公开(公告)号：US20160269446A1

公开(公告)日：2016-09-15

申请号：US15162323

申请日：2016-05-23

Applicant: Amazon Technologies, Inc.

Inventor： AVINASH JAISINGHANI ,  RETO KRAMER ,  CHRISTOPHER WHITAKER ,  VENKATES P. BALAKRISHNAN ,  PRASHANT JAYARAMAN ,  RICHARD CURTIS EDWARDS, JR.

IPC: H04L29/06

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

公开(公告)号：US20150150081A1

公开(公告)日：2015-05-28

申请号：US14611933

申请日：2015-02-02

Applicant: Amazon Technologies, Inc.

Inventor： AVINASH JAISINGHANI ,  RETO KRAMER ,  CHRISTOPHER WHITAKER ,  VENKATES P. BALAKRISHNAN ,  PRASHANT JAYARAMAN ,  RICHARD CURTIS EDWARDS, JR.

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L41/0806 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/102

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract translation: 描述了系统和方法，使用户能够将安全资源和用户访问密钥建模为模板语言中的资源。 该模板可用于创建和更新将提供网络可访问服务的一堆资源。 在堆栈创建过程和堆栈更新过程期间，可以在模板中引用安全资源和访问密钥。 安全资源可以包括用户，组和策略。 另外，用户可以将模板中的访问密钥引用为动态参数，无需以明文方式引用访问密钥。 系统安全地存储系统内的访问密钥，并允许模板在定义后引用它们。 然后，这些关键引用可以在模板中传递到需要它们的资源，并通过使用用户数据字段将它们安全地传递给诸如服务器实例的资源。