host. Operation of the virtual compute instance may then resume at the destination host.
Abstract:
Techniques for preserving the state of virtual machine instances during a migration from a source location to a target location are described herein. A set of credentials configured to provide access to a storage device by a virtual machine instance at the source location is provided to the virtual machine instance. When the migration from the source location to the target location starts, a second set of credentials configured to provide access to a storage device by a virtual machine instance at the source location is provided to the virtual machine instance. During the migration, state information associated with the block storage device is copied from the source location to the target location based on the migration phase.
Abstract:
Customers of shared resources in a multi-tenant environment can modify operational parameters of electronic resources. A customer can be provisioned a data volume of a specified size, storage type (e.g., hard disk drive or solid state device), committed rate of input/output operations per second, and/or geographical location, for example. The customer can subsequently modify any such operational parameters by submitting an appropriate request, or the operational parameters can be adjusted automatically based on any of a number of criteria. Data volumes for the customer can be migrated, split, or combined in order to provide the shared resources in accordance with the modified operational parameters.
Abstract:
In certain embodiments, a computer-implemented method includes receiving, at a first time, a first set of prioritized transfer data that corresponds to a first portion of time series data. A reverse transform is applied to the first set of prioritized transfer data to generate first reformatted time series data. At a second time, a second set of prioritized transfer data that corresponds to a second portion of the time series data is received. A reverse transform is applied to the second set of prioritized transfer data to generate second reformatted time series data.
Abstract:
Methods, systems, and computer-readable media for a service for managing quantum computing resources are disclosed. A task management service receives a description of a task specified by a client. From a pool of computing resources of a provider network, the service selects a quantum computing resource for implementation of the task. The quantum computing resource comprises a plurality of quantum bits. The service causes the quantum computing resource to run a quantum algorithm associated with the task. The service receives one or more results of the quantum algorithm from the quantum computing resource.
Abstract:
A data storage system includes multiple head nodes and data storage sleds. The data storage sleds include multiple mass storage devices and a sled controller. Respective ones of the head nodes are configured to obtain credentials for accessing particular portions of the mass storage devices of the data storage sleds. A sled controller of a data storage sled determines whether a head node attempting to perform a write on a mass storage device of a data storage sled that includes the sled controller is presenting with the write request a valid credential for accessing the mass storage devices of the data storage sled. If the credentials are valid, the sled controller causes the write to be performed and if the credentials are invalid, the sled controller returns a message to the head node indicating that it has been fenced off from the mass storage device.
Abstract:
Systems and methods are described for adjusting a number of concurrent code executions allowed to be performed for a given user on an on-demand code execution environment or other distributed code execution environments. Such environments utilize pre-initialized virtual machine instances to enable execution of user-specified code in a rapid manner, without delays typically caused by initialization of the virtual machine instances. However, to improve utilization of computing resources, such environments may temporarily restrict the number of concurrent code executions performed on behalf of the given user to a number less than the maximum number of concurrent code executions allowed for the given user. Such environments may adjust the temporary restriction on the number of concurrent code executions based on the number of incoming code execution requests associated with the given user.
Abstract:
Systems and methods are described for providing connection pools between source network devices and a target, connection-limited service. Each connection pool can facilitate connections between source devices and the target service, while ensuring that connections to the connection-limited service do not exceed a defined limit. A connection manager service can initialize a connection pool for a target service on request by a client device, and provide an identifier for the connection pool to the client device. Source network devices can then transmit operations for the target service to the connection manager service, which can route the operations to an appropriate connection pool based on the identifier.
Abstract:
Systems and methods are described for providing escalation-resistant network-accessible services by providing the service through a set of service instances, each executing in an environment with privileges scoped based on a user requesting to access the service. Each service instance can be implemented by code on a serverless code system, executed in response to a user request to access the service. Because the code is executed in an environment with privileges scoped to those of a requesting user, the code itself need not attempt to limit the privileges or a requesting user. For that reason, potential for privilege escalations of the service are reduced, even if vulnerabilities in the code might otherwise allow for such escalations.