公开(公告)号：US10931506B2

公开(公告)日：2021-02-23

申请号：US16672325

申请日：2019-11-01

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Jonathan Kempe ,  Ronen Dov Agranat ,  Malcolm Featonby ,  Joshua Mentz ,  Timothy Ralph Sjoberg ,  Willem Jacob Buys

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  H04L12/26

Abstract: A network visualization service may auto-generate graphical, dynamic, and interactive network diagrams of the infrastructure (resource instances, connections, etc.) of clients' virtual private networks as implemented on a provider network. A network diagram may include representations of various virtualized components of a client's virtual private network, as well as relationships among and connections between and among the various components. The diagram may also display logical and/or geographical groupings of the virtual resources in the client's virtual private network. The service may track changes to the virtual private network and update the diagram accordingly. The diagram may provide a user interface via which the client may select particular graphical objects on diagram to display additional information about a respective resource instance or connection and/or to change the client's virtual private network configuration via the network diagram.

公开(公告)号：US09473799B1

公开(公告)日：2016-10-18

申请号：US14109355

申请日：2013-12-17

Applicant: Amazon Technologies, Inc.

Inventor： Joshua Mentz ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Willem Jacob Buys ,  Gregory Jonathan Kempe

IPC: G06F15/173 ,  H04N21/262 ,  H04L29/08 ,  H04L9/32 ,  G06F17/30

CPC classification number: H04N21/26241 ,  G06F9/45558 ,  G06F9/5005 ,  G06F9/5077 ,  G06F17/30896 ,  G06F2009/45591 ,  H04L9/3213 ,  H04L67/2842

Abstract: A distributed execution environment provides resources such as computing resources, hardware resources, and software resources. One or more resource data providers might also operate in conjunction with the distributed execution environment to provide resource data describing various aspects of the resources in the distributed execution environment. A query service may obtain resource data provided by the resource data providers in order to generate responses to queries. In order to obtain the resource data from the resource data providers, the query service may utilize various “pull” and “push” mechanisms. Using a push mechanism, the resource data providers push resource data to the query service. Utilizing a pull mechanism, the query service pulls the resource data from the resource data providers. The query service might also store resource data received from the resource data providers in a cache and utilize the cached resource data when responding to queries for resource data.

Abstract translation: 分布式执行环境提供诸如计算资源，硬件资源和软件资源等资源。 一个或多个资源数据提供者还可以与分布式执行环境一起操作，以提供描述分布式执行环境中资源的各个方面的资源数据。 查询服务可以获得由资源数据提供者提供的资源数据，以产生对查询的响应。 为了从资源数据提供者获得资源数据，查询服务可以利用各种“拉”和“推”机制。 使用推送机制，资源数据提供者将资源数据推送到查询服务。 利用拉动机制，查询服务从资源数据提供者提取资源数据。 查询服务还可以将从资源数据提供者接收的资源数据存储在高速缓存中，并在响应资源数据的查询时利用缓存的资源数据。

公开(公告)号：US09313208B1

公开(公告)日：2016-04-12

申请号：US14219930

申请日：2014-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers ,  Daniel Bauman ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Aidan Musnitzky ,  Joshua Mentz ,  Brian Frederick Mulder

IPC: G06F21/00 ,  G06F15/16 ,  H04L29/06 ,  G06F21/62 ,  G06F21/60 ,  G06F21/33

CPC classification number: H04L63/104 ,  G06F21/33 ,  G06F21/604 ,  G06F21/62 ,  G06F2221/2149 ,  H04L41/5074 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/20 ,  H04L67/1097

Abstract: Entities such as resource and service providers can utilize a ticketing system to define operational actions as primitives that can be stored, combined into more complex workflows, and executed in a restricted zone wherein a portion of the resources or services are not directly accessible to those providers. These primitives can be stored in the provider environment and shared with the restricted zone, in order to provide a structured approach to the sharing of operational knowledge. When a primitive is first received to the restricted zone, a person vetted by the customer associated with the restricted zone can review and approve the primitive, and can cause the primitive to be executed in the restricted zone. When that same primitive is subsequently received to the restricted zone, a lookup can be performed to determine that an approval exists, whereby the primitive can be executed in the restricted zone without another review.

Abstract translation: 诸如资源和服务提供商的实体可以利用票务系统将操作动作定义为可以存储的原语，组合成更复杂的工作流，并且在限制区域中执行，其中一部分资源或服务不能直接访问那些提供者 。 这些原语可以存储在供应商环境中并与限制区共享，以便提供一种结构化的方法来共享操作知识。 当一个原语被首先接收到限制区域时，与限制区域相关联的客户审查的人可以审查和批准原语，并且可以使原语在限制区域中被执行。 当相同的原语随后被接收到限制区域时，可以执行查找以确定存在批准，由此可以在限制区域中执行原语，而不进行另一次审查。

公开(公告)号：US09647896B1

公开(公告)日：2017-05-09

申请号：US14135013

申请日：2013-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Brian Frederick Mulder ,  Ross Bevan Engers ,  Joshua Mentz ,  Ronen Dov Agranat ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  James Alfred Gordon Greenfield

IPC: G06F15/173 ,  H04L12/24

CPC classification number: H04L41/22 ,  H04L41/0896

Abstract: A distributed execution environment provides resources such as computing resources, hardware resources, and software resources. Resource action rules (“rules”) may be defined and associated with resources in the distributed execution environment. The rules may be evaluated based upon resource state data defining the state of one or more resources. The results of the evaluation of the rules may be utilized to take various actions. For example, the results of the evaluation of rules may be utilized to generate a user interface (UI) object for providing information regarding the evaluation of the rule, to initiate a workflow, and/or perform another type of action. The results might also be utilized to prohibit certain types of operations from being performed with regard to a resource. The results might be propagated to other resources. A UI might also be provided for use in defining the rules.

公开(公告)号：US20140188815A1

公开(公告)日：2014-07-03

申请号：US13733616

申请日：2013-01-03

Applicant: Amazon Technologies, Inc

Inventor： Joshua Mentz ,  Ronen Dov Agranat ,  Timothy Ralph Sjoberg ,  Malcolm Featonby ,  Gregory Jonathan Kempe ,  Willem Jacob Buys

IPC: G06F17/30

CPC classification number: G06Q10/06 ,  G06F11/3006 ,  G06F11/3055

Abstract: A distributed execution environment includes various resources, such as instances of computing resources, hardware resources, software resources, and others. A resource state viewing tool executing in conjunction with the distributed execution environment provides access to data regarding the state of each resource in the form of a resource page associated with the resource. The resource page for a resource might also include one or more annotations assigned to the resource by a user or by a component within the distributed execution environment. The annotations might have associated expiration data, such as an expiration time or event, which may be utilized to expire the annotations. The annotations might also have a namespace assigned thereto that is utilized when responding to requests to retrieve the annotations. The annotations might also have permissions assigned thereto that identify the rights of one or more users and/or components to read, modify, or delete the annotations.

Abstract translation: 分布式执行环境包括各种资源，例如计算资源的实例，硬件资源，软件资源等。 与分布式执行环境一起执行的资源状态查看工具提供对与资源相关联的资源页面形式的每个资源的状态的访问。 资源的资源页面还可以包括用户或分布式执行环境中的组件分配给资源的一个或多个注释。 注释可能具有关联的到期数据，例如可以用于使注释过期的到期时间或事件。 注释还可以具有分配给它的命名空间，当响应于检索注释的请求时被使用。 注释还可以具有分配给其的权限，其标识一个或多个用户和/或组件读取，修改或删除注释的权限。

公开(公告)号：US10469304B1

公开(公告)日：2019-11-05

申请号：US13743095

申请日：2013-01-16

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Jonathan Kempe ,  Ronen Dov Agranat ,  Malcolm Featonby ,  Joshua Mentz ,  Timothy Ralph Sjoberg ,  Willem Jacob Buys

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  H04L12/26

Abstract: A network visualization service may auto-generate graphical, dynamic, and interactive network diagrams of the infrastructure (resource instances, connections, etc.) of clients' virtual private networks as implemented on a provider network. A network diagram may include representations of various virtualized components of a client's virtual private network, as well as relationships among and connections between and among the various components. The diagram may also display logical and/or geographical groupings of the virtual resources in the client's virtual private network. The service may track changes to the virtual private network and update the diagram accordingly. The diagram may provide a user interface via which the client may select particular graphical objects on diagram to display additional information about a respective resource instance or connection and/or to change the client's virtual private network configuration via the network diagram.

公开(公告)号：US09455879B1

公开(公告)日：2016-09-27

申请号：US13784454

申请日：2013-03-04

Applicant: Amazon Technologies, Inc.

Inventor： Joshua Mentz ,  Willem Jacob Buys ,  Ronen Dov Agranat ,  Timothy Ralph Sjoberg ,  Gregory Jonathan Kempe ,  Malcolm Featonby

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L65/1073 ,  H04L63/10

Abstract: Requests to change attributes of servers or other computing resources can be validated by a veto service. For example, the veto service can receive requests to register for notification of changes to an attribute for a server, send a notification of a pending change to the attribute to each of a plurality of services, determine a response to the notification for each service, and based on the responses decide whether to allow or deny the pending change to the attribute. The responses from the notified services can be received responses or default responses.

Abstract translation: 可以通过否决权服务来验证服务器或其他计算资源的属性的请求。 例如，否决权服务可以接收请求以注册对服务器的属性的更改的通知，向多个服务中的每个服务发送对属性的待决更改的通知，确定对每个服务的通知的响应， 并且基于响应决定是否允许或拒绝对该属性的未决更改。 来自通知服务的响应可以被接收到响应或默认响应。

公开(公告)号：US09178867B1

公开(公告)日：2015-11-03

申请号：US14219827

申请日：2014-03-19

Applicant: Amazon Technologies, Inc.

Inventor： Stefan Letz ,  Ross Bevan Engers ,  Daniel Bauman ,  Willem Jacob Buys ,  Timothy Ralph Sjoberg ,  Ronen Dov Agranat ,  Aidan Musnitzky ,  Joshua Mentz ,  Brian Frederick Mulder

IPC: H04L12/00 ,  H04L29/06

CPC classification number: H04L12/00 ,  H04L12/6418 ,  H04L63/0807 ,  H04L67/40

Abstract: A computer-implemented method includes recording one or more actions being performed by an agent using at least one resource of a resource provider environment, the at least one resource being associated with a non-restricted zone in the resource provider environment. The method includes creating a primitive that describes the one or more actions. The primitive is able to be executed on at least one different resource in a restricted zone in the resource provider environment to perform the one or more actions using the different resource. The restricted zone includes resources associated with a customer that are directly accessible only to at least one authorized entity. The method includes submitting the primitive to the restricted zone in the resource provider environment. The primitive is able to be executed by the at least one authorized entity on the at least one different resource in the restricted zone.

Abstract translation: 计算机实现的方法包括使用资源提供者环境的至少一个资源记录由代理执行的一个或多个动作，所述至少一个资源与资源提供者环境中的非受限区域相关联。 该方法包括创建描述一个或多个动作的原语。 该原语能够在资源提供者环境中的受限区域中的至少一个不同资源上执行，以使用不同的资源来执行一个或多个动作。 限制区域包括与客户相关联的资源，其仅能够被至少一个授权实体直接访问。 该方法包括将资源提交给资源提供者环境中的限制区域。 原语能够由受限区域中的至少一个不同资源上的至少一个授权实体执行。