Providing fine-grained access remote command execution for virtual machine instances in a distributed computing environment
First Claim
Patent Images
1. A computer-implemented method, comprising:
- processing a command document associated with a first entity, the command document identifying a resource and commands executable by the resource, to identify a policy associated with the first entity and limiting access, by a second entity, to a subset of the commands; and
processing a request to access the resource by;
identifying, based on information in the request, the resource, the command document, the policy, and the second entity associated with the request;
authorizing the request as a result of determining that the request is associated with the second entity; and
causing, based at least in part on the policy and the command document, execution of the subset of the commands by the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A selection of a document that includes a command and a parameter is received, and a user is caused to be associated with a policy that grants permission to execute the document. A request is received, from a requestor, to execute the document, the request including a parameter value, and the requestor is determined to be the user associated with the policy. The user is validated to have access to a resource indicated by the parameter value, and the command is caused to be executed against the resource.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
processing a command document associated with a first entity, the command document identifying a resource and commands executable by the resource, to identify a policy associated with the first entity and limiting access, by a second entity, to a subset of the commands; and processing a request to access the resource by; identifying, based on information in the request, the resource, the command document, the policy, and the second entity associated with the request; authorizing the request as a result of determining that the request is associated with the second entity; and causing, based at least in part on the policy and the command document, execution of the subset of the commands by the resource. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
one or more processors; and memory including instructions that, as a result of execution by the one or more processors, cause the system to; obtain a command document associated with a first entity, the command document identifying a resource and commands executable by the resource; identify a policy associated with the first entity and limiting access, by a second entity, to a subset of the commands; and as a result of a request to access the resource; process the request to identify the resource, the command document, the policy, and the second entity associated with the request; authorize the request as a result of determining that the request is associated with the second entity; and cause, based at least in part on the policy and the command document, execution of the subset of the commands by the resource. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium storing executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
obtain a document associated with a first entity, the document identifying a resource and commands executable by the resource; identify a policy associated with the first entity and limiting access to a subset of the commands; and as a result of a request to access the resource; process the request to identify the resource, the document, the policy, and a second entity associated with the request; authorize the request as a result of determining that the request is associated with the second entity; and cause, based at least in part on the policy and the document, execution of the subset of the commands by the resource. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification