公开(公告)号：US08825817B1

公开(公告)日：2014-09-02

申请号：US13424089

申请日：2012-03-19

申请人： Avinash Jaisinghani ,  Reto Kramer ,  Christopher Whitaker ,  Nishanth Shankaran ,  Jaykumar H. Gosar ,  Jeffrey L. Baker ,  Daniel Osiecki ,  Danny Rabbani ,  Prashant Jayaraman ,  Venkates P. Balakrishnan ,  Adam M. Thomas

发明人： Avinash Jaisinghani ,  Reto Kramer ,  Christopher Whitaker ,  Nishanth Shankaran ,  Jaykumar H. Gosar ,  Jeffrey L. Baker ,  Daniel Osiecki ,  Danny Rabbani ,  Prashant Jayaraman ,  Venkates P. Balakrishnan ,  Adam M. Thomas

IPC分类号： G06F15/177

CPC分类号： H04L47/762 ,  G06F8/65 ,  H04L41/0816

摘要： Techniques are described that enable a user to upgrade a stack of resources by providing a template that reflects the desired end state of the stack. Upon receiving a new template, the system automatically detects changes that should be performed and determines the order in which the changes should be performed. The system can also detect if the desired changes to the stack are a result of direct modifications; because parameters to the resources have changed; or the changes are indirectly caused by other dependency/attribute changing. Additionally, the system determines whether the changes require creating new resources or if the changes can be made to the resources live. In case of replacement of resources, the system will first create the new resource, move that new resource into the stack and remove the old resource(s). In case of failures, the system ensures that the stack rolls back to the initial state.

摘要翻译： 描述了使得用户能够通过提供反映堆栈的期望结束状态的模板来升级资源堆栈的技术。 系统收到新模板后，会自动检测应执行的更改，并确定应执行更改的顺序。 系统还可以检测对堆栈的所需更改是否是直接修改的结果; 因为资源的参数已经改变了; 或更改间接地由其他依赖/属性更改引起。 此外，系统确定更改是否需要创建新资源，或者是否可以对资源进行更改。 在更换资源的情况下，系统将首先创建新资源，将该新资源移入堆栈并删除旧的资源。 在故障的情况下，系统确保堆栈回滚到初始状态。

公开(公告)号：US08949930B1

公开(公告)日：2015-02-03

申请号：US13424143

申请日：2012-03-19

申请人： Avinash Jaisinghani ,  Reto Kramer ,  Christopher Whitaker ,  Venkates P. Balakrishnan ,  Prashant Jayaraman ,  Richard C. Edwards, Jr.

发明人： Avinash Jaisinghani ,  Reto Kramer ,  Christopher Whitaker ,  Venkates P. Balakrishnan ,  Prashant Jayaraman ,  Richard C. Edwards, Jr.

IPC分类号： H04L29/06 ,  H04L12/24

CPC分类号： H04L63/20 ,  H04L41/0806 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/102

摘要： Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

摘要翻译： 描述了系统和方法，使用户能够将安全资源和用户访问密钥建模为模板语言中的资源。 该模板可用于创建和更新将提供网络可访问服务的一堆资源。 在堆栈创建过程和堆栈更新过程期间，可以在模板中引用安全资源和访问密钥。 安全资源可以包括用户，组和策略。 另外，用户可以将模板中的访问密钥引用为动态参数，无需以明文方式引用访问密钥。 系统安全地存储系统内的访问密钥，并允许模板在定义后引用它们。 然后，这些关键引用可以在模板中传递到需要它们的资源，并通过使用用户数据字段将它们安全地传递给诸如服务器实例的资源。