On-demand network code execution with cross-account aliases
First Claim
1. A system to enable cross-account execution of tasks on an on-demand code execution environment, the system comprising:
- a non-transitory data store configured to store tasks, wherein individual tasks are owned by accounts of the on-demand code execution environment and are associated with user-submitted source code executable to implement functionality corresponding to the individual tasks; and
one or more processors configured with computer-executable instructions to;
receive a request from a user computing device associated with a first account to enable execution of a task owned by a second account, wherein the request comprises one or more parameters for the on-demand code execution environment to pass to the user-submitted source code associated with the task in response to a user of the first account requesting execution of the task, and wherein the one or more parameters include authentication information for a network resource of the first account to be passed to the user-submitted source code associated with the task;
generate an alias corresponding to the first account, wherein the alias references the task owned by the second account, and wherein a call to the alias causes the on-demand code execution environment to pass the one or more parameters to an execution of the user-submitted source code without requiring that the one or more parameters be included within the call to the alias;
return, to the user computing device associated with the first account, access information enabling the user computing device to call the alias corresponding to the first account in order to execute the task owned by the second account, including causing the on-demand code execution environment to pass the one or more parameters to the execution of the user-submitted source code associated with the task;
receive the call to the alias corresponding to the first account;
select a virtual machine instance within the on-demand code execution environment on which to execute the user-submitted source code corresponding to the task owned by the second account, wherein the virtual machine instance is dedicated to at least one of execution of tasks of the first account or execution of tasks of the second account; and
execute within the virtual machine instance the user-submitted source code corresponding to the task owned by the second account on behalf of the first account, wherein execution of the code comprises passing, by the on-demand code execution environment and to the user-submitted source code, the one or more parameters including the authentication information for the network resource of the first account.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are described for managing cross-account access to tasks on an on-demand code execution environment or other distributed code execution environment. Such environments utilize pre-initialized virtual machine instances to enable execution of user-specified code in a rapid manner, without delays typically caused by initialization of the virtual machine instances. However, to ensure security, the code of different users is generally maintained separately, and executed on separate virtual machines. Embodiments described herein enable users of a first account to execute code of a second account, without gaining access to the code itself and while maintaining the privacy and security of each account. Specifically, aliases for a task of a first account can be created on a task of a second account, and used to invoke that task on behalf of the first account. Aliases may also allow users to customize how the task is executed.
434 Citations
20 Claims
-
1. A system to enable cross-account execution of tasks on an on-demand code execution environment, the system comprising:
-
a non-transitory data store configured to store tasks, wherein individual tasks are owned by accounts of the on-demand code execution environment and are associated with user-submitted source code executable to implement functionality corresponding to the individual tasks; and one or more processors configured with computer-executable instructions to; receive a request from a user computing device associated with a first account to enable execution of a task owned by a second account, wherein the request comprises one or more parameters for the on-demand code execution environment to pass to the user-submitted source code associated with the task in response to a user of the first account requesting execution of the task, and wherein the one or more parameters include authentication information for a network resource of the first account to be passed to the user-submitted source code associated with the task; generate an alias corresponding to the first account, wherein the alias references the task owned by the second account, and wherein a call to the alias causes the on-demand code execution environment to pass the one or more parameters to an execution of the user-submitted source code without requiring that the one or more parameters be included within the call to the alias; return, to the user computing device associated with the first account, access information enabling the user computing device to call the alias corresponding to the first account in order to execute the task owned by the second account, including causing the on-demand code execution environment to pass the one or more parameters to the execution of the user-submitted source code associated with the task; receive the call to the alias corresponding to the first account; select a virtual machine instance within the on-demand code execution environment on which to execute the user-submitted source code corresponding to the task owned by the second account, wherein the virtual machine instance is dedicated to at least one of execution of tasks of the first account or execution of tasks of the second account; and execute within the virtual machine instance the user-submitted source code corresponding to the task owned by the second account on behalf of the first account, wherein execution of the code comprises passing, by the on-demand code execution environment and to the user-submitted source code, the one or more parameters including the authentication information for the network resource of the first account. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method to enable cross-account execution of tasks on an on-demand code execution environment, the computer-implemented method comprising:
-
receiving, from a user computing device associated with a first account on the on-demand code execution environment, information defining a task on the on-demand code execution environment, the information comprising computer-executable source code that, when executed by a virtual machine instance within the on-demand code execution environment, implement functionality corresponding to the task; receiving a request from a user computing device associated with a second account to enable execution of the task on behalf of the second account, wherein the request comprises one or more parameters for the on-demand code execution environment to pass to the computer-executable source code associated with the task in response to a user of the first account requesting execution of the task; generating an alias corresponding to the second account, wherein the alias references the task owned by the first account, and wherein a call to the alias causes the on-demand code execution environment to pass the one or more parameters to an execution of the user-submitted source code without requiring that the one or more parameters be included within the call to the alias; returning, to the user computing device associated with the second account, access information enabling the user computing device to call the alias corresponding to the second account in order to cause the on-demand code execution system to execute the computer-executable source code associated with the task owned by the first account and to pass to the execution of the computer-executable source code the one or more parameters; receiving a call to the alias corresponding to the second account; selecting a virtual machine instance within the on-demand code execution environment on which to execute the computer-executable source code corresponding to the task, wherein the virtual machine instance is associated with at least one of execution of tasks of the first account or execution of tasks of the second account; and executing within the virtual machine instance the computer-executable source code corresponding to the task on behalf of the second account, wherein execution of the computer-executable source code comprises passing, by the on-demand code execution environment and to the computer-executable source code, the one or more parameters. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. Non-transitory computer-readable storage media including computer-executable instructions that, when executed by a computing system, cause the computing system to:
-
receive, from a user computing device associated with a first account on an on-demand code execution environment, information defining a task on the on-demand code execution environment, the information comprising computer-executable source code that, when executed by a virtual machine instance within the on-demand code execution environment, implement functionality corresponding to the task; receive a request from a user computing device associated with a second account to enable execution of the task on behalf of the second account, wherein the request comprises one or more parameters for the on-demand code execution environment to pass to the computer-executable source code associated with the task in response to a user of the second account requesting execution of the task; generate an alias corresponding to the second account, wherein the alias references the task owned by the first account, and wherein a call to the alias causes the on-demand code execution environment to pass the one or more parameters to an execution of the user-submitted source code without requiring that the one or more parameters be included within the call to the alias; receiving a call to the alias corresponding to the second account; select a virtual machine instance within the on-demand code execution environment on which to execute the computer-executable source code corresponding to the task, wherein the virtual machine instance is associated with at least one of execution of tasks of the first account or execution of tasks of the second account; and execute within the virtual machine instance the computer-executable source code corresponding to the task on behalf of the second account, wherein execution of the computer-executable source code comprises passing, by the on-demand code execution environment and to the computer-executable source code, the one or more parameters. - View Dependent Claims (17, 18, 20)
-
-
19. The non-transitory storage media of 16, wherein the computer-executable instructions further cause the computing system to monitor a computing resource usage of the virtual machine instance during execution of the computer-executable source code, and attributing the computing resource usage to the second account.
Specification