公开(公告)号：US12003380B2

公开(公告)日：2024-06-04

申请号：US17663289

申请日：2022-05-13

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L12/28 ,  G06F9/455 ,  H04L41/0816 ,  H04L41/12 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L67/00 ,  H04J1/16 ,  H04L41/50

CPC classification number: H04L41/12 ,  G06F9/45558 ,  H04L41/0816 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L67/34 ,  G06F2009/45595 ,  H04L41/5096

Abstract: Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

公开(公告)号：US20230291674A1

公开(公告)日：2023-09-14

申请号：US18309597

申请日：2023-04-28

Applicant: Amazon Technologies, Inc.

Inventor： Kenneth Grey Richards ,  Schuyler David Thompson ,  Adam Siefker ,  Kevin Christopher Miller ,  Meenakshi Rameshkumar

IPC: H04L43/00 ,  H04L43/08 ,  H04L12/46

CPC classification number: H04L43/14 ,  H04L43/08 ,  H04L12/4641 ,  H04L43/0811

Abstract: Respective network metrics sets corresponding to one or more data sources are examined at a network health manager. Network health states corresponding to one or more endpoint pair categories are determined based on the analysis of the network metric sets. An indication of the network health state of a particular endpoint pair category is stored.

公开(公告)号：US20230239277A1

公开(公告)日：2023-07-27

申请号：US18156332

申请日：2023-01-18

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Andrew J. Doane ,  Mahmoud A. Abuelela ,  Michael B. Furr

IPC: H04L9/40 ,  H04L67/14 ,  H04L45/302 ,  H04L41/046

CPC classification number: H04L63/0428 ,  H04L9/40 ,  H04L41/046 ,  H04L45/306 ,  H04L67/14 ,  H04L43/0811

Abstract: Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity.

公开(公告)号：US11659004B2

公开(公告)日：2023-05-23

申请号：US16673696

申请日：2019-11-04

Applicant: Amazon Technologies, Inc.

Inventor： Rajat Banerjee ,  Nathan Andrew Miller ,  Aniket Deepak Divecha ,  John Robert Kerl ,  Mingxue Zhao ,  Shuai Ye ,  Kevin Christopher Miller

IPC: H04L29/06 ,  H04L9/40 ,  H04L43/067 ,  H04L43/0876

CPC classification number: H04L63/20 ,  H04L43/067 ,  H04L43/0876 ,  H04L63/0227 ,  H04L63/0245 ,  H04L63/1408

Abstract: Computing resource service providers may provide computing resources to customers in a multi-tenant environment. These computing resources may be behind a firewall or other security device such that certain information does not reach the computing resources provided to the customer. A logging entity may be implemented on computer server operated by the computing resource service provider. The logging entity may obtain log information from the firewall or other security device and store the log information such that it is accessible to the customer. Additionally, the log information may be provided to other services such as a metrics service or intrusion detection service.

公开(公告)号：US11516080B2

公开(公告)日：2022-11-29

申请号：US17119944

申请日：2020-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L41/0816 ,  H04L45/02 ,  H04L45/586 ,  H04L41/12

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

公开(公告)号：US11063819B2

公开(公告)日：2021-07-13

申请号：US16517446

申请日：2019-07-19

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/715 ,  H04L12/18 ,  H04L12/761 ,  H04L12/707

Abstract: Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling.

公开(公告)号：US10958653B1

公开(公告)日：2021-03-23

申请号：US15634163

申请日：2017-06-27

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Rebecca Claire Weiss

IPC: G06F16/23 ,  G06F16/24 ,  G06F21/00 ,  G06F21/31 ,  G06F21/32 ,  G06F21/44 ,  G06F21/45 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  H04L29/06

Abstract: A computing resource service provider grants a first set of security permissions to a principal (e.g., a user) which may be used to access a plurality of computing resources. The permissions may be associated with a first security token. The principal may access resources using the first set of security permissions, and a system (e.g., a service provider) may identify a subset of security permissions that are sufficient to provide access to the computing resources accessed by the principal using the first set of permissions. The subset may be associated with the principal. In some cases, the principal operating under the subset of permissions may be denied access to a computing resource and may be granted access to the computing resource by operating under the first set of permissions.

公开(公告)号：US10862777B2

公开(公告)日：2020-12-08

申请号：US15279351

申请日：2016-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Kenneth Grey Richards ,  Schuyler David Thompson ,  Adam Siefker ,  Kevin Christopher Miller ,  Meenakshi Rameshkumar

IPC: H04L12/26 ,  H04L12/46 ,  H04L29/12

Abstract: A determination is made that a graphical representation of network health state information pertaining to a client account of a provider network is to be provided. Using respective network metrics groups corresponding to several data sources, a network health state descriptor corresponding to a resource associated with the client account is generated. A data set usable to generate a graphical display of network health state information of the resource of the client account is transmitted.

公开(公告)号：US10812384B2

公开(公告)日：2020-10-20

申请号：US16025822

申请日：2018-07-02

Applicant: Amazon Technologies, Inc.

Inventor： Kyle Tailor Akers ,  Chao Yuan ,  Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  Michael Siaosi Voegele ,  Daniel Lee McCarriar ,  Yohanes Santoso ,  David Brian Lennon

IPC: G06F15/173 ,  H04L12/741 ,  H04L29/12

Abstract: Techniques are described for managing customer-specified routing policies for network-accessible computing resources. In some situations, the customer-specified routing policies may be based at least in part on DNS (“Domain Name System”) information specified by a customer, such as if the customer specifies one or more target destinations to use with an indicated DNS domain name that are different from the destination IP address(es) provided for that DNS domain name by DNS servers—if so, the managing of such a DNS-based routing policy for that customer may include identifying when network-accessible computing resources provided to the customer send electronic communications to that DNS domain name, and causing those electronic communications to be redirected to the customer-specified target destination(s). Such customer-specified target destinations may include, in different situations, final destinations, intermediate destinations, etc., as well as identify particular routes.

公开(公告)号：US10715485B2

公开(公告)日：2020-07-14

申请号：US15688608

申请日：2017-08-28

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Kevin Christopher Miller ,  Michael Siaosi Voegele

IPC: H04L29/12 ,  H04L29/06 ,  H04L29/08 ,  G06F9/455

Abstract: Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider network, the web service being accessible by the customer's virtual machines over an external communication network. The systems and processes may also include the ability to determine a number of IP addresses for the web service, identify virtual machines of the customer that are allowed to communicate with the web service, generate one or more IP address lists for the identified virtual machines, and update security tables for the identified virtual machines with the IP address lists at server computers hosting the identified virtual machines.