Token-based access control and grouping

    公开(公告)号:US10666657B1

    公开(公告)日:2020-05-26

    申请号:US15372281

    申请日:2016-12-07

    Abstract: One or more clients of a service may obtain access to resources of the service using one or more roles. A role may be used to delegate access to resources that a client normally would not otherwise have access to. A requestor may make a request to assume an intermediary role and receive a first token that enables assumption of the intermediary role. The requestor, after assuming the intermediary role, may request to assume to assume a destination role and receive a second token that enables the requestor to access one or more computing resources by assuming the destination role.

    Auto-generation of partition key
    2.
    发明授权

    公开(公告)号:US11860819B1

    公开(公告)日:2024-01-02

    申请号:US15637751

    申请日:2017-06-29

    CPC classification number: G06F16/137 G06F16/278 G06F21/62 G06F16/00

    Abstract: A distributed database may comprise a plurality of nodes maintaining a collection of data items indexed by key values. Upon receiving a request to store a data item, a node of the database may be selected based on the node's suitability for storing the data item. The distributed database may generate a key to identify the data item, such that the generated key identifies the data item and comprises information indicative of the selected node. The distributed database may provide the generated key to an application programming interface client in response to the request.

    Request cost index for throttling requests to execute operations in a multi-tenant provider network

    公开(公告)号:US12182114B1

    公开(公告)日:2024-12-31

    申请号:US17703743

    申请日:2022-03-24

    Abstract: Techniques for calculating and using a request cost index for throttling application programming interface (API) requests to execute operations in a provider network. The techniques encompass the step receiving a request to execute an operation at an API service in the provider network. Further steps include determining to execute the operation based on a request rate limiting algorithm, executing the operation to yield an operation result, and sending the operation result. Additional steps include calculating a request cost index that reflects an amount of computing resources utilized by executing the operation, determining an adjustment amount for a state variable of the request rate limiting algorithm based on the calculated request cost index, and adjusting (e.g., lowering) the state variable by the adjustment amount. Other (e.g., subsequent) requests to execute queries received at the API service that are metered by the state variable can be throttled by the API service.

    Token-based access control and grouping

    公开(公告)号:US11329989B2

    公开(公告)日:2022-05-10

    申请号:US16879645

    申请日:2020-05-20

    Abstract: One or more clients of a service may obtain access to resources of the service using one or more roles. A role may be used to delegate access to resources that a client normally would not otherwise have access to. A requestor may make a request to assume an intermediary role and receive a first token that enables assumption of the intermediary role. The requestor, after assuming the intermediary role, may request to assume to assume a destination role and receive a second token that enables the requestor to access one or more computing resources by assuming the destination role.

    Server-specified filters for long-lived client requests to fetch data in response to events

    公开(公告)号:US11962663B1

    公开(公告)日:2024-04-16

    申请号:US17697777

    申请日:2022-03-17

    Abstract: Server-specified subscription filters for long-lived client requests to fetch data in response to events. In one aspect, the techniques encompass a method performed by a set of one or more computing devices. The method includes the step of receiving a long-lived request to fetch data in response to events sent by a client computing device. The method further includes receiving a server-specified subscription filter for the long-lived request and executing the long-lived request. Executing the long-lived request includes creating a persistent function that uses the server-specified subscription filter to map a source event stream to a response event stream. The response event stream is provided to the client computing device. The server-specified subscription filter facilitates filtering of events fetched for the long-lived request in a way that may not be possible or impractical if the subscription client were required to specify the filter in the long-lived request.

    Fair queuing of request tasks spawned by requests to execute generative operations

    公开(公告)号:US11880726B1

    公开(公告)日:2024-01-23

    申请号:US17850962

    申请日:2022-06-27

    CPC classification number: G06F9/546 G06F16/2455 G06F16/284

    Abstract: Fair queuing of request tasks spawned by requests to execute generative operations such as, for example, graph query language requests to execute a graph query language query, mutation, or subscription operations. Queuing techniques are used to prevent a heavy generative operation from dominating usage of computing resources of a host that executes many generative operations concurrently including a mix of heavy and normal generative operations. Generative operations are analyzed and classified as heavy or normal as the request tasks they spawn are being executed. If a generative operation is classified as heavy, then subsequent request tasks spawned by the heavy generative operation are added to an overload queue while request tasks spawned by concurrently executing normal generative operations as added to a main queue. For fairness, request tasks are polled from the main queue for execution at greater frequency than request tasks in the overload queue.

    Subscription fan out
    8.
    发明授权

    公开(公告)号:US11159634B1

    公开(公告)日:2021-10-26

    申请号:US15821676

    申请日:2017-11-22

    Abstract: A technology is provided for a fan out for a subscription. A mutation may be received at a data proxy from an application. The mutation may be sent to the data source via a data access resolver associated with the data proxy. Results for the mutation may be received. At least one subscription may be identified which matches combinations of fields in the results for the mutation. A message for the at least one subscription regarding the mutation may be sent to a messaging service to enable the messaging service to publish the message to devices subscribed to at least one topic for the at least one subscription.

Patent Agency Ranking