公开(公告)号：US20210042163A1

公开(公告)日：2021-02-11

申请号：US17081756

申请日：2020-10-27

Applicant: Amazon Technologies, Inc.

Inventor： Manigandan Radhakrishnan ,  Marc John Brooker ,  Yilmaz Can Cecen ,  David Alexander Dunlap ,  Craig Wesley Howard ,  Shubham Katiyar ,  Ajay Nair ,  Venkatesh Vijayaraghavan ,  Vo Vuong ,  Meenakshi Vembusubramanian

IPC: G06F9/50

Abstract: An on-demand code execution environment present in points of presence (POPs) and in regions serviced by the POPs is provided herein. For example, a POP may receive a request to execute a task associated with user-defined code. If the POP determines that the computing resources necessary to execute a received task are not available or that the POP should not execute the received task for another reason (e.g., the task is not commonly received and the computing resources needed to execute the task are therefore best allocated for other requests), the POP can forward the task to a region that the POP services for execution by an on-demand code execution environment present in the region. The on-demand code execution environment present in the region can execute the task and forward the results of the execution to the POP for distribution back to a user device that requested the task execution.

公开(公告)号：US20200341799A1

公开(公告)日：2020-10-29

申请号：US16778437

申请日：2020-01-31

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Dylan Chandler Thomas ,  Ajay Nair

IPC: G06F9/455

Abstract: A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.

公开(公告)号：US10372499B1

公开(公告)日：2019-08-06

申请号：US15391696

申请日：2016-12-27

Applicant: Amazon Technologies, Inc.

Inventor： Manigandan Radhakrishnan ,  Marc John Brooker ,  Yilmaz Can Cecen ,  David Alexander Dunlap ,  Craig Wesley Howard ,  Shubham Katiyar ,  Ajay Nair ,  Venkatesh Vijayaraghavan ,  Vo Vuong ,  Meenakshi Vembusubramanian

IPC: G06F8/71 ,  G06F9/50 ,  G06F9/455

Abstract: An on-demand code execution environment present in points of presence (POPs) and in regions serviced by the POPs is provided herein. For example, a POP may receive a request to execute a task associated with user-defined code. If the POP determines that the computing resources necessary to execute a received task are not available or that the POP should not execute the received task for another reason (e.g., the task is not commonly received and the computing resources needed to execute the task are therefore best allocated for other requests), the POP can identify a region suitable for executing the task and forward the task to the identified region. An on-demand code execution environment present in the identified region can execute the task and forward the results of the execution to the POP for distribution back to a user device that requested the task execution.

公开(公告)号：US20190205171A1

公开(公告)日：2019-07-04

申请号：US16113887

申请日：2018-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Timothy Allen Wagner ,  Ajay Nair

IPC: G06F9/50

CPC classification number: G06F9/5005 ,  G06F9/445

Abstract: Systems and methods are described for handling requests to execute idempotent code in an on-demand code execution system or other distributed code execution environment. Idempotent code can generally include code that produces the same outcome even when executed multiple times, so long as dependencies for the code are in the same state as during a prior execution. Due to this feature, multiple executions of idempotent code may inefficiently use computing resources, particularly in on-demand code execution system (which may require, for example, generation and provisioning of an appropriate execution environment for the code). Aspects of the present disclosure enable the on-demand code execution system to process requests to execute code by verifying whether dependency states associated with the code have changed since a prior execution. If dependency states have not changed, no execution need occur, and the overall computing resource us of the on-demand code execution system is decreased.

公开(公告)号：US20180203717A1

公开(公告)日：2018-07-19

申请号：US15676777

申请日：2017-08-14

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Dylan Chandler Thomas ,  Ajay Nair

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557

Abstract: A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.

公开(公告)号：US20170371724A1

公开(公告)日：2017-12-28

申请号：US15595774

申请日：2017-05-15

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Ajay Nair ,  Marc John Brooker ,  Scott Daniel Wisniewski

IPC: G06F9/54 ,  G06F9/455

Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on various event sources and initiate execution of other control functions to improve the code execution environment in response to detecting errors or unexpected execution results. The service may maintain or communicate with a separate storage area for storing code execution requests that were not successfully processed by the service. Requests stored in such a storage area may subsequently be re-processed by the service.

公开(公告)号：US09727725B2

公开(公告)日：2017-08-08

申请号：US14613723

申请日：2015-02-04

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Dylan Chandler Thomas ,  Ajay Nair

IPC: G06F9/455 ,  G06F21/53 ,  G06F21/44 ,  G06F21/55

CPC classification number: G06F21/53 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/5027 ,  G06F21/44 ,  G06F21/552 ,  G06F2009/45562

Abstract: A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.

公开(公告)号：US11146569B1

公开(公告)日：2021-10-12

申请号：US16022509

申请日：2018-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Ajay Nair ,  Colm MacCárthaigh

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/33

Abstract: Systems and methods are described for providing escalation-resistant network-accessible services by providing the service through a set of service instances, each executing in an environment with privileges scoped based on a user requesting to access the service. Each service instance can be implemented by code on a serverless code system, executed in response to a user request to access the service. Because the code is executed in an environment with privileges scoped to those of a requesting user, the code itself need not attempt to limit the privileges or a requesting user. For that reason, potential for privilege escalations of the service are reduced, even if vulnerabilities in the code might otherwise allow for such escalations.

公开(公告)号：US10884787B1

公开(公告)日：2021-01-05

申请号：US15275181

申请日：2016-09-23

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Marc John Brooker ,  Jonathan Paul Thompson ,  Ajay Nair

IPC: G06F9/48 ,  G06F11/36

Abstract: Systems and methods are described for implementing execution guarantees in an on-demand code execution system or other distributed code execution environment, such that the on-demand code execution system attempts to execute code only a desired number of times. The on-demand code execution system can utilize execution identifiers to distinguish between new and duplicative requests, and can decline to allocate computing resources for duplicative requests. The on-demand code execution system can further detect errors during execution, and rollback the execution to undo the execution's effects. The on-demand code execution system can then restart execution until the code has been execute the desired number of times.

公开(公告)号：US10824484B2

公开(公告)日：2020-11-03

申请号：US15595774

申请日：2017-05-15

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Timothy Allen Wagner ,  Ajay Nair ,  Marc John Brooker ,  Scott Daniel Wisniewski

IPC: G06F9/54 ,  G06F9/455 ,  G06F9/50 ,  G06F11/30 ,  H04L12/24

Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on various event sources and initiate execution of other control functions to improve the code execution environment in response to detecting errors or unexpected execution results. The service may maintain or communicate with a separate storage area for storing code execution requests that were not successfully processed by the service. Requests stored in such a storage area may subsequently be re-processed by the service.