Template representation of security resources
US-9350738-B2 · May 24, 2016 · US
Template representation of security resources
US11882154B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11882154-B2 |
| Application number | US-201615162323-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 23, 2016 |
| Priority date | Mar 19, 2012 |
| Publication date | Jan 23, 2024 |
| Grant date | Jan 23, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising: at least one processor; and a memory, comprising program instructions that when executed by the at least one processor cause the at least one processor to: parse a template for deployment of one or more resources in a network-accessible service provider to identify a user access key attribute parameter that opaquely refers to a previously defined access key value to be used by the one or more resources created during deployment to authenticate an entity or to authorize an action on behalf of the entity, wherein the previously defined access key value that is opaquely referred to in the template by the user access key attribute parameter is not included in the template in plaintext, wherein the one or more resources, once deployed, provide an environment for execution of an application or execution of a network-accessible service; obtain, based at least in part on the user access key attribute parameter identified in the template and that opaquely refers to the previously defined access key value, the previously defined access key value for the identified user access key attribute parameter in the template; deploy the one or more resources in the network-accessible service provider, wherein deploy comprises create the one or more resources; and provide, to the one or more resources, the determined previously defined access key value; wherein the one or more resources created during deployment provide the environment for execution of the application or the network-accessible service and use the previously defined access key value, that is opaquely referred to in the template by the user access key attribute parameter but not included in the template in plaintext, to authenticate an entity or to authorize an action. 2. The system of claim 1 , wherein the program instructions further cause the at least one processor to receive the template via an Application Programming Interface (API) for the network-accessible service provider. 3. The system of claim 1 , wherein the template describes deployment output for deploying the one or more resources and wherein the program instructions further cause the at least one processor to provide the deployment output according to the template based, at least in part, on the deployment of the one or more resources. 4. The system of claim 1 , wherein the template describes one or more dependencies between the one or more resources and wherein the program instructions further cause the at least one processor to determine an order to deploy the one or more resources according to the one or more dependencies in the template, wherein the deployment is performed according to the determined order. 5. The system of claim 1 , wherein the template includes a policy specifying permissions for one or more users with respect to the one or more resources and wherein the program instructions further cause the at least one processor to enforce the policy with respect to the one or more resources. 6. The system of claim 1 , wherein the program instructions further cause the at least one processor to perform the parse, the determination, and the deployment for one or more other resources in the network-accessible provider service according to the template, wherein the determined configuration values for the one or more other resources are different than the determined configuration values for the one or more resources. 7. The system of claim 1 , wherein the program instructions further cause the at least one processor to receive the template via a command line tool for the network-accessible service provider. 8. A method, comprising: performing, by one or more computing devices: parsing a template for deploying one or more resources in a network-accessible service provider to identify a user access key attribute parameter that opaquely refers to a previously defined access key value to be used by the one or more resources created during deployment to authenticate an entity or to authorize an action on behalf of the entity, wherein the previously defined access key value that is opaquely referred to in the template by the user access key attribute parameter is not included in the template in plaintext, wherein the one or more resources, once deployed, provide an environment for execution of an application or execution of a network-accessible service; obtaining, based at least in part on the user access key attribute parameter identified in the template and that opaquely refers to the previously defined access key value, the previously defined access key value for the identified user access key attribute parameter in the template; deploying the one or more resources in the network-accessible service provider to create the environment for execution of the application or the network-accessible service, wherein deploying comprises creating the one or more resources; and receiving, by the one or more resources, the determined previously defined access key value; wherein the one or more resources created during deployment use the received previously defined access key value, that is opaquely referred to in the template by the user access key attribute parameter but not included in the template in plaintext, to authenticate an entity or to authorize an action. 9. The method of claim 8 , further comprising receiving the template via an Application Programming Interface (API) for the network-accessible service provider. 10. The method of claim 8 , wherein the template describes deployment output for deploying the one or more resources and wherein the method further comprises providing the deployment output according to the template based, at least in part, on the deploying of the one or more resources. 11. The method of claim 8 , wherein the template describes one or more dependencies between the one or more resources and wherein the method further comprises determining an order to deploy the one or more resources according to the one or more dependencies in the template, wherein the deploying is performed according to the determined order. 12. The method of claim 8 , wherein the template includes a policy specifying permissions for one or more users with respect to the one or more resources and wherein the method further comprises enforcing the policy with respect to the one or more resources. 13. The method of claim 8 , further comprising performing the parsing, the determining, and the deploying for one or more other resources in the network-accessible provider service according to the template, wherein the determined configuration values for the one or more other resources are different than the determined configuration values for the one or more resources. 14. The method of claim 8 , further comprising receiving the template via a command line tool for the network-accessible service provider. 15. One or more non-transitory, computer readable storage media, storing program instructions that when executed on or across one or more computing devices, cause the one or more computing devices to implement: parsing a template for deploying one or more resources in a network-accessible service provider to identify a user access key attribute parameter that opaquely refers to a previously defined access key value to be used by the one or more resources created during the deploying to authenticate an entity or to authorize an action on behalf of the entity, wherein the previously defined access key value that is opaquely referred to in the template by the user access key attribute parameter is not included in the template in plaintext, wherein the one or more resources, once d
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
for initial configuration or provisioning, e.g. plug-and-play · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
for controlling access to devices or network resources · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11882154B2 cover?
- Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The …
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 23 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).