公开(公告)号：US20220201043A1

公开(公告)日：2022-06-23

申请号：US17567318

申请日：2022-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Ujjwal Rajkumar Pugalia ,  Sean McLaughlin ,  Neha Rungta ,  Andrew Jude Gacek ,  Matthias Schlaipfer ,  John Michael Renner ,  Jihong Chen ,  Alex Li ,  Erin Westfall ,  Daniel George Peebles ,  Himanshu Gupta

IPC: H04L9/40

Abstract: Resource state validation may be performed for access management policies by an identity and access management system. An access management policy associated with an account for network-based services may be received and validated according to resource state obtained for resources associated with the account. A correction for a portion of the access management policy may be identified according to the validation and provided via an interface for the identity and access management system.

公开(公告)号：US11218511B1

公开(公告)日：2022-01-04

申请号：US17114286

申请日：2020-12-07

Applicant: Amazon Technologies, Inc.

Inventor： Ujjwal Rajkumar Pugalia ,  Sean McLaughlin ,  Neha Rungta ,  Andrew Jude Gacek ,  Matthias Schlaipfer ,  John Michael Renner ,  Jihong Chen ,  Alex Li ,  Erin Westfall ,  Daniel George Peebles ,  Himanshu Gupta

IPC: G06F15/16 ,  H04L29/06

Abstract: Resource state validation may be performed for access management policies by an identity and access management system. An access management policy associated with an account for network-based services may be received and validated according to resource state obtained for resources associated with the account. A correction for a portion of the access management policy may be identified according to the validation and provided via an interface for the identity and access management system.

公开(公告)号：US11777995B2

公开(公告)日：2023-10-03

申请号：US17567318

申请日：2022-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Ujjwal Rajkumar Pugalia ,  Sean McLaughlin ,  Neha Rungta ,  Andrew Jude Gacek ,  Matthias Schlaipfer ,  John Michael Renner ,  Jihong Chen ,  Alex Li ,  Erin Westfall ,  Daniel George Peebles ,  Himanshu Gupta

IPC: G06F15/16 ,  H04L9/40

CPC classification number: H04L63/20 ,  H04L63/08 ,  H04L63/102 ,  H04L63/105

Abstract: Resource state validation may be performed for access management policies by an identity and access management system. An access management policy associated with an account for network-based services may be received and validated according to resource state obtained for resources associated with the account. A correction for a portion of the access management policy may be identified according to the validation and provided via an interface for the identity and access management system.

公开(公告)号：US20240223618A1

公开(公告)日：2024-07-04

申请号：US18604379

申请日：2024-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Jacob A. Kjelstrup ,  Bharath Mukkati Prakash ,  Brigid Ann Johnson ,  Ujjwal Rajkumar Pugalia

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/205 ,  G06N20/00 ,  H04L63/105

Abstract: Methods, systems, and computer-readable media for auto-tuning permissions using a learning mode are disclosed. A plurality of access requests to a plurality of services and resources by an application are determined during execution of the application in a learning mode in a pre-production environment. The plurality of services and resources are hosted in a multi-tenant provider network. A subset of the services and resources that were used by the application during the learning mode are determined. An access control policy is generated that permits access to the subset of the services and resources used by the application during the learning mode. The access control policy is attached to a role associated with the application to permit access to the subset of the services and resources in a production environment.

公开(公告)号：US11968241B1

公开(公告)日：2024-04-23

申请号：US16453931

申请日：2019-06-26

Applicant: Amazon Technologies, Inc.

Inventor： Jacob A. Kjelstrup ,  Bharath Mukkati Prakash ,  Brigid Ann Johnson ,  Ujjwal Rajkumar Pugalia

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/205 ,  G06N20/00 ,  H04L63/105

Abstract: Methods, systems, and computer-readable media for auto-tuning permissions using a learning mode are disclosed. A plurality of access requests to a plurality of services and resources by an application are determined during execution of the application in a learning mode in a pre-production environment. The plurality of services and resources are hosted in a multi-tenant provider network. A subset of the services and resources that were used by the application during the learning mode are determined. An access control policy is generated that permits access to the subset of the services and resources used by the application during the learning mode. The access control policy is attached to a role associated with the application to permit access to the subset of the services and resources in a production environment.