Database proxy service

US 10,685,134 B1
Filed: 03/28/2016
Issued: 06/16/2020
Est. Priority Date: 12/15/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a plurality of databases that maintain a collection of data on behalf of an entity, wherein a first database of the plurality of databases maintains a first subset of the collection; and

a computing node that at least;

receives, from an administrative client associated with the entity, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of the plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries;

provides, to the administrative client of the entity, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases;

receives, from the administrative client of the entity, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and

causes a first query to be executed on the first database in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hosted database service may include a proxy service in which connections to the hosted database may be routed through a proxy. A first function may be provided to the proxy, by a client of the hosted database service, to analyze requests to connect or execute queries on a database. The analysis may identify an attribute of the query. A second function may be provided to the proxy, by the client, to implement a policy decision based on the attribute. The policy decision may include determining to execute a query on a database based on determining that executing the query is consistent with the policy.

27 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a plurality of databases that maintain a collection of data on behalf of an entity, wherein a first database of the plurality of databases maintains a first subset of the collection; and
  
  a computing node that at least;
  
  receives, from an administrative client associated with the entity, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of the plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries;
  
  provides, to the administrative client of the entity, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases;
  
  receives, from the administrative client of the entity, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and
  
  causes a first query to be executed on the first database in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the computing node at least:
    - determines that executing a second query on the first database is inconsistent with the policy, based at least in part on invoking the second function.
  - 3. The system of claim 1, wherein the computing node at least:
    - determines that the first query should be executed on the first database instead of a second database of the plurality of databases, based at least in part on invoking the second function.
  - 4. The system of claim 1, wherein the first definition comprises instructions for invoking an application programming interface that, when invoked, causes information indicative of the attribute to be provided to the administrative client.

5. A computer-implemented method, comprising:
- receiving, from an administrative client, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of a plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries;
  
  providing, to the administrative client, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases;
  
  receiving, from the administrative client, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and
  
  causing a first query to be executed on a first database, of the plurality of databases, in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The computer-implemented method of claim 5, further comprising:
    - determining that executing a second query on the first database is inconsistent with the policy, based at least in part on invoking the second function.
  - 7. The computer-implemented method of claim 6, wherein the second function determines that the second query is associated with at least one of unauthorized access or malicious access, based at least in part on the one or more attributes.
  - 8. The computer-implemented method of claim 6, wherein the second function determines that the second database is more capable of executing the first query than the first database.
  - 9. The computer-implemented method of claim 5, further comprising:
    - determining that the first query should be executed on the first database instead of a second database of the plurality of databases, based at least in part on invoking the second function.
  - 10. The computer-implemented method of claim 5, wherein the first definition comprises instructions for invoking an application programming interface that, when invoked, causes information indicative of the attribute to be provided to the administrative client.
  - 11. The computer-implemented method of claim 5, further comprising:
    - invoking the second function with parameters indicative of at least one of an availability zone, a logical region, a fault tolerance region, a data center, or a geographic location; and
      
      determining, by invoking the second function, to execute the first query on the first database based, at least in part, on at least one of the availability zone, the logical region, the fault tolerance region, the data center, or the geographic location.
  - 12. The computer-implemented method of claim 5, wherein the second definition of the second function comprises instructions for rewriting the first query to conform to the policy.

13. A non-transitory computer-readable storage medium having stored thereon instructions that, upon execution by one or more computing devices, cause the one or more computing devices at least to:
- receive, from an administrative client, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of a plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries on one or more of a plurality of databases;
  
  send, to the administrative client, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases;
  
  receive, from the administrative client, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and
  
  cause a first query to be executed on a first database in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable storage medium of claim 13, further comprising instructions that, upon execution by the one or more computing devices, cause the one or more computing devices to at least:
    - determine that executing a second query on the first database is inconsistent with the policy, based at least in part on invoking the second function.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the second function comprises instructions for rewriting the second query to return a previously obtained result.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the second function determines that the second query is associated with at least one of unauthorized access or malicious access, based at least in part on the one or more attributes.
  - 17. The non-transitory computer-readable storage medium of claim 13, further comprising instructions that, upon execution by the one or more computing devices, cause the one or more computing devices to at least:
    - determine that the first query should be executed on the first database instead of a second database of the plurality of databases, based at least in part on invoking the second function.
  - 18. The non-transitory computer-readable storage medium of claim 13, wherein the second definition of the second function comprises instructions for rewriting the first query to conform to the policy.
  - 19. The non-transitory computer-readable storage medium of claim 13, wherein the first definition comprises instructions for invoking an application programming interface that, when invoked, causes information indicative of the attribute to be provided to the administrative client.
  - 20. The non-transitory computer-readable storage medium of claim 13, further comprising instructions that, upon execution by the one or more computing devices, cause the one or more computing devices to at least:
    - calculate one or more statistical values based at least in part on the one or more attributes; and
      
      provide the one or more statistical values to the administrative client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Strahan, Robert
Primary Examiner(s)
Alam, Shahid A

Application Number

US15/083,024
Time in Patent Office

1,541 Days
Field of Search

707694
US Class Current
CPC Class Codes

G06F 16/211   Schema design and management

G06F 16/213   with details for schema evo...

G06F 16/24534   Query rewriting; Transforma...

G06F 16/24542   Plan optimisation

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 16/93   Document management systems

G06F 21/6227   where protection concerns t...

Database proxy service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Database proxy service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others