Methods and systems for application programming interface mashups
US-9026608-B1 · May 5, 2015 · US
Template representation of security resources
US2016269446A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016269446-A1 |
| Application number | US-201615162323-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 23, 2016 |
| Priority date | Mar 19, 2012 |
| Publication date | Sep 15, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.
First claim
Opening claim text (preview).
1 .- 6 . (canceled) 7 . A computer implemented method for template representation of security resources, said method comprising: under the control of one or more computer systems configured with executable instructions, reading a template that defines a stack of resources and specifies a set of dependencies between the resources, the template referencing at least one of: a user identity, a group or a policy; and creating a stack of resources based on the template, said creating further including at least the steps of: causing a policy to be created based at least in part on the template, the policy specifying a set of permissions for performing one or more actions; and associating the policy with the user identity referenced in the template, the user identity being associated with a user access key, the user access key being opaquely referenced in the template by referring to an attribute of the user identity; receiving a request for the user access key from at least one resource; and providing the at least one resource with the user access key if the resource is instructed to receive the user access key in the template. 8 . The computer implemented method of claim 7 , further comprising: creating a group based on the security resource specified in the template; and associating the user identity with the group. 9 . The computer implemented method of claim 7 , further comprising: instantiating a compute node based on the template, the compute node providing the network-accessible service; and associating the compute node with the user identity. 10 . The computer implemented method of claim 9 , further comprising: instantiating a database instance that stores data processed by the compute node in providing the network-accessible service. 11 . The computer implemented method of claim 9 , wherein the compute node is provided with the user access key associated with the user identity. 12 . A computing device including a storage memory storing a set of instructions and one or more hardware processors that execute the set of instructions to perform a set of steps comprising: receiving a template that defines a stack of resources and specifies a set of dependencies between the resources, the template defining one or more of: a user identity, a group or a policy; and creating a stack of resources based on the template, said creating further including at least the steps of: creating a user identity based at least in part on the template and associating the user identity with the stack of resources the user identity being associated with a user access key; receiving a policy from an identity management service, the policy specifying a set of permissions; and associating the policy with the user identity referenced in the template; receiving a request for the user access key from at least one resource; and providing the at least one resource with the user access key if the resource is instructed to receive the user access key in the template. 13 . The computing device of claim 12 , further comprising instructions executed by the one or more processors to perform the steps of: creating a group based at least in part on the template; and associating the user identity with the group. 14 . The computing device of claim 12 , further comprising instructions executed by the one or more processors to perform the steps of: instantiating a compute node based at least in part on the template, the compute node providing the network-accessible service; and associating the compute node with the user identity. 15 . The computing device of claim 14 , further comprising instructions executed by the one or more processors to perform the step of: instantiating a database instance that stores data processed by the compute node in providing the network-accessible service. 16 . A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of steps comprising: reading a template that defines a stack of resources and references at least one security resource, the security resource including at least one of: a customer identity, a group or a policy; and creating a stack of resources based on the template, said creating further including at least the steps of: causing a policy to be created based at least in part on the template, the policy specifying a set of permissions; and associating the policy with the customer identity referenced in the template, the customer identity being associated with an access key, the access key being opaquely referenced in the template by referring to an attribute of the customer identity; receiving a request for the access key from at least one resource; and providing the at least one resource with the access key if the resource is instructed to receive the access key in the template. 17 . The non-transitory computer readable storage medium of claim 16 , wherein the policy is created by invoking an identity management service. 18 . The non-transitory computer readable storage medium of claim 16 , further comprising: creating a group based on the security resource specified in the template; and associating the customer identity with the group. 19 . The non-transitory computer readable storage medium of claim 16 , further comprising: instantiating a compute node based on the template, the compute node providing the network-accessible service; and associating the compute node with the customer identity. 20 . The non-transitory computer readable storage medium of claim 19 , further comprising: instantiating a database instance that stores data processed by the compute node in providing the network-accessible service.
Assignees
Inventors
Classifications
for initial configuration or provisioning, e.g. plug-and-play · CPC title
for controlling access to devices or network resources · CPC title
Entity profiles · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016269446A1 cover?
- Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The …
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Sep 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).