Template representation of security resources
First Claim
1. A computer implemented method for template representation of security resources, said method, comprising:
- under the control of one or more computer systems configured with executable instructions,reading a template that defines a stack of resources and specifies a set of dependencies between the resources, the template referencing at least one security resource including at least one of;
a user identity, a group, or a policy; and
creating a stack of resources based on the template, said creating further including at least the steps of;
causing the policy to be created based at least in part on the template, the policy specifying a set of permissions for performing one or more actions; and
attaching the policy to a user identity based at least in part on the security resource referenced in the template, the user identity being associated with a user access key, wherein being associated includes the template referencing the user access key, and wherein referencing includes referring to an attribute of the user identity;
receiving a request for the user access key from at least one resource, wherein the at least one resource is a resource of the stack of resources defined by the template, a resource of a different stack, or an external resource; and
for resources that are instructed in the template to receive the user access key, providing the at least one resource with the user access key.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.
-
Citations
14 Claims
-
1. A computer implemented method for template representation of security resources, said method, comprising:
-
under the control of one or more computer systems configured with executable instructions, reading a template that defines a stack of resources and specifies a set of dependencies between the resources, the template referencing at least one security resource including at least one of;
a user identity, a group, or a policy; andcreating a stack of resources based on the template, said creating further including at least the steps of; causing the policy to be created based at least in part on the template, the policy specifying a set of permissions for performing one or more actions; and attaching the policy to a user identity based at least in part on the security resource referenced in the template, the user identity being associated with a user access key, wherein being associated includes the template referencing the user access key, and wherein referencing includes referring to an attribute of the user identity; receiving a request for the user access key from at least one resource, wherein the at least one resource is a resource of the stack of resources defined by the template, a resource of a different stack, or an external resource; and for resources that are instructed in the template to receive the user access key, providing the at least one resource with the user access key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computing device comprising:
-
a storage memory storing a set of instructions for template representation of security resources; and one or more hardware processors configured by the set of instructions to; read or receive a template that defines a stack of resources and specifies a set of dependencies between the resources, the template defining one or more of;
a user identity, a group or a policy; andcreate a stack of resources based on the template, wherein to create the stack of resources the one or more hardware processors are configured to; create a user identity based at least in part on the template and associated with the stack of resources, the user identity being associated with a user access key, wherein being associated includes the template referencing the user access key, and wherein referencing includes referring to an attribute of the user identity; receive the policy from an identity management service, the policy specifying a set of permissions for performing one or more actions; and attach the policy to the user identity referenced in the template; receive a request for the user access key from at least one resource, wherein the at least one resource is a resource of the stack of resources defined by the template, a resource of a different stack, or an external resource; and for resources that are instructed in the template to receive the user access key, provide the at least one resource with the user access key. - View Dependent Claims (7, 8, 9)
-
-
10. A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of steps for template representation of security resources, the set of steps comprising:
-
reading a template that defines a stack of resources and specifies a set of dependencies between the resources, and references at least one security resource, the security resource including at least one of;
a customer identity, a group or a policy; andcreating a stack of resources based on the template, said creating further including at least the steps of; causing the policy to be created based at least in part on the template, the policy specifying a set of permissions for performing one or more actions; and attaching the policy to a customer identity based at least in part on the security resource referenced in the template, the customer identity being associated with an access key, and wherein being associated includes the template referencing the access key, referencing including referring to an attribute of the customer identity; receiving a request for the access key from at least one resource, wherein the at least one resource is a resource of the stack of resources defined by the template, a resource of a different stack, or an external resource; and for resources that are instructed in the template to receive the user access key, providing the at least one resource with the access key. - View Dependent Claims (11, 12, 13, 14)
-
Specification