公开(公告)号：US20220358190A1

公开(公告)日：2022-11-10

申请号：US17814366

申请日：2022-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Ali Baghani ,  Patrick MacLaine Compton ,  Andrew Katz ,  Gabriel Mastey ,  Adam Alexander Emerson Wong

IPC: G06F21/12 ,  G06F21/44 ,  G06F8/33

Abstract: Computer systems and methods are disclosed to implement a role manager that automatically analyzes code accessing various resources to generate a role with the necessary resource permissions to execute the code. In embodiments, the role manager may be implemented as part of a workflow orchestration or resource provisioning system that employs code requiring access to different types of resources. In embodiments, the role manager may analyze a code segment to identify the different resources accessed by the code segment and the permissions needed for each access, and generate a role that has the needed permissions. In embodiments, the role manager may automatically manage these roles based on changes to associated code segments. Advantageously, the disclosed role manager removes the need to manually create roles need by code segments ahead of time, and creates roles with minimal privileges required for the code, thereby simplifying achievement of system security.

公开(公告)号：US11790058B2

公开(公告)日：2023-10-17

申请号：US17814366

申请日：2022-07-22

Applicant: Amazon Technologies, Inc.

Inventor： Ali Baghani ,  Patrick MacLaine Compton ,  Andrew Katz ,  Gabriel Mastey ,  Adam Alexander Emerson Wong

IPC: G06F21/12 ,  G06F21/44 ,  G06F8/33

CPC classification number: G06F21/125 ,  G06F8/33 ,  G06F21/44

Abstract: Computer systems and methods are disclosed to implement a role manager that automatically analyzes code accessing various resources to generate a role with the necessary resource permissions to execute the code. In embodiments, the role manager may be implemented as part of a workflow orchestration or resource provisioning system that employs code requiring access to different types of resources. In embodiments, the role manager may analyze a code segment to identify the different resources accessed by the code segment and the permissions needed for each access, and generate a role that has the needed permissions. In embodiments, the role manager may automatically manage these roles based on changes to associated code segments. Advantageously, the disclosed role manager removes the need to manually create roles need by code segments ahead of time, and creates roles with minimal privileges required for the code, thereby simplifying achievement of system security.