公开(公告)号：US11693678B1

公开(公告)日：2023-07-04

申请号：US17865642

申请日：2022-07-15

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Seung Keun Carl ,  Amjad Hussain ,  Upender Sandadi ,  Anupam Shrivastava

IPC: G06F11/30 ,  G06F9/455 ,  G06F11/34

CPC classification number: G06F9/455 ,  G06F11/301 ,  G06F11/3006 ,  G06F11/3051 ,  G06F11/3409

Abstract: A state management server applies configuration information to a set of virtual computer system instances in accordance with one or more limitations specified by an administrator. In an embodiment, the limitations include a velocity parameter that limits the number of virtual computer system instances to which the configuration may be applied concurrently. In an embodiment, the limitations include an error threshold that stops the application of the configuration if the number of configuration failures meets or exceeds the error threshold. In an embodiment, the set of virtual computer systems is identified by providing a list of the individual virtual computer system instances, or by specifying one or more tags that are associated with the virtual computer systems in the set. In an embodiment, the administrator is able to specify that an association be applied according to a predetermined schedule.

公开(公告)号：US20220229657A1

公开(公告)日：2022-07-21

申请号：US17665260

申请日：2022-02-04

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Ananth Vaidyanathan ,  Sivaprasad Venkata Padisetty ,  Xiong Wang ,  Anand Doshi

IPC: G06F8/65 ,  G06F9/455 ,  G06F16/903

Abstract: Compliance schemes may be associated with compliance types to provide resource compliance management. Compliance types may be created and associated with different compliance schemes. Compliance state for the compliance types may be generated and provided in response to requests to access the compliance state. Queries for compliance state, for example, may request compliance state, and query predicates or other criteria may be applied to the compliance state in order to perform the query.

公开(公告)号：US10817278B1

公开(公告)日：2020-10-27

申请号：US16271360

申请日：2019-02-08

Applicant: Amazon Technologies, Inc.

Inventor： Mats Erik Lanner ,  Derek Ying Chen Kwiatkowski ,  Katherine Elizabeth Shaffer ,  Sivaprasad Venkata Padisetty ,  Sundaresan Ramamoorthy ,  Robert Glenn Hearn ,  Amjad Hussain ,  Daniel Francis Conde ,  Lavanya Krishnan

IPC: G06F9/445 ,  G06F8/65 ,  H04L29/08

Abstract: This disclosure describes techniques for providing users of services provided by network-based service platforms with additional control for approving patches that are to be deployed to computing resources that support their services. In some examples, the techniques include generating and using a “snapshot,” or list, of patches that are preliminarily approved for deployment. Prior to deploying the patches to the computing resources, users are provided with access to the snapshot and are able to modify the snapshot. For example, users can modify the snapshot by adding patches, removing patches, specifying a sequence in which the patches are to be deployed, and so forth. The snapshot of patches may be “frozen” for a period of time, meaning that patches that during the period of time, only patches in the snapshot are deployed, and patches that are not included in the snapshot are not permitted to be deployed to computing resources.

公开(公告)号：US10733238B2

公开(公告)日：2020-08-04

申请号：US15148869

申请日：2016-05-06

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Sivaprasad Venkata Padisetty ,  Xiong Wang ,  Boyuan Feng

IPC: G06F16/93 ,  G06F16/176 ,  G06F9/46 ,  G06F9/455 ,  G06F21/82 ,  G06F21/62

Abstract: A customer of a shared resource environment can generate script to be executed by one or more virtual machines, or other such instances or resources, and share that script with other users. The script can relate to administrative or other such tasks, and can be encapsulated into a document, or other such expression, and stored to a network-accessible location. The owner of the document can designate permissions as to which users have rights to access and/or execute the script against their own virtual machines. An owner can grant permission to all users, no other users, or specific users. The script can include parameter values that can be set by the other users or links to specific executables or other objects, among other such options.

公开(公告)号：US20180103066A1

公开(公告)日：2018-04-12

申请号：US15785314

申请日：2017-10-16

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Manivannan Sundaram ,  Sivaprasad Venkata Padisetty ,  Nikolaos Pamboukas ,  Alan Hadley Goodman

IPC: H04L29/06 ,  G06F21/62 ,  H04L12/24

CPC classification number: H04L63/20 ,  G06F21/62 ,  H04L41/22 ,  H04L41/28 ,  H04L63/105

Abstract: A selection of a document that includes a command and a parameter is received, and a user is caused to be associated with a policy that grants permission to execute the document. A request is received, from a requestor, to execute the document, the request including a parameter value, and the requestor is determined to be the user associated with the policy. The user is validated to have access to a resource indicated by the parameter value, and the command is caused to be executed against the resource.

公开(公告)号：US20170322929A1

公开(公告)日：2017-11-09

申请号：US15148869

申请日：2016-05-06

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Sivaprasad Venkata Padisetty ,  Xiong Wang ,  Boyuan Feng

IPC: G06F17/30 ,  G06F21/62 ,  G06F9/455

CPC classification number: G06F16/93 ,  G06F9/45558 ,  G06F9/468 ,  G06F16/176 ,  G06F21/6218 ,  G06F2009/45595

Abstract: A customer of a shared resource environment can generate script to be executed by one or more virtual machines, or other such instances or resources, and share that script with other users. The script can relate to administrative or other such tasks, and can be encapsulated into a document, or other such expression, and stored to a network-accessible location. The owner of the document can designate permissions as to which users have rights to access and/or execute the script against their own virtual machines. An owner can grant permission to all users, no other users, or specific users. The script can include parameter values that can be set by the other users or links to specific executables or other objects, among other such options.

公开(公告)号：US11243756B1

公开(公告)日：2022-02-08

申请号：US15676908

申请日：2017-08-14

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Ananth Vaidyanathan ,  Sivaprasad Venkata Padisetty ,  Xiong Wang ,  Anand Doshi

IPC: G06F21/57 ,  G06F8/65 ,  G06F9/455 ,  G06F16/903 ,  G06F9/50 ,  H04L29/06 ,  H04L12/24

Abstract: Compliance schemes may be associated with compliance types to provide resource compliance management. Compliance types may be created and associated with different compliance schemes. Compliance state for the compliance types may be generated and provided in response to requests to access the compliance state. Queries for compliance state, for example, may request compliance state, and query predicates or other criteria may be applied to the compliance state in order to perform the query.

公开(公告)号：US11093257B2

公开(公告)日：2021-08-17

申请号：US16723562

申请日：2019-12-20

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Anand Doshi ,  Xiong Wang ,  Sivaprasad Venkata Padisetty

IPC: G06F15/177 ,  G06F9/4401 ,  G06F9/50

Abstract: Methods, systems, and computer-readable media for resource configuration based on dynamic group membership are disclosed. An association between a group of computing resources and an intended state is stored. The intended state represents a computing resource configuration. During operation of a computing resource, whether the computing resource belongs to the group of computing resources is determined based at least in part on analysis of one or more attributes associated with the computing resource. Based at least in part on determining that the computing resource belongs to the group of computing resources, one or more actions are caused be performed to bring the computing resource into the intended state. The computing resource is executed while having the computing resource configuration represented by the intended state.

公开(公告)号：US10282193B1

公开(公告)日：2019-05-07

申请号：US15989686

申请日：2018-05-25

Applicant: Amazon Technologies, Inc.

Inventor： Mats Erik Lanner ,  Derek Ying Chen Kwiatkowski ,  Katherine Elizabeth Shaffer ,  Sivaprasad Venkata Padisetty ,  Sundaresan Ramamoorthy ,  Robert Glenn Hearn ,  Amjad Hussain ,  Daniel Francis Conde ,  Lavanya Krishnan

IPC: G06F9/445 ,  G06F8/65 ,  H04L29/08

Abstract: This disclosure describes techniques for providing users of services provided by network-based service platforms with additional control for approving patches that are to be deployed to computing resources that support their services. In some examples, the techniques include generating and using a “snapshot,” or list, of patches that are preliminarily approved for deployment. Prior to deploying the patches to the computing resources, users are provided with access to the snapshot and are able to modify the snapshot. For example, users can modify the snapshot by adding patches, removing patches, specifying a sequence in which the patches are to be deployed, and so forth. The snapshot of patches may be “frozen” for a period of time, meaning that patches that during the period of time, only patches in the snapshot are deployed, and patches that are not included in the snapshot are not permitted to be deployed to computing resources.

公开(公告)号：US10110635B1

公开(公告)日：2018-10-23

申请号：US15279122

申请日：2016-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Amjad Hussain ,  Anand Doshi ,  Xiong Wang ,  Sivaprasad Padisetty

IPC: H04L29/06 ,  G06F9/455

Abstract: A policy management system is described herein that allows an administrator to compose custom policies that can be applied to target devices and that achieve tasks specific to the administrator's organization and network. The composed policies can be standalone policies that are applied independently or sequenced policies that are applied in a specified order. A composed policy may be associated with one or more targets and stored in a policy database. A target device may periodically query the policy management system for any policies that pertain to the target device. If policies have been composed that pertain to the target device and such policies have been updated or have not been previously transmitted to the target device, the policy management system can retrieve the policies from the policy database, merge the policies, and transmit the merged policies to the target device. The target device can then apply the merged policies.