公开(公告)号：US20220171842A1

公开(公告)日：2022-06-02

申请号：US17108854

申请日：2020-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Jain ,  Douglas Spencer Hewitt ,  Conor P. Cahill ,  Ogbeide Derrick Oigiagbe

IPC: G06F21/45 ,  H04L29/06

Abstract: An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

公开(公告)号：US12242591B2

公开(公告)日：2025-03-04

申请号：US18314076

申请日：2023-05-08

Applicant: Amazon Technologies, Inc.

Inventor： Varun Jayant Oswal ,  Liam Simon Hewitt ,  Rachit Jain

IPC: G06F21/45 ,  G06F21/00 ,  G06F21/60 ,  H04L9/40

Abstract: Managed lifecycle roles are disclosed. Managed lifecycle roles may be used for secure credential vending or otherwise. For instance, an entity (e.g., administrator or other entity) requests, via an interface of a role manager, creation of a role associated with a lifecycle definition (e.g., an expression of an enforceable expiration of the role or similar characteristic). The role manager stores the role and role lifecycle definition to a data store. Another entity requests to use the role to perform some operation with respect to a resource. A credential service validates the request against a lifecycle definition for the role (and against an access control list, in some examples) and responds to valid requests with credentials useable to perform the operation with respect to the resource. The other entity uses the credentials to perform the operation with respect to the resource. A sweep process manages attributes of the roles.

公开(公告)号：US11711261B2

公开(公告)日：2023-07-25

申请号：US17717962

申请日：2022-04-11

Applicant: Amazon Technologies, Inc.

Inventor： Ian Man Hin Leung ,  Rachit Jain

IPC: H04L41/0803 ,  H04L41/06 ,  H04L47/70 ,  H04L43/10 ,  G06F8/61

CPC classification number: H04L41/0803 ,  H04L41/06 ,  H04L43/10 ,  H04L47/82 ,  G06F8/61

Abstract: A recovery workflow is part of an automated management service for bare metal hosts allocated for single-tenant operation in a multi-tenant environment. The health of the hosts is monitored using a set of health criteria. If it is detected that one of the host machines fails a health check then a host recovery workflow can be initiated. As part of the workflow, the failed host can be repurposed or retired. A spare host class can be used to obtain a new host to take over for the failed host. Once deployed, the operation of the new host can be tested. Upon passing the test, the new host can take over for the failed host. A new host resource can be automatically requested to be added to the spare host class in order to ensure that there are sufficient resources available in case of an additional failure.

公开(公告)号：US11323315B1

公开(公告)日：2022-05-03

申请号：US15826312

申请日：2017-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Ian Man Hin Leung ,  Rachit Jain

IPC: H04L12/14 ,  H04L41/0803 ,  H04L47/70 ,  H04L41/06 ,  H04L43/10 ,  G06F8/61

Abstract: A recovery workflow is part of an automated management service for bare metal hosts allocated for single-tenant operation in a multi-tenant environment. The health of the hosts is monitored using a set of health criteria. If it is detected that one of the host machines fails a health check then a host recovery workflow can be initiated. As part of the workflow, the failed host can be repurposed or retired. A spare host class can be used to obtain a new host to take over for the failed host. Once deployed, the operation of the new host can be tested. Upon passing the test, the new host can take over for the failed host. A new host resource can be automatically requested to be added to the spare host class in order to ensure that there are sufficient resources available in case of an additional failure.

公开(公告)号：US11042454B1

公开(公告)日：2021-06-22

申请号：US16197033

申请日：2018-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Jain ,  Rohit Raj ,  Ian Leung ,  Harshad Vasant Kulkarni

IPC: G06F11/14 ,  G06F16/23

Abstract: Restoring data to a data store that suffered corrupted data over a time period is disclosed. A system may provide an interface to specify a time window and filter conditions for identifying corrupted data in an object in a data store, such as, but not limited to, a corrupted NoSQL table. Corrupted data is identified by applying the filter conditions to change logs for the data object (e.g., the No SQL table) in the data store. Repair operations are determined for individual items identified via the filter conditions. Identified corrupted data for items may be corrected, from change logs or backup data in some instances (e.g., data may be deleted, or updated or replaced with data from a backup of the data store when necessary).

公开(公告)号：US10944561B1

公开(公告)日：2021-03-09

申请号：US15979248

申请日：2018-05-14

Applicant: Amazon Technologies, Inc.

Inventor： Conor Patrick Cahill ,  Rachit Jain ,  Brigid Ann Johnson ,  Praveen Akinapally ,  Varun Jayant Oswal ,  Jasmeet Chhabra ,  Ritwick Dhar ,  Luke Edward Kennedy ,  Per Mikael Horal

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/62 ,  G06F21/60

Abstract: A security token service receives a request for a token. The request indicates a set of access control policies that define a set of permissions for access to a resource. The security token service generates the token to comprise a set of identifiers of the set of access control policies. The security token service provides the token in response to the request to enable the token to be used to access the resource in accordance with the set of access control policies.