Private service endpoints in isolated virtual networks
First Claim
1. A system, comprising:
- one or more computing devices comprising one or more respective hardware processors and memory to implement one or more control-plane components of a provider network at one or more computing devices, wherein the provider network comprises a first isolated virtual network established on behalf of a first client and a second isolated virtual network established on behalf of a second client;
wherein the one or more control-plane components are configured to;
insert, in response to receiving a first request from the first client, a first service in a registry of privately-accessible services, wherein the first service implements a web services interface, wherein access to the first service is to be provided using at least a first resource of the first isolated virtual network, and wherein access to the first service is to be provided via one or more private network pathways which are not accessible from the public Internet;
transmit, in response to a service discovery query from the second client for a service to be accessed from the second isolated virtual network, an indication of at least the first service;
perform, in response to a request to enable access to the first service from the second isolated virtual network, one or more configuration changes to enable service requests generated at the second isolated virtual network to be transmitted to the first resource via a private network pathway within the provider network without using a public network pathway external to the provider network, wherein a particular configuration change of the one or more configuration changes includes assigning a particular network address to a virtual network interface configured for the service, wherein the particular private network address is included in a network address range of the second isolated virtual network;
collect one or more metrics corresponding to the service requests; and
provide the one or more metrics to one or more of the first client and the second client.
1 Assignment
0 Petitions
Accused Products
Abstract
A service implemented at a first isolated virtual network of a provider network is added to a database of privately-accessible services. Configuration changes that enable network packets to flow between the first isolated virtual network and a second isolated virtual network without utilizing a network address accessible from the public Internet are implemented. Service requests originating at the second isolated virtual network are transmitted to the first isolated virtual network via private pathways of the provider network. Metrics corresponding to service requests directed from the second isolated network to the service are collected and provided to the respective owners of one or both isolated virtual networks.
109 Citations
20 Claims
-
1. A system, comprising:
-
one or more computing devices comprising one or more respective hardware processors and memory to implement one or more control-plane components of a provider network at one or more computing devices, wherein the provider network comprises a first isolated virtual network established on behalf of a first client and a second isolated virtual network established on behalf of a second client; wherein the one or more control-plane components are configured to; insert, in response to receiving a first request from the first client, a first service in a registry of privately-accessible services, wherein the first service implements a web services interface, wherein access to the first service is to be provided using at least a first resource of the first isolated virtual network, and wherein access to the first service is to be provided via one or more private network pathways which are not accessible from the public Internet; transmit, in response to a service discovery query from the second client for a service to be accessed from the second isolated virtual network, an indication of at least the first service; perform, in response to a request to enable access to the first service from the second isolated virtual network, one or more configuration changes to enable service requests generated at the second isolated virtual network to be transmitted to the first resource via a private network pathway within the provider network without using a public network pathway external to the provider network, wherein a particular configuration change of the one or more configuration changes includes assigning a particular network address to a virtual network interface configured for the service, wherein the particular private network address is included in a network address range of the second isolated virtual network; collect one or more metrics corresponding to the service requests; and provide the one or more metrics to one or more of the first client and the second client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
performing, by one or more computing devices of a provider network that comprise one or more respective hardware processors and memory, wherein the provider network comprises a first isolated virtual network established on behalf of a first client and a second isolated virtual network established on behalf of a second client, inserting, in response to receiving a first request from the first client, a first service in a registry of privately-accessible services, wherein the first service implements a web services interface, wherein access to the first service is to be provided using at least a first resource of the first isolated virtual network, and wherein access to the first service is to be provided via one or more private network pathways which are not accessible from the public Internet; transmitting, in response to a service discovery query from the second client for a service to be accessed from the second isolated virtual network, an indication of at least the first service; performing, in response to a request to enable access to the first service from the second isolated virtual network, one or more configuration changes to enable service requests generated at the second isolated virtual network to be transmitted to the first resource via a private network pathway within the provider network without using a public network pathway external to the provider network, wherein a particular configuration change of the one or more configuration changes includes assigning a particular network address to a virtual network interface configured for the service, wherein the particular private network address is included in a network address range of the second isolated virtual network; collecting one or more metrics corresponding to the service requests; and providing the one or more metrics to one or more of the first client and the second client. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-accessible storage medium storing program instructions that when executed on one or more hardware processors of a provider network, wherein the provider network comprises a first isolated virtual network established on behalf of a first client and a second isolated virtual network established on behalf of a second client:
-
insert, in response to receiving a first request from the first client, a first service in a registry of privately-accessible services, wherein the first service implements a web services interface, wherein access to the first service is to be provided using at least a first resource of the first isolated virtual network, and wherein access to the first service is to be provided via one or more private network pathways which are not accessible from the public Internet; transmit, in response to a service discovery query from the second client for a service to be accessed from the second isolated virtual network, an indication of at least the first service; perform, in response to a request to enable access to the first service from the second isolated virtual network, one or more configuration changes to enable service requests generated at the second isolated virtual network to be transmitted to the first resource via a private network pathway within the provider network without using a public network pathway external to the provider network, wherein a particular configuration change of the one or more configuration changes includes assigning a particular network address to a virtual network interface configured for the service, wherein the particular private network address is included in a network address range of the second isolated virtual network; collect one or more metrics corresponding to the service requests; and provide the one or more metrics to one or more of the first client and the second client. - View Dependent Claims (18, 19, 20)
-
Specification