Managing restricted access resources
First Claim
1. A system, comprising:
- at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the system to;
determine an action to be performed using at least one resource of a resource provider environment, the at least one resource of the resource provider environment being associated with a restricted zone in the resource provider environment, the restricted zone in the resource provider environment provided for a customer and directly accessible only to people granted at least one corresponding credential on behalf of the customer;
create a primitive corresponding to the action, the primitive capable of being executed in the restricted zone in the resource provider environment to cause the action to be performed using the at least one resource of the resource provider environment;
store the primitive to a primitive repository, the primitive repository storing a plurality of primitives and a plurality of workflows, each workflow comprising two or more primitives;
receive a selection of the primitive from the primitive repository;
cause a ticket to be generated by a ticket manager component of a control plane, the control plane comprising a virtual layer of hardware and software components for performing control and management actions, and submitted to the restricted zone in the resource provider environment, the ticket including information for the selected primitive and capable of being approved and executed within the restricted zone in the resource provider environment;
receive, by the ticket manager component, result information regarding at least one of an approval of the primitive, a denial of the primitive, or information resulting from performance of the action in the restricted zone, the information resulting from performance capable of having information redacted before passing from the restricted zone in the resource provider environment, and the information being made available to the components of the control plane; and
store at least a portion of the result information in a repository outside the restricted zone in the resource provider environment, wherein the approval of the primitive indicates that the primitive is capable of being executed in the restricted zone in the resource provider environment without requiring another approval.
1 Assignment
0 Petitions
Accused Products
Abstract
Entities such as resource and service providers can utilize a ticketing system to define operational actions as primitives that can be stored, combined into more complex workflows, and executed in a restricted zone wherein a portion of the resources or services are not directly accessible to those providers. These primitives can be stored in the provider environment and shared with the restricted zone, in order to provide a structured approach to the sharing of operational knowledge. When a primitive is first received to the restricted zone, a person vetted by the customer associated with the restricted zone can review and approve the primitive, and can cause the primitive to be executed in the restricted zone. When that same primitive is subsequently received to the restricted zone, a lookup can be performed to determine that an approval exists, whereby the primitive can be executed in the restricted zone without another review.
-
Citations
20 Claims
-
1. A system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to; determine an action to be performed using at least one resource of a resource provider environment, the at least one resource of the resource provider environment being associated with a restricted zone in the resource provider environment, the restricted zone in the resource provider environment provided for a customer and directly accessible only to people granted at least one corresponding credential on behalf of the customer; create a primitive corresponding to the action, the primitive capable of being executed in the restricted zone in the resource provider environment to cause the action to be performed using the at least one resource of the resource provider environment; store the primitive to a primitive repository, the primitive repository storing a plurality of primitives and a plurality of workflows, each workflow comprising two or more primitives; receive a selection of the primitive from the primitive repository; cause a ticket to be generated by a ticket manager component of a control plane, the control plane comprising a virtual layer of hardware and software components for performing control and management actions, and submitted to the restricted zone in the resource provider environment, the ticket including information for the selected primitive and capable of being approved and executed within the restricted zone in the resource provider environment; receive, by the ticket manager component, result information regarding at least one of an approval of the primitive, a denial of the primitive, or information resulting from performance of the action in the restricted zone, the information resulting from performance capable of having information redacted before passing from the restricted zone in the resource provider environment, and the information being made available to the components of the control plane; and store at least a portion of the result information in a repository outside the restricted zone in the resource provider environment, wherein the approval of the primitive indicates that the primitive is capable of being executed in the restricted zone in the resource provider environment without requiring another approval. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method, comprising:
-
determining an action to be performed using a resource of a resource provider environment; creating a primitive corresponding to the action, the primitive capable of being processed to cause the action to be performed using the resource of the resource provider environment; receiving, on behalf of an authorized user, a request for the primitive; providing the primitive in response to the request, the primitive capable of being included in a ticket to be generated by a ticket manager component of a control plane, the control plane comprising a virtual layer of hardware and software components for performing control and management actions, and submitted to cause the action associated with the primitive to be performed using the resource of the resource provider environment, wherein the resource of the resource provider environment is capable of being one of a set of restricted resources preventing the action from being directly submitted to the resource of the resource provider environment for performance; and receiving result information related to the primitive b the ticket manager component, the information being made available to the components of the control plane. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium storing instructions that, when executed by at least one processor of a computer system, cause the computer system to:
-
receive a ticket generated by a ticket manager component of a control plane, the control plane comprising a virtual layer of hardware and software components for performing control and management actions, the ticket including a primitive, the primitive specifying an action to be performed using a resource in a restricted zone, the restricted zone being a portion of a resource environment managed by a resource provider, the resource provider being restricted from directly accessing the resource in the restricted zone; enable the action to be performed using the resource when an approval exists for the primitive in the restricted zone; cause the primitive to be reviewed when no approval or denial exists for the primitive in the restricted zone, wherein a person having a credential enabling access to resources of the restricted zone is enabled to review the primitive and cause an approval or denial to be generated for the primitive, generation of an approval causing the action to be performed using the resource; and return information to the ticket manager component about at least one of the approval, the denial, or information about performance of the action by the resource, the information being made available to the components of the control plane. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification