公开(公告)号：US20180089250A1

公开(公告)日：2018-03-29

申请号：US15276714

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  MARVIN MICHAEL THEIMER ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F17/30

Abstract: Multiple edits to a hierarchical data structure may be atomically applied. A request to perform modifications with respect to a portion or the entire hierarchical data structure may be received. A copy of the requested portion of the hierarchical data structure may be created separate from the hierarchical data structure. The portion of the hierarchical data structure may remain available for read access. Modifications may be applied to the copy of the portion of the hierarchical data structure. In response to a request to commit the modifications to the portion of the hierarchical data structure, the copy of the portion of the hierarchical data structure may atomically replace the portion of the hierarchical data structure

公开(公告)号：US20170300552A1

公开(公告)日：2017-10-19

申请号：US15132098

申请日：2016-04-18

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Matthew Berry ,  Slavka Praus ,  Chris Baker ,  Marvin Michael Theimer ,  Anders Samuelsson ,  Khaled Salah Sedky

IPC: G06F17/30

CPC classification number: G06F16/273 ,  G06F16/1873 ,  G06F16/2365 ,  G06F16/282 ,  G06F16/9024

Abstract: A distributed data store may maintain versioned hierarchical data structures. Different versions of a hierarchical data structure may be maintained consistent with a transaction log for the hierarchical data structure. When access requests directed to the hierarchical data structure are received, a version of the hierarchical data structure may be identified for processing an access request. For access requests with snapshot isolation, the identified version alone may be sufficient to consistently process the access request. For access requests with higher isolation requirements, such as serializable isolation, transactions based on the access request may be submitted to the transaction log so that access requests resulting in committed transactions may be allowed, whereas access requests resulting in conflicting transactions may be denied.

公开(公告)号：US09565260B2

公开(公告)日：2017-02-07

申请号：US14792459

申请日：2015-07-06

Applicant: Amazon Technologies, Inc.

Inventor： Gregory B. Roth ,  James E. Scharf, Jr. ,  Rajiv Ramachandran ,  Anders Samuelsson ,  Keith A. Carlson

IPC: G06F15/173 ,  H04L29/08 ,  G06F11/25 ,  H04L12/911 ,  G06F11/30 ,  G06F11/34 ,  G06F11/14 ,  G06F17/40

CPC classification number: H04L67/16 ,  G06F11/1438 ,  G06F11/25 ,  G06F11/3006 ,  G06F11/3051 ,  G06F11/3086 ,  G06F11/3442 ,  G06F11/3457 ,  G06F17/40 ,  G06F2201/815 ,  G06F2201/875 ,  H04L47/827

Abstract: Methods and apparatus for an account state simulation service for cloud computing environments are disclosed. A system includes a plurality of service managers coordinating respective distributed network-accessible services, and a metadata manager. The metadata manager receives an account state change simulation request, indicating (a) an initial account state of a client account and (b) a collection of operations to be simulated. The metadata manager generates a response to the account change state simulation request, comprising at least one of (a) a representation of an expected end state of the client account reachable as a result of performing the collection of operations (b) an indication of an expected failure of a particular operation of the collection of operations or (c) an estimate of an expected billing amount associated with an implementation of the collection of operations.

Abstract translation: 公开了用于云计算环境的帐户状态模拟服务的方法和装置。 系统包括协调各个分布式网络可访问服务的多个服务管理器和元数据管理器。 元数据管理器接收帐户状态改变模拟请求，指示（a）客户帐户的初始帐户状态，以及（b）要模拟的操作的集合。 所述元数据管理器产生对所述帐户改变状态模拟请求的响应，所述响应包括以下中的至少一个：（a）作为执行操作收集的结果可访问的所述客户帐户的预期结束状态的表示（b） 预期收集操作的特定操作失败或（c）与执行操作集合相关联的预期计费金额的估计。

公开(公告)号：US11341118B2

公开(公告)日：2022-05-24

申请号：US16751727

申请日：2020-01-24

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  Marvin Michael Theimer ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F16/23 ,  G06F16/21 ,  G06F16/28

Abstract: Multiple edits to a hierarchical data structure may be atomically applied. A request to perform modifications with respect to a portion or the entire hierarchical data structure may be received. A copy of the requested portion of the hierarchical data structure may be created separate from the hierarchical data structure. The portion of the hierarchical data structure may remain available for read access. Modifications may be applied to the copy of the portion of the hierarchical data structure. In response to a request to commit the modifications to the portion of the hierarchical data structure, the copy of the portion of the hierarchical data structure may atomically replace the portion of the hierarchical data structure.

公开(公告)号：US11157517B2

公开(公告)日：2021-10-26

申请号：US15132098

申请日：2016-04-18

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Matthew Berry ,  Slavka Praus ,  Chris Baker ,  Marvin Michael Theimer ,  Anders Samuelsson ,  Khaled Salah Sedky

IPC: G06F16/27 ,  G06F16/28 ,  G06F16/23 ,  G06F16/18 ,  G06F16/901

Abstract: A distributed data store may maintain versioned hierarchical data structures. Different versions of a hierarchical data structure may be maintained consistent with a transaction log for the hierarchical data structure. When access requests directed to the hierarchical data structure are received, a version of the hierarchical data structure may be identified for processing an access request. For access requests with snapshot isolation, the identified version alone may be sufficient to consistently process the access request. For access requests with higher isolation requirements, such as serializable isolation, transactions based on the access request may be submitted to the transaction log so that access requests resulting in committed transactions may be allowed, whereas access requests resulting in conflicting transactions may be denied.

公开(公告)号：US10977377B2

公开(公告)日：2021-04-13

申请号：US16147033

申请日：2018-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F21/60 ,  H04L29/06 ,  G06Q20/14 ,  G07F17/12

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

公开(公告)号：US10516667B1

公开(公告)日：2019-12-24

申请号：US14295108

申请日：2014-06-03

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F17/00 ,  H04L29/06

Abstract: A service of a service provider can cause a compartment to be created in an account of a customer of the service provider. Computing resources are provisioned in the compartment and the service has administrative authority over the computing resources. The customer may have administrative authority over the compartment, but may lack authority over the computing resources inside of the compartment.

公开(公告)号：US20180089299A1

公开(公告)日：2018-03-29

申请号：US15276708

申请日：2016-09-26

Applicant: Amazon Technologies, Inc.

Inventor： Brian Collins ,  Zachary Mohamed Shalla ,  MARVIN MICHAEL THEIMER ,  John Petry ,  Michael Hart ,  Serge Hairanian ,  Anders Samuelsson ,  Salvador Salazar Sepulveda ,  Ji Luo

IPC: G06F17/30 ,  G06F9/50

CPC classification number: G06F16/282 ,  G06F9/5061 ,  G06F9/546 ,  G06F16/2365

Abstract: Resource data objects describing resources in a system may be maintained in multiple different hierarchies for applying policies to manage the resources. Lookup requests may access the different hierarchies to determine which policies are applicable to a given resource based on the policies identified in each of the hierarchies. Modifications to hierarchies may be performed in isolation so that the application of policies in other hierarchies is unchanged by modifications to a different hierarchy. Access restrictions may be enforced with respect to hierarchies so that different users may be permitted access to different hierarchies for system resource management.

公开(公告)号：US11687661B2

公开(公告)日：2023-06-27

申请号：US17227021

申请日：2021-04-09

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Anders Samuelsson ,  Bradley Jeffery Behm

IPC: G06F21/60 ,  H04L9/40 ,  G06Q20/14

CPC classification number: G06F21/60 ,  G06F21/604 ,  G06Q20/14 ,  H04L63/10 ,  H04L63/123

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

公开(公告)号：US11658971B1

公开(公告)日：2023-05-23

申请号：US16427099

申请日：2019-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Ross O'Neill ,  Mark Joseph Cavage ,  Nathan R. Fitch ,  Anders Samuelsson ,  Brian Irl Pratt ,  Yunong Jeff Xiao ,  Bradley Jeffery Behm ,  James E. Scharf, Jr.

IPC: H04L9/40 ,  H04L41/28 ,  H04L67/00

CPC classification number: H04L63/10 ,  H04L41/28 ,  H04L63/0263 ,  H04L63/20 ,  H04L67/00 ,  H04L63/08 ,  H04L63/102

Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.