公开(公告)号：US20160344671A1

公开(公告)日：2016-11-24

申请号：US14716713

申请日：2015-05-19

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Steven Merlin Twitchell ,  Mats Erik Lanner ,  Manivannan Sundaram ,  Sivaprasad Venkata Padisetty ,  Martin Chen Mao

IPC: H04L12/58 ,  H04L29/08

CPC classification number: H04L51/18 ,  G06F9/546 ,  G06F2209/541 ,  H04L51/046 ,  H04L67/10

Abstract: A method for executing commands on virtual machine instances in a distributed computing environment can include receiving, from a client computing device, a command execution request for executing a command on one or more virtual machine instances within the distributed computing environment. The command execution request includes a tag, and instance identification information for the one or more virtual machine instances is retrieved based on the tag. A command specification document associated with the command specified by the command execution request is retrieved. A command execution message, including the command specification document and at least one command parameter, is communicated to each of the one or more virtual machine instances. A command execution result from executing the command at the one or more virtual machine instances is received from the one or more virtual machine instances. The command execution result is sent to the client computing device.

Abstract translation: 在分布式计算环境中的用于在虚拟机实例上执行命令的方法可以包括从客户端计算设备接收用于在分布式计算环境中的一个或多个虚拟机实例上执行命令的命令执行请求。 命令执行请求包括标签，并且基于标签检索一个或多个虚拟机实例的实例标识信息。 检索与命令执行请求指定的命令相关联的命令规范文档。 包括命令规范文档和至少一个命令参数的命令执行消息被传送到一个或多个虚拟机实例中的每一个。 从一个或多个虚拟机实例接收到从一个或多个虚拟机实例执行命令的命令执行结果。 命令执行结果发送到客户端计算设备。

公开(公告)号：US11579901B1

公开(公告)日：2023-02-14

申请号：US17364260

申请日：2021-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Diwakar Chakravarthy ,  Asif Hussain ,  Rahul Garg ,  Victoria Michelle Jacobson ,  Sunil Jagadish ,  James Hood

IPC: G06F9/445 ,  G06F9/50

Abstract: Systems and methods provide for execution of different provisioning engines within a resource provider environment. A user may submit a request to provision one or more resources using a particular provisioning engine, which may include a provisioning engine that is non-native to the resource provider environment. A control plane may evaluate and transmit requests to the provisioning engine executing within the resource provider environment. Operations associated with the provisioning engine may be executed and stored within a data store, which may be processed upon completion and made accessible.

公开(公告)号：US11431586B1

公开(公告)日：2022-08-30

申请号：US17019891

申请日：2020-09-14

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Anil Kumar ,  Ryan John Lohan ,  Diwakar Chakravarthy ,  Julio Cesar dos Santos Lins ,  Prabhu Anand Nakkeeran

IPC: H04L41/5025 ,  H04L41/5041 ,  H04L41/5054 ,  H04L41/22 ,  H04L41/0813 ,  H04L47/70 ,  H04L41/0866

Abstract: This disclosure describes techniques for resolving discrepancies that occur to interrelated computing resources from computing resource drift. Users may describe computing resources in an infrastructure template. However, computing resource drift occurs when “out-of-band” modifications are made to the computing resources and are not reflected in the infrastructure template. To resolve discrepancies between the infrastructure template and the out-of-band modifications to the computing resources, a notification may be output to a user account associated with the computing resources detailing the differences. An updated infrastructure template may be received that resolves the differences, such as by including configuration settings that reflect a current state of the computing resources. The computing resources may then execute a workflow using the updated template, such that the workflow is executed on all of the computing resources in a current state.

公开(公告)号：US11290336B1

公开(公告)日：2022-03-29

申请号：US16989583

申请日：2020-08-10

Applicant: Amazon Technologies, Inc.

Inventor： Munindra N. Das ,  Patrick McFalls ,  Amjad Hussain ,  Anantharam Vaidyanathan

IPC: H04L41/0893 ,  H04L41/50 ,  H04L29/06 ,  G06F9/455 ,  H04L47/70

Abstract: This disclosure describes techniques for defining a set of permissions, or privileges, for users who manage resources of a network-based service provisioned in a network-based service platform managed by a service provider. The techniques may include mapping cloud identities of the users to operating system (OS) user groups defined local to the resources that specify the set of permissions for user group members. Systems-manager agents that execute locally on the resources may determine to which OS user group the user belongs based on their cloud identity, and launch shells that are restricted by the set of permissions. Using these shells, a network-based service platform may allow users to remotely manage resources of the network-based service in various ways, such as through batch run commands and/or remote user sessions, while ensuring that the users are unable to execute commands on the resources that are outside the set of permissions.

公开(公告)号：US10691501B1

公开(公告)日：2020-06-23

申请号：US15334124

申请日：2016-10-25

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Steven Merlin Twitchell ,  Emily Grace Aimette Freebairn ,  Sung Wook Kim ,  Sivaprasad Venkata Padisetty

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/48

Abstract: A technology is described for invoking a command over a set of computing instances. An example method may include receiving a request to invoke a command over a set of computing instances managed within a service provider environment. In response, the computing instances included in the set of computing instances having an attribute may be identified and the command may be sent to the computing instances according to a send rate parameter specifying a rate at which the command is sent to a portion of the computing instances. Execution status indications may be received from the computing instances, wherein a number of errors indicated by the computing instances that exceeds an error threshold terminates execution of the command.

公开(公告)号：US10684840B1

公开(公告)日：2020-06-16

申请号：US15449208

申请日：2017-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Patrick McFalls ,  Matthew Adam Ford ,  Sivaprasad Venkata Padisetty

IPC: G06F8/61 ,  G06F9/455 ,  H04L29/08

Abstract: Software packages may be installed, uninstalled and/or updated across a group of computing instances by way of a single issuance of a user request. The request may include information such as a software package name, a software package version, an action (e.g., install or uninstall), and one or more operating constraints for the software package. For an installation request, an agent on a given computing instance may process the request by accessing a manifest that indicates various computing instance characteristics (e.g., operating system types, architecture types, etc.) and various respective available versions of the software package. The agent may then select, based on characteristics of the computing instance, a package type for the computing instance. An installation request may also allow operating constraints (e.g. regarding usage of processing, memory, I/O and other resources) to be set and enforced for the software package.

公开(公告)号：US10678574B1

公开(公告)日：2020-06-09

申请号：US15801141

申请日：2017-11-01

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Seung Keun Carl ,  Amjad Hussain ,  Upender Sandadi ,  Anupam Shrivastava

IPC: G06F11/30 ,  G06F9/455 ,  G06F11/34

Abstract: A state management server applies configuration information to a set of virtual computer system instances in accordance with one or more limitations specified by an administrator. In an embodiment, the limitations include a velocity parameter that limits the number of virtual computer system instances to which the configuration may be applied concurrently. In an embodiment, the limitations include an error threshold that stops the application of the configuration if the number of configuration failures meets or exceeds the error threshold. In an embodiment, the set of virtual computer systems is identified by providing a list of the individual virtual computer system instances, or by specifying one or more tags that are associated with the virtual computer systems in the set. In an embodiment, the administrator is able to specify that an association be applied according to a predetermined schedule.

公开(公告)号：US10536332B1

公开(公告)日：2020-01-14

申请号：US15814104

申请日：2017-11-15

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Sivaprasad Venkata Padisetty ,  Steven Merlin Twitchell

IPC: H04L12/24 ,  G06F9/455 ,  H04L12/26

Abstract: A system for managing configuration of multiple computing systems associated with a customer in a cloud computing environment. A command associated with the desired configuration is identified for execution on a total quantity of instances associated with the customer system to be configured. An invocation rate parameter selected by the customer system is used to control a rate in which the configuration command is invoked on the targeted instances. Based on the invocation rate parameter, the system invokes the configuration command on identified portions or sets of the targeted instances during different stages of the configuration invocation.

公开(公告)号：US10466991B1

公开(公告)日：2019-11-05

申请号：US15449065

申请日：2017-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Patrick McFalls ,  Matthew Adam Ford ,  Sivaprasad Venkata Padisetty

IPC: G06F8/61 ,  G06F8/65 ,  G06F9/455 ,  G06F9/445

Abstract: Software packages may be installed, uninstalled and/or updated across a group of computing instances by way of a single issuance of a user request. The request may include information such as a software package name, a software package version, an action (e.g., install or uninstall), and one or more operating constraints for the software package. For an installation request, an agent on a given computing instance may process the request by accessing a manifest that indicates various computing instance characteristics (e.g., operating system types, architecture types, etc.) and various respective available versions of the software package. The agent may then select, based on characteristics of the computing instance, a package type for the computing instance. An installation request may also allow operating constraints (e.g. regarding usage of processing, memory, I/O and other resources) to be set and enforced for the software package.

公开(公告)号：US09794292B2

公开(公告)日：2017-10-17

申请号：US14975376

申请日：2015-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Manivannan Sundaram ,  Sivaprasad Venkata Padisetty ,  Nikolaos Pamboukas ,  Alan Hadley Goodman

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F21/62 ,  H04L41/22 ,  H04L41/28 ,  H04L63/105

Abstract: A selection of a document that includes a command and a parameter is received, and a user is caused to be associated with a policy that grants permission to execute the document. A request is received, from a requestor, to execute the document, the request including a parameter value, and the requestor is determined to be the user associated with the policy. The user is validated to have access to a resource indicated by the parameter value, and the command is caused to be executed against the resource.