公开(公告)号：US12177254B2

公开(公告)日：2024-12-24

申请号：US17362807

申请日：2021-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini ,  Homer Strong

IPC: H04L29/06 ,  H04L9/40

Abstract: Identity management recommendations for use of existing policies are described herein. An available policy set of existing policies that are available to an identity may be determined. Selected permissions associated with permission-usage by the identity may be determined. It may be determined whether the available policy set includes one or more matching policy subsets that cover all the selected permissions without allowing any additional permissions. When the available policy set includes the one or more matching policy subsets, a first recommendation may be provided to attach, to the identity, at least one matching policy subset of the one or more matching policy subsets. When the available policy set does not include the one or more matching policy subsets, a second recommendation may be provided to attach, to the identity, one or more alternative policies.

公开(公告)号：US20230315898A1

公开(公告)日：2023-10-05

申请号：US17708341

申请日：2022-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini

IPC: G06F21/62

CPC classification number: G06F21/6245

Abstract: A plurality of identities may be added to a new policy identity pool associated with new policy generation. Each identity of the plurality of identities may have respective selected permissions associated with permission usage by the identity. A new policy may be generated, based on a set of new policy constraints, that corresponds to a largest group of identities within the new policy identity pool for which the set of new policy constraints is satisfied. The set of new policy constraints may include a first constraint that the new policy includes the respective selected permissions for each identity within the largest group of identities and a second constraint that the new policy does not exceed one or more maximum additional permission thresholds. One or more indications may be provided, to a user, to attach the new policy to each identity within the largest group of identities.

公开(公告)号：US12107892B1

公开(公告)日：2024-10-01

申请号：US17213592

申请日：2021-03-26

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini ,  Homer Strong

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/0876 ,  H04L63/102

Abstract: An identity set may be selected from an identity pool of an identity management service. The identity set may be selected based on a threshold quantity of unnecessary permissions relative to one or more existing managed policies provided by the identity management service. The identity set may be grouped into a plurality of identity subsets. The grouping may be performed based at least in part on services accessed by the identity set. A plurality of candidate policies may be generated, such as by generating, for each identity subset of the plurality of identity subsets, based at least in part on a plurality of policy generation rules, a respective candidate policy. At least one candidate policy of the plurality of candidate policies may be selected as a new managed policy that is provided by the identity management service to users.

公开(公告)号：US20230216888A1

公开(公告)日：2023-07-06

申请号：US17362807

申请日：2021-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Atiye Alaeddini ,  Homer Strong

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/102 ,  H04L63/08

Abstract: Identity management recommendations for use of existing policies are described herein. An available policy set of existing policies that are available to an identity may be determined. Selected permissions associated with permission-usage by the identity may be determined. It may be determined whether the available policy set includes one or more matching policy subsets that cover all the selected permissions without allowing any additional permissions. When the available policy set includes the one or more matching policy subsets, a first recommendation may be provided to attach, to the identity, at least one matching policy subset of the one or more matching policy subsets. When the available policy set does not include the one or more matching policy subsets, a second recommendation may be provided to attach, to the identity, one or more alternative policies.