公开(公告)号：US20220094643A1

公开(公告)日：2022-03-24

申请号：US17029581

申请日：2020-09-23

Applicant: Amazon Technologies, Inc.

Inventor： John Byron COOK ,  Neha RUNGTA ,  Andrew Jude GACEK ,  Daniel George PEEBLES ,  Carsten VARMING

IPC: H04L12/911 ,  H04L12/923

Abstract: Techniques are described for using compositional reasoning techniques to perform role reachability analyses relative to collections of user accounts and roles of a cloud provider network. Delegated role-based resource management generally is a method for controlling access to resources in cloud provider networks and other distributed systems. Many cloud provider networks, for example, implement identity and access management subsystems using this approach, where the concept of “roles” is used to specify which resources can be accessed by people, software, or (recursively) by other roles. An abstraction of the role reachability analysis is provided that can be used as input to a model-checking application to reason about such role reachability questions (e.g., which roles of an organization are reachable from other roles).

公开(公告)号：US20220191253A1

公开(公告)日：2022-06-16

申请号：US17119663

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Neha RUNGTA ,  Daniel George PEEBLES ,  Andrew Jude GACEK ,  Marvin THEIMER ,  Rebecca Claire WEISS ,  Brigid Ann JOHNSON

IPC: H04L29/06 ,  H04L12/24

Abstract: Techniques for intent-based access control are described. A method of intent-based access control may include receiving, via a user interface of an intent-based governance service, one or more intent statements associated with user resources in a provider network, the one or more intent statements expressing at least one type of action allowed to be performed on the user resources, compiling the one or more intent statements into at least one access control policy, and associating the at least one access control policy with the user resources.