ON-DEMAND NETWORK CODE EXECUTION WITH CROSS-ACCOUNT ALIASES
First Claim
1. A system to enable cross-account execution of tasks on an on-demand code execution environment, the system comprising:
- a non-transitory data store configured to store tasks, wherein individual tasks are owned by accounts of the on-demand code execution environment and are associated with code executable to implement functionality corresponding to the individual tasks,one or more processors configured with computer-executable instructions to;
receive a request from a user computing device associated with a first account to enable execution of a task owned by a second account, wherein the request comprises one or more customizations to be made when executing the task on behalf of the first account, and wherein the one or more customizations include authentication information to be passed to a virtual machine executing code corresponding to the task for a network resource of the first account;
generate an alias corresponding to the first account, wherein the alias references the task owned by the second account and specifies the one or more customizations;
return, to the user computing device associated with the first account, access information enabling the user computing device to call the alias corresponding to the first account in order to execute the task owned by the second account as modified by the one or more customizations;
receive the call to the alias corresponding to the first account;
select a virtual machine instance within the on-demand code execution environment on which to execute code corresponding to the task owned by the second account, wherein the virtual machine instance is dedicated to at least one of execution of tasks of the first account or execution of tasks of the second account; and
execute within the virtual machine instance the code corresponding to the task owned by the second account on behalf of the first account, wherein execution of the code comprises passing to the virtual machine the authentication information for the network resource of the first account.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are described for managing cross-account access to tasks on an on-demand code execution environment or other distributed code execution environment. Such environments utilize pre-initialized virtual machine instances to enable execution of user-specified code in a rapid manner, without delays typically caused by initialization of the virtual machine instances. However, to ensure security, the code of different users is generally maintained separately, and executed on separate virtual machines. Embodiments described herein enable users of a first account to execute code of a second account, without gaining access to the code itself and while maintaining the privacy and security of each account. Specifically, aliases for a task of a first account can be created on a task of a second account, and used to invoke that task on behalf of the first account. Aliases may also allow users to customize how the task is executed.
-
Citations
21 Claims
-
1. A system to enable cross-account execution of tasks on an on-demand code execution environment, the system comprising:
-
a non-transitory data store configured to store tasks, wherein individual tasks are owned by accounts of the on-demand code execution environment and are associated with code executable to implement functionality corresponding to the individual tasks, one or more processors configured with computer-executable instructions to; receive a request from a user computing device associated with a first account to enable execution of a task owned by a second account, wherein the request comprises one or more customizations to be made when executing the task on behalf of the first account, and wherein the one or more customizations include authentication information to be passed to a virtual machine executing code corresponding to the task for a network resource of the first account; generate an alias corresponding to the first account, wherein the alias references the task owned by the second account and specifies the one or more customizations; return, to the user computing device associated with the first account, access information enabling the user computing device to call the alias corresponding to the first account in order to execute the task owned by the second account as modified by the one or more customizations; receive the call to the alias corresponding to the first account; select a virtual machine instance within the on-demand code execution environment on which to execute code corresponding to the task owned by the second account, wherein the virtual machine instance is dedicated to at least one of execution of tasks of the first account or execution of tasks of the second account; and execute within the virtual machine instance the code corresponding to the task owned by the second account on behalf of the first account, wherein execution of the code comprises passing to the virtual machine the authentication information for the network resource of the first account. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method to enable cross-account execution of tasks on an on-demand code execution environment, the computer-implemented method comprising:
-
receiving, from a user computing device associated with a first account on the on-demand code execution environment, information defining a task on the on-demand code execution environment, the information comprising computer-executable code that, when executed by a virtual machine instance within the on-demand code execution environment, implement functionality corresponding to the task; receiving a request from a user computing device associated with a second account to enable execution of the task on behalf of the second account; returning, to the user computing device associated with the second account, access information enabling the user computing device to call the alias corresponding to the second account in order to execute the task owned by the first account as modified by the one or more customizations; generating an alias corresponding to the second account, wherein the alias references the task owned by the first account; receiving a call to the alias corresponding to the second account; selecting a virtual machine instance within the on-demand code execution environment on which to execute code corresponding to the task, wherein the virtual machine instance is associated with at least one of execution of tasks of the first account or execution of tasks of the second account; and executing within the virtual machine instance the code corresponding to the task on behalf of the second account. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 20, 21)
-
-
16. Non-transitory computer-readable storage media including computer-executable instructions that, when executed by a computing system, cause the computing system to:
-
receive, from a user computing device associated with a first account on an on-demand code execution environment, information defining a task on the on-demand code execution environment, the information comprising computer-executable code that, when executed by a virtual machine instance within the on-demand code execution environment, implement functionality corresponding to the task; receive a call to execute the task from a user computing device associated with a second account; generate an alias corresponding to the second account, wherein the alias references the task owned by the first account; select a virtual machine instance within the on-demand code execution environment on which to execute code corresponding to the task, wherein the virtual machine instance is associated with at least one of execution of tasks of the first account or execution of tasks of the second account; and execute within the virtual machine instance the code corresponding to the task on behalf of the second account. - View Dependent Claims (17, 18, 19)
-
Specification