公开(公告)号：US11017107B2

公开(公告)日：2021-05-25

申请号：US15913741

申请日：2018-03-06

Applicant: Amazon Technologies, Inc.

Inventor： Neha Rungta ,  Pauline Virginie Bolignano ,  Catherine Dodge ,  Carsten Varming ,  John Cook ,  Rajesh Viswanathan ,  Daryl Stephen Cooke ,  Santosh Kalyankrishnan

IPC: G06F21/44 ,  H04L29/06 ,  G06F21/62 ,  G06F9/455 ,  G06F9/445 ,  G06F9/50 ,  G06F9/48

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.

公开(公告)号：US11513864B2

公开(公告)日：2022-11-29

申请号：US15933184

申请日：2018-03-22

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Koppes ,  Daryl Stephen Cooke ,  Julio Cesar dos Santos Lins ,  Bharath Swaminathan ,  Sayali Suhas Deshpande ,  Anthony Quigley ,  Romit Palit ,  Andrew John May ,  Courtney Ann Todd Campbell ,  Santosh Kalyankrishnan ,  Diane Diaz

IPC: G06F9/455 ,  G06F9/50 ,  H04L41/084

Abstract: A resource management system of a computing resource service provider performs adoptions of virtual resource instances, such as virtual machine instances and virtual data store instances that were not instantiated as members of a logical container, into logical containers that are used to manage members of the logical containers as a group. Adopting such “candidate” resources that were not generated from programmable infrastructure templates allows the resources to be managed in accordance with an infrastructure-as-code framework, alongside resources that are generated from such templates. A template for launching infrastructure instances may be modified to include an adopted resource definition describing the configuration of the adopted resource, so that management operations can be performed on the adopted resource together with the other members of the container. The system can generate an adopted resource definition from metadata of the adopted resource, to be included in the template or to validate the template.

公开(公告)号：US11086685B1

公开(公告)日：2021-08-10

申请号：US16017921

申请日：2018-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Koppes ,  Ryan John Lohan ,  Santosh Kalyankrishnan ,  Luis Eduardo Colon

IPC: G06F9/50 ,  G06F9/455 ,  G06F9/451

Abstract: A resource management system of a computing resource service provider supports the provisioning of multiple identical or substantially similar virtual computing resource instances using a single resource definition by creating a resource set entity to which the provisioned instances belong. The resource management system controls the provisioning based on a template containing the resource definition and designed to service a situation where the intent is to create a group of similar or closely-related resources. The group of instances (i.e., items in the resource set) can be dimensioned by specifying the size of the set, or by mapping the set to another set of keys associated with a different context. A resource set definition in the template can include a program expression that the system evaluates to produce a list of the keys, and the instances may be created based on the number of keys and their associated values.