公开(公告)号：US20210099450A1

公开(公告)日：2021-04-01

申请号：US16586742

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Rachit JAIN ,  Sulay SHAH ,  Conor CAHILL ,  Praveen AKINAPALLY ,  Ian LEUNG ,  Rohit RAJ ,  Brigid Johnson

IPC: H04L29/06 ,  G06F16/182

Abstract: Techniques for managing permissions to cloud-based resources with session-specific attributes are described. A first request to create a first session to permit access to resources of a provider network is received under an assumed role. The first request is permitted based on an evaluation of a rule associated with the role. Session data including a user-specified attribute included with the first request is generated. A second request to perform an action with a resource hosted by the provider network is received. The user-specified attribute is obtained from the session data based at least in part on the second request. The second request is permitted based on an evaluation of another rule with the user-specified attribute.

公开(公告)号：US11546335B2

公开(公告)日：2023-01-03

申请号：US16586742

申请日：2019-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Jain ,  Sulay Shah ,  Conor Cahill ,  Praveen Akinapally ,  Ian Leung ,  Rohit Raj ,  Brigid Johnson

IPC: H04L29/06 ,  H04L9/40 ,  G06F16/182

Abstract: Techniques for managing permissions to cloud-based resources with session-specific attributes are described. A first request to create a first session to permit access to resources of a provider network is received under an assumed role. The first request is permitted based on an evaluation of a rule associated with the role. Session data including a user-specified attribute included with the first request is generated. A second request to perform an action with a resource hosted by the provider network is received. The user-specified attribute is obtained from the session data based at least in part on the second request. The second request is permitted based on an evaluation of another rule with the user-specified attribute.