Creating custom policies in a remote-computing environment
First Claim
1. A method comprising:
- under control of one or more computer systems configured with specific executable instructions,authenticating an entity that requests to interact with resources of a remote-computing service, the entity comprising one of multiple entities that request to interact with resources of the remote-computing service, a first portion of the multiple entities being associated with a first mode indicating that interactions are to be tracked for crafting an access policy, and a second portion of the multiple entities associated with a second, different mode, the second mode indicating that interactions are not to be tracked for crafting the access policy;
determining, based at least in part on the authenticating, that the entity is associated with the first mode;
determining a training procedure that provides the entity with access to predetermined resources of the remote-computing service for a predetermined interval;
in response to the determining that the entity is associated with the first mode, tracking interactions between the entity and the predetermined resources of the remote-computing service during the training procedure;
in response to expiration of the predetermined interval, crafting the access policy for the entity based at least in part on the tracked interactions between the entity and the predetermined resources of the remote-computing service that occurred during the training procedure; and
associating the access policy with the entity and associating the entity with the second mode.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for crafting custom policies for entities (e.g., users, applications, etc.) based on past behavior of the entities are described herein. In one example, the techniques are implemented in a network-based environment. In this environment, a remote-computing service may include multiple different resources that provide different services to customers of the remote-computing service. For instance, the remote-computing service may provide a network-based storage service, a network-based compute service, a network-based payment service, or any other network-based resource. Users and/or applications of a particular customer may then access these resources via an interface provided by the remote-computing service. After tracking a user or application'"'"'s access to these resources for a certain period of time, the remote-computing service may recommend or create a custom policy for the user or application based on the requests made by the user or application.
-
Citations
23 Claims
-
1. A method comprising:
-
under control of one or more computer systems configured with specific executable instructions, authenticating an entity that requests to interact with resources of a remote-computing service, the entity comprising one of multiple entities that request to interact with resources of the remote-computing service, a first portion of the multiple entities being associated with a first mode indicating that interactions are to be tracked for crafting an access policy, and a second portion of the multiple entities associated with a second, different mode, the second mode indicating that interactions are not to be tracked for crafting the access policy; determining, based at least in part on the authenticating, that the entity is associated with the first mode; determining a training procedure that provides the entity with access to predetermined resources of the remote-computing service for a predetermined interval; in response to the determining that the entity is associated with the first mode, tracking interactions between the entity and the predetermined resources of the remote-computing service during the training procedure; in response to expiration of the predetermined interval, crafting the access policy for the entity based at least in part on the tracked interactions between the entity and the predetermined resources of the remote-computing service that occurred during the training procedure; and
associating the access policy with the entity and associating the entity with the second mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
under control of one or more computer systems configured with specific executable instructions, providing, by a user of a customer of a remote-computing service, credentials for authenticating with the remote-computing service, the credentials indicating to the remote-computing service that interactions between the user and the remote-computing service are to be tracked for crafting an access policy for the user, wherein credentials of other users of customers of the remote-computing service indicate to the remote-computing service that interactions between the other users and the remote-computing service are not to be tracked for creating access policies for the other users; after authentication, receiving access to at least a portion of resources of the remote-computing service for a predetermined interval according to a first access policy associated with the user; interacting with multiple resources of the at least a portion of the resources of the remote-computing service based at least in part on the received access; in response to expiration of the predetermined interval, providing, by the user, the credentials for authenticating with the remote-computing service after interacting with the multiple resources; determining a second access policy to be associated with the user based at least in part on the interacting, wherein the second access policy indicates to the remote-computing service that interactions between the user and the remote computing service are not to be tracked for crafting the access policy; and receiving access to the resources of the remote-computing service according to the second access policy associated with the user. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
-
under control of one or more computer systems configured with specific executable instructions, determining that an entity is associated with a first mode or a second, different mode, the first mode indicating that interactions between the entity and resources of a computing system are to be tracked for crafting an access policy for the entity, the entity comprising one of multiple entities that interact with the resources of the computing system, a first portion of the multiple entities being associated with the first mode, and a second portion of the multiple entities being associated with the second, different mode, the second mode indicating that interactions are not to be tracked for crafting the access policy; determining a training procedure that provides the entity with access to predetermined resources of the computing system for a predetermined interval; in response to the determining that the entity is associated with the first mode, tracking interactions between the entity and the predetermined resources of the computing system during the training procedure; in response to expiration of the predetermined interval, crafting the access policy for the entity based at least in part on the tracked interactions between the entity and the predetermined resources of the computing system that occurred during the training procedure; and associating the access policy with the entity and associating the entity with the second mode. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification