×

Managing restricted access resources

  • US 9,313,208 B1
  • Filed: 03/19/2014
  • Issued: 04/12/2016
  • Est. Priority Date: 03/19/2014
  • Status: Active Grant
First Claim
Patent Images

1. A system, comprising:

  • at least one processor; and

    memory including instructions that, when executed by the at least one processor, cause the system to;

    determine an action to be performed using at least one resource of a resource provider environment, the at least one resource of the resource provider environment being associated with a restricted zone in the resource provider environment, the restricted zone in the resource provider environment provided for a customer and directly accessible only to people granted at least one corresponding credential on behalf of the customer;

    create a primitive corresponding to the action, the primitive capable of being executed in the restricted zone in the resource provider environment to cause the action to be performed using the at least one resource of the resource provider environment;

    store the primitive to a primitive repository, the primitive repository storing a plurality of primitives and a plurality of workflows, each workflow comprising two or more primitives;

    receive a selection of the primitive from the primitive repository;

    cause a ticket to be generated by a ticket manager component of a control plane, the control plane comprising a virtual layer of hardware and software components for performing control and management actions, and submitted to the restricted zone in the resource provider environment, the ticket including information for the selected primitive and capable of being approved and executed within the restricted zone in the resource provider environment;

    receive, by the ticket manager component, result information regarding at least one of an approval of the primitive, a denial of the primitive, or information resulting from performance of the action in the restricted zone, the information resulting from performance capable of having information redacted before passing from the restricted zone in the resource provider environment, and the information being made available to the components of the control plane; and

    store at least a portion of the result information in a repository outside the restricted zone in the resource provider environment, wherein the approval of the primitive indicates that the primitive is capable of being executed in the restricted zone in the resource provider environment without requiring another approval.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×