公开(公告)号：US09313208B1

公开(公告)日：2016-04-12

申请号：US14219930

申请日：2014-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers ,  Daniel Bauman ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Aidan Musnitzky ,  Joshua Mentz ,  Brian Frederick Mulder

IPC: G06F21/00 ,  G06F15/16 ,  H04L29/06 ,  G06F21/62 ,  G06F21/60 ,  G06F21/33

CPC classification number: H04L63/104 ,  G06F21/33 ,  G06F21/604 ,  G06F21/62 ,  G06F2221/2149 ,  H04L41/5074 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/20 ,  H04L67/1097

Abstract: Entities such as resource and service providers can utilize a ticketing system to define operational actions as primitives that can be stored, combined into more complex workflows, and executed in a restricted zone wherein a portion of the resources or services are not directly accessible to those providers. These primitives can be stored in the provider environment and shared with the restricted zone, in order to provide a structured approach to the sharing of operational knowledge. When a primitive is first received to the restricted zone, a person vetted by the customer associated with the restricted zone can review and approve the primitive, and can cause the primitive to be executed in the restricted zone. When that same primitive is subsequently received to the restricted zone, a lookup can be performed to determine that an approval exists, whereby the primitive can be executed in the restricted zone without another review.

Abstract translation: 诸如资源和服务提供商的实体可以利用票务系统将操作动作定义为可以存储的原语，组合成更复杂的工作流，并且在限制区域中执行，其中一部分资源或服务不能直接访问那些提供者 。 这些原语可以存储在供应商环境中并与限制区共享，以便提供一种结构化的方法来共享操作知识。 当一个原语被首先接收到限制区域时，与限制区域相关联的客户审查的人可以审查和批准原语，并且可以使原语在限制区域中被执行。 当相同的原语随后被接收到限制区域时，可以执行查找以确定存在批准，由此可以在限制区域中执行原语，而不进行另一次审查。

公开(公告)号：US20220164228A1

公开(公告)日：2022-05-26

申请号：US17211767

申请日：2021-03-24

Applicant: Amazon Technologies, Inc.

Inventor： Yuri Volobuev ,  Murali Brahmadesam ,  Stefano Stefani ,  Daniel Bauman ,  Alexey Kuznetsov ,  Krishnamoorthy Rajarathinam ,  Balasubramaniam Bodeddula ,  Xiang Peng ,  Dmitriy Setrakyan ,  Pooya Saadatpanah ,  Grant A. McAlister ,  Anthony Paul Hooper ,  Navaneetha Krishnan Thanka Nadar ,  Chayan Biswas ,  Tobias Joakim Bertil Ternstrom

IPC: G06F9/50 ,  G06F9/455 ,  G06F16/21

Abstract: Fine-grained virtualization provisioning may be performed for in-place database scaling. Computing resource utilization for a database on a host system is obtained for a period of time. The computing resource utilization may be evaluated with respect to a target capacity for the database. If a scaling event is detected based on the evaluation, a modified target capacity may be determined and used to make an adjustment of the computing resources permitted to be used by the database.

公开(公告)号：US10333901B1

公开(公告)日：2019-06-25

申请号：US14483069

申请日：2014-09-10

Applicant: Amazon Technologies, Inc.

Inventor： Daniel Bauman ,  Willem Jacob Buys ,  Joshua Dawie Mentz ,  Aidan Musnitzky ,  Timothy Ralph Sjoberg ,  Ross Bevan Engers ,  Ronen Dov Agranat ,  Brian Frederick Mulder ,  Stefan Letz

IPC: H04L29/06 ,  G06F21/62

Abstract: A method for data aggregation of declassified sensitive data may include obtaining a policy associated with an isolated region of a service provider. The policy may identify a plurality of rules for declassifying sensitive data accessible within the isolated region. At least a portion of the plurality of rules identified by the policy may be obtained. A file with the sensitive data may be identified, the file being generated within the isolated region. An output file may be generated based on applying the obtained rules to the file. At least a portion of the sensitive data may be filtered out using the obtained rules. The generated output file may be provided for access outside of the isolated region. The sensitive data may be inaccessible by at least another region of the service provider.

公开(公告)号：US09178867B1

公开(公告)日：2015-11-03

申请号：US14219827

申请日：2014-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers ,  Daniel Bauman ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Aidan Musnitzky ,  Joshua Mentz ,  Brian Frederick Mulder

IPC: H04L12/00 ,  H04L29/06

CPC classification number: H04L12/00 ,  H04L12/6418 ,  H04L63/0807 ,  H04L67/40

Abstract: A computer-implemented method includes recording one or more actions being performed by an agent using at least one resource of a resource provider environment, the at least one resource being associated with a non-restricted zone in the resource provider environment. The method includes creating a primitive that describes the one or more actions. The primitive is able to be executed on at least one different resource in a restricted zone in the resource provider environment to perform the one or more actions using the different resource. The restricted zone includes resources associated with a customer that are directly accessible only to at least one authorized entity. The method includes submitting the primitive to the restricted zone in the resource provider environment. The primitive is able to be executed by the at least one authorized entity on the at least one different resource in the restricted zone.

Abstract translation: 计算机实现的方法包括使用资源提供者环境的至少一个资源记录由代理执行的一个或多个动作，所述至少一个资源与资源提供者环境中的非受限区域相关联。 该方法包括创建描述一个或多个动作的原语。 该原语能够在资源提供者环境中的受限区域中的至少一个不同资源上执行，以使用不同的资源来执行一个或多个动作。 限制区域包括与客户相关联的资源，其仅能够被至少一个授权实体直接访问。 该方法包括将资源提交给资源提供者环境中的限制区域。 原语能够由受限区域中的至少一个不同资源上的至少一个授权实体执行。