System and method for controlling access to web services resources
First Claim
1. A system comprising:
- a plurality of compute nodes that implement a distributed data store;
a programmatic interface for the distributed data store implemented via one or more hardware processors of at least some of the plurality of compute nodes;
the distributed data store, configured to;
receive a request to store a record in a table from a client, wherein the table is maintained in the distributed data store, wherein the request is received via the programmatic interface for the distributed data store;
identify a partition of the table to store the record according to a partition key value of the record and an identifier of the table, wherein the table is maintained in the distributed data store across a plurality of different partitions including the partition;
select a plurality of storage hosts implemented at different ones of the plurality of compute nodes to store the record according to a replication factor specified for the table by the client or another client via the programmatic interface, wherein the replication factor is specified to store the record to a first number of hosts, wherein the plurality of storage hosts are mapped to the partition of the table;
send the record to the plurality of storage hosts to be stored; and
upon a determination that a predetermined minimum number of the plurality of storage hosts have successfully stored the record, wherein the predetermined minimum number is less than the first number of hosts, send, via the programmatic interface, a completion indication for the request to the client.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for controlling access to web services resources. A system may include a storage medium configured to store instructions and one or more processors configured to access the storage medium. The instructions may be executable by at least one of the processors to implement a web services access control system (ACS) configured to receive requests. Each request specifies an access operation to be performed with respect to a corresponding resource. Each of the requests is associated with a corresponding principal. For each received request, the ACS may be further configured to determine whether an access control entry exists that is associated with both the resource and principal associated with the request and that specifies an access type sufficient to perform the access operation. If no such entry exists, the ACS may deny the request.
43 Citations
18 Claims
-
1. A system comprising:
-
a plurality of compute nodes that implement a distributed data store; a programmatic interface for the distributed data store implemented via one or more hardware processors of at least some of the plurality of compute nodes; the distributed data store, configured to; receive a request to store a record in a table from a client, wherein the table is maintained in the distributed data store, wherein the request is received via the programmatic interface for the distributed data store; identify a partition of the table to store the record according to a partition key value of the record and an identifier of the table, wherein the table is maintained in the distributed data store across a plurality of different partitions including the partition; select a plurality of storage hosts implemented at different ones of the plurality of compute nodes to store the record according to a replication factor specified for the table by the client or another client via the programmatic interface, wherein the replication factor is specified to store the record to a first number of hosts, wherein the plurality of storage hosts are mapped to the partition of the table; send the record to the plurality of storage hosts to be stored; and upon a determination that a predetermined minimum number of the plurality of storage hosts have successfully stored the record, wherein the predetermined minimum number is less than the first number of hosts, send, via the programmatic interface, a completion indication for the request to the client. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
performing, by one or more computing devices; receiving a request to store a record in a table from a client, wherein the table is maintained in a distributed data store, wherein the request is received via a programmatic interface for the distributed data store; identifying a partition of the table to store the record according to a partition key value of the record and an identifier of the table, wherein the table is maintained in the distributed data store across a plurality of different partitions including the partition; selecting a plurality of storage hosts implemented at different ones of the plurality of compute nodes to store the record according to a replication factor specified for the table by the client or another client via the programmatic interface, wherein the replication factor is specified to store the record to a first number of hosts, wherein the plurality of storage hosts are mapped to the partition of the table; sending the record to the plurality of storage hosts to be stored; and upon determining that a predetermined minimum number of the plurality of storage nodes have successfully stored the record, wherein the predetermined minimum number is less than the first number of hosts, sending a completion indication for the request to the client via the programmatic interface. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A non-transitory, computer-readable storage medium, storing program instructions that when executed by one or more computing devices cause the one or more computing devices to implement:
-
receiving a request to store a record in a table from a client, wherein the table is maintained in a distributed data store, wherein the request is received via a programmatic interface for the distributed data store; identifying a partition of the table to store the record according to a partition key value of the record and an identifier of the table, wherein the table is maintained in the distributed data store across a plurality of different partitions including the partition; selecting a plurality of storage hosts implemented at different ones of the plurality of compute nodes to store the record according to a replication factor specified for the table by the client or another client via the programmatic interface, wherein the replication factor is specified to store the record to a first number of hosts, wherein the plurality of storage hosts are mapped to the partition of the table; sending the record to the plurality of storage hosts to be stored; and upon determining that a predetermined minimum number of the plurality of storage nodes have successfully stored the record, wherein the predetermined minimum number is less than the first number of hosts, sending a completion indication for the request to the client via the programmatic interface. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification