POLICY APPROVAL LAYER

US 20160219081A1
Filed: 04/05/2016
Published: 07/28/2016
Est. Priority Date: 09/22/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under the control of one or more computer systems each having one or more hardware processors configured with executable instructions including,receiving a request to modify a policy, the request specifying a modification to a current state of the policy and processing of the request creates a modified policy;

determining a description of the request based at least in part on the modification to the current state of the policy;

receiving a first number of approvals from a second number of entities of a set of entities authorized to approve modifications to the policy, where the first number of approvals is received as a result of at least one notification including the description; and

transmitting an instruction to a policy management service to process the request as a result of receiving the first number of approvals to implement the modified policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer'"'"'s one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.

16 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- under the control of one or more computer systems each having one or more hardware processors configured with executable instructions including,receiving a request to modify a policy, the request specifying a modification to a current state of the policy and processing of the request creates a modified policy;
  
  determining a description of the request based at least in part on the modification to the current state of the policy;
  
  receiving a first number of approvals from a second number of entities of a set of entities authorized to approve modifications to the policy, where the first number of approvals is received as a result of at least one notification including the description; and
  
  transmitting an instruction to a policy management service to process the request as a result of receiving the first number of approvals to implement the modified policy.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein transmitting the instruction to the policy management service is contingent on receiving the first number of approvals from the second number of entities authorized to approve modifications to the policy, where the first number is less than the second number.
  - 3. The computer-implemented method of claim 1, wherein the set of entities authorized to approve modifications to the policy is different from a second entity responsible for the modification to the policy.
  - 4. The computer-implemented method of claim 1, wherein each approval of the first number of approvals is received from a different entity of the set of entities.

5. A system, comprising:
- a configuration and management service comprising;
  
  one or more processors; and
  
  memory with instructions that, when executed by the one or more processors, cause the system to;
  
  receive a request to interact with a policy, where the policy is enforced at least in part by a policy management service distinct from the configuration and management service;
  
  detect a modification to the policy based at least in part on an interaction with the policy;
  
  determine a description of the modification based at least in part on the interaction with the policy and a current state of the policy; and
  
  as a result of receiving a plurality of approvals from at least two entities, transmit a command to the policy management service to cause the policy management service apply the modification.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The system of claim 5, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to store, in a repository, a current state of the policy prior to the interaction with the policy.
  - 7. The system of claim 5, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to:
    - execute a simulation of the modification to the policy;
      
      detect an error during the simulation; and
      
      restore a previous version of the policy.
  - 8. The system of claim 5, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to transmit a set of application programming interface calls configured to cause the policy management service to enforce the modification, where application programming interface calls accepted by the system are of a first format and application programming interface calls accepted by the policy management service are also of the first format.
  - 9. The system of claim 5, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to serialize the modification into a structured format suitable for enforcement by the policy management service.
  - 10. The system of claim 5, the memory further includes instructions that, when executed by the one or more processors, cause the system to:
    - notify at least one other entity of the modification, where the at least one other entity is authorized to provide approval for the modification; and
      
      receive, from the at least one other entity, feedback information corresponding to the modification.
  - 11. The system of claim 10, wherein the feedback information further comprises an approval, the approval contingent upon a successful simulation of the policy including the modification;
    - andwherein the approval is one of the plurality of approvals.
  - 12. The system of claim 5, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to:
    - receive, from an entity different from the at least two entities, instructions to apply the modification; and
      
      transmit, to the policy management service, instructions to modify the policy in accordance with the modification.

13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
- receive an indication of an interaction with a policy, the indication is formatted in accordance with another service supported at least in part by a second computer system operated by a computing resource service provider;
  
  transmit a notification to an first entity of the interaction with the policy, the notification allowing the first entity to approve of the interaction with the policy and including a description of the interaction based at least in part on a state of the policy prior to the interaction;
  
  receive a second indication, the second indication specifies approval of the interaction with the policy; and
  
  in response to the second indication, provide a second notification to a second entity, the second notification allowing the second entity to approve the interaction and including the description.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the second indication includes an electronic signature attesting to an identity of an operator of the first entity.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the executable instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to obtain, from the second computer system, the state of the policy prior to the interaction with the policy.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the executable instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to generate a restore point based at least in part on the state of the policy prior to the interaction with the policy.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the state of the policy includes at least some encrypted data, wherein the encrypted data is encrypted using a cryptographic key maintained by the second computer system.
  - 18. The non-transitory computer-readable storage medium of claim 13, wherein the executable instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to transmit command to the second computer system to replicate the interaction with the policy.
  - 19. The non-transitory computer-readable storage medium of claim 13, wherein the executable instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to, as a result of receiving a response to the second notification indicating approval, performing the interaction with the policy.
  - 20. The non-transitory computer-readable storage medium of claim 13 wherein the executable instructions that cause the computer system to notify the first entity of the interaction with the policy further include instructions that cause the computer system to include, in the notification, additional information indicating an approval rate for the interaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Kruse, William Frederick, Sharifi Mehr, Nima

Granted Patent

US 10,587,653 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/004   Error avoidance G06F11/07 a...

G06F 11/1446   Point-in-time backing up or...

G06F 2201/00   Indexing scheme relating to...

G06Q 10/10   Office automation; Time man...

H04L 63/20   for managing network securi...

POLICY APPROVAL LAYER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY APPROVAL LAYER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links