公开(公告)号：US20140196130A1

公开(公告)日：2014-07-10

申请号：US14204124

申请日：2014-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Mark Joseph Cavage ,  David Brown ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Christopher Richard Jacques de Kadt

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/44 ,  H04L9/3247 ,  H04L63/10 ,  H04L63/20

Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.

Abstract translation: 用于管理凭据的系统和方法将凭证分发到一组共同管理的计算资源的子集。 共同管理的计算资源可以包括一个或多个虚拟机实例。 分配给计算资源的证书可以被计算资源用于执行一个或多个动作。 操作可以包括执行与一个或多个资源的配置，管理和/或操作有关的一个或多个功能，和/或其他计算资源的访问。 至少部分地基于一个或多个事件的发生来改变使用凭证的能力。

公开(公告)号：US12242985B2

公开(公告)日：2025-03-04

申请号：US17711790

申请日：2022-04-01

Applicant: Amazon Technologies, Inc.

Inventor： Christopher Richard Jacques de Kadt ,  James Alfred Gordon Greenfield

IPC: G06Q10/06 ,  G06Q10/00 ,  G06Q10/0631 ,  H04L9/40

Abstract: Methods and apparatus for portable network interfaces to manage authentication and license enforcement. A system may include a plurality of resource instances including a producer instance configured to implement a network-accessible service, and an authentication coordinator. The coordinator may assign an interface record to the service, wherein the interface record comprises an IP address and a set of security properties. The coordinator may configure the security properties to allow a client to request an attachment of the interface record to a selected resource instance, such that the selected resource instance is enabled to transmit network messages from the IP address using one or more physical network interfaces of the selected resource instance. The producer resource instance initiates authentication operations for the service, including at least one authentication operation based on the IP address of the interface record.

公开(公告)号：US11960464B2

公开(公告)日：2024-04-16

申请号：US16042884

申请日：2018-07-23

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Daniel Cole ,  John Michael Morkel ,  Tate Andrew Certain ,  Christopher Richard Jacques de Kadt ,  Artem Danilov ,  Andrew Wayne Ross ,  Allan Henry Vermeulen

IPC: G06F16/23 ,  G06F16/27 ,  G06F16/28

CPC classification number: G06F16/2315 ,  G06F16/2372 ,  G06F16/2393 ,  G06F16/27 ,  G06F16/278 ,  G06F16/284

Abstract: A materialization configuration request is received via a programmatic interface from a client of a journal-based multi-data-store database. The request indicates a partitioning rule to be used to select, for respective writes indicated in committed transaction entries of a journal, the materialization node at which the writes are to be stored. A control plane component of the database verifies that a set of materialization nodes corresponding to the partitioning rule has been established, and initiates the propagation of writes from the journal to the materialization nodes by respective write appliers.

公开(公告)号：US11860855B1

公开(公告)日：2024-01-02

申请号：US15632260

申请日：2017-06-23

Applicant: Amazon Technologies, Inc.

Inventor： Christopher Richard Jacques de Kadt ,  Tate Andrew Certain ,  Douglas Stewart Laurence ,  Phil Simko

IPC: G06F16/23 ,  G06F16/22

CPC classification number: G06F16/2379 ,  G06F16/22

Abstract: A storage service is configured to receive one or more instructions specifying transformations that are to be applied to data sets stored by the storage service when the data sets are made available outside of particular storage locations within the storage service. In response to triggering events that make the data sets available outside of the particular storage locations, the storage services causes the transformations to be performed on the data sets prior to the data sets being accessible at one or more destination locations outside of the particular storage locations where the data sets are stored. In some embodiments, the transformations are performed on hardware included in the storage service or are performed on external hardware at the direction of the storage service.

公开(公告)号：US11243939B1

公开(公告)日：2022-02-08

申请号：US15201118

申请日：2016-07-01

Applicant: Amazon Technologies, Inc.

Inventor： Yevgeniy Mikhaylyuta ,  Timothy Daniel Cole ,  John Michael Morkel ,  Christopher Richard Jacques de Kadt ,  Allan Henry Vermeulen

IPC: G06F16/23 ,  G06F16/28 ,  G06F16/22

Abstract: A journaled database system may comprise data nodes that collectively maintain a collection of data and provide clients with read and write access to the collection. Correlated classification functions may be associated with read and write operations, such that items affected by a write operation are classified similarly to items accessed during a read operation. Read and write signatures may be formed based on the classification. Conflicts may be detected by comparing the read and write signatures for equivalent or overlapping classifications.

公开(公告)号：US11102204B1

公开(公告)日：2021-08-24

申请号：US16216520

申请日：2018-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Christopher Richard Jacques de Kadt ,  Richard Shawn Bice ,  Allan Henry Vermeulen ,  Tate Andrew Certain ,  Anthony A. Virtuoso ,  Philip Simko

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/24 ,  H04L9/30 ,  H04L12/927 ,  H04L12/28 ,  H04L12/66 ,  G06F15/16 ,  H04L9/32

Abstract: A shared resource service allows multiple clients to agree on rules for accessing a shared resource (e.g., a shared database or a shared service). The shared resource service also allows the clients to make changes to the rules (e.g., via consensus or majority vote). The clients use the shared resource service to enforce the rules, without having to trust each other to follow the rules when accessing the shared resource. First, the clients agree on a set of initial rules for accessing the shared resource and a set of initial rules for making changes to the rules. After the rules are initialized, then the clients can begin using the shared resource in accordance with the agreed upon rules. In response to a request for accessing the shared resource or a request for changing rules, the shared resource service enforce the applicable rules.

公开(公告)号：US11075913B1

公开(公告)日：2021-07-27

申请号：US16566592

申请日：2019-09-10

Applicant: Amazon Technologies, Inc.

Inventor： Marvin M. Theimer ,  Eric Jason Brandwine ,  Marc J. Brooker ,  David Everard Brown ,  Christopher Richard Jacques de Kadt

IPC: G06F15/173 ,  G06F9/54 ,  H04L29/06 ,  G06F9/445 ,  G06F9/455

Abstract: Users intending to launch instances or otherwise access virtual resources in a multi-tenant environment can specify a launch configuration. For each type of instance or each type of user, at least one launch configuration is created that includes parameters and values to be used in instantiating an instance of that type, the values being optimized for the current environment and type of instance. Launch configurations can be optimized for different types of users, such as to account for security credentials and access levels. Such an approach enables users to launch instances by contacting the resource provider directly without need for a proxy, which can function as a choke point under heavy load. The use of an appropriate launch configuration can be enforced for any type of user at any level, such as at the sub-net level, by modifying a request that does not specify an appropriate launch configuration.

公开(公告)号：US11036708B2

公开(公告)日：2021-06-15

申请号：US16200600

申请日：2018-11-26

Applicant: Amazon Technologies, Inc.

Inventor： Tate Andrew Certain ,  Yannis Papakonstantinou ,  Allan Henry Vermeulen ,  Christopher Richard Jacques de Kadt

IPC: G06F16/22 ,  G06F16/18 ,  G06F16/2452

Abstract: A database management system receives a request to create an index for a virtual view of a database table. In response to the request, the database management system identifies relationships between the columns of the virtual view and columns of the database table. The database management system generates an index on the database table, where columns are included in the generated index based on the identified relationships and the definition of the virtual view. Queries of the virtual view are assisted by the generated index of the underlying table.

公开(公告)号：US20190121792A1

公开(公告)日：2019-04-25

申请号：US16221212

申请日：2018-12-14

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Daniel Cole ,  John Michael Morkel ,  Yevgeniy Mikhaylyuta ,  Allan Henry Vermeulen ,  Christopher Richard Jacques de Kadt

IPC: G06F16/21 ,  G06F16/18

Abstract: A journaled database system may comprise data nodes that maintain a collection of data structured in accordance with a schema. A change to the schema may be applied by a journal module while a journal consumer continues to operate using a prior version of the schema. A buffer may be formed and have stored therein records describing state change instructions according to the prior view of the schema. An index of correspondence between the records in the buffer and in the source journal may be maintained.

公开(公告)号：US20190036901A1

公开(公告)日：2019-01-31

申请号：US16152132

申请日：2018-10-04

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Mark Joseph Cavage ,  David Brown ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Christopher Richard Jacques de Kadt

IPC: H04L29/06 ,  G06F21/44

Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.