Providing location-specific network access to remote services
First Claim
1. A computer-implemented method comprising:
- configuring, by one or more computing systems of a service provider, a first private virtual computer network that is provided by the service provider and includes multiple computing nodes, the configuring including associating the multiple computing nodes with multiple network addresses from a plurality of network addresses specified for use with the first private virtual computer network, and further including assigning one of the plurality of network addresses separate from the multiple network addresses to represent, within the first private virtual computer network, a remote resource service external to the first private virtual computer network;
restricting, by the one or more computing systems, communications sent by the multiple computing nodes to only destinations indicated by the plurality of network addresses;
associating, by the one or more computing systems and with the assigned network address, an identifier that represents a location of the first private virtual computer network, wherein the identifier is an indicator supplied by the service provider for use by the remote resource service in validating that communications are sent from the location of the first private virtual computer network;
modifying, by the one or more computing systems, a communication that is sent to the assigned network address by one of the multiple computing nodes to cause the modified communication to include the identifier; and
forwarding, by the one or more computing systems,the modified communication to the remote resource service via one or more networks external to the first private virtual computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users'"'"' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to automatically include access control information to limit access to particular resources to computing nodes at the location of that provided computer network.
114 Citations
26 Claims
-
1. A computer-implemented method comprising:
-
configuring, by one or more computing systems of a service provider, a first private virtual computer network that is provided by the service provider and includes multiple computing nodes, the configuring including associating the multiple computing nodes with multiple network addresses from a plurality of network addresses specified for use with the first private virtual computer network, and further including assigning one of the plurality of network addresses separate from the multiple network addresses to represent, within the first private virtual computer network, a remote resource service external to the first private virtual computer network; restricting, by the one or more computing systems, communications sent by the multiple computing nodes to only destinations indicated by the plurality of network addresses; associating, by the one or more computing systems and with the assigned network address, an identifier that represents a location of the first private virtual computer network, wherein the identifier is an indicator supplied by the service provider for use by the remote resource service in validating that communications are sent from the location of the first private virtual computer network; modifying, by the one or more computing systems, a communication that is sent to the assigned network address by one of the multiple computing nodes to cause the modified communication to include the identifier; and forwarding, by the one or more computing systems, the modified communication to the remote resource service via one or more networks external to the first private virtual computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium having stored contents that cause a computing system of a service provider to:
-
configure, by the computing system and based at least in part on configuration information received from a client of the service provider, a private virtual computer network that includes multiple computing nodes and is provided by the service provider for use by the client, the configuring including associating the multiple computing nodes with multiple network addresses from a plurality of network addresses specified by the client for use with the private virtual computer network, and further including assigning one of the plurality of network addresses separate from the multiple network addresses to represent, within the private virtual computer network, a remote resource service external to the private virtual computer network; associate, by the computing system and with the assigned network address representing the remote resource service, an identifier that represents a location of the private virtual computer network, wherein the identifier is an indicator supplied by the service provider for use by the remote resource service in validating that communications are sent from the location of the private virtual computer network; restrict, by the computing system, access by the multiple computing nodes to only destinations indicated by the plurality of network addresses; modify, by the computing system, a communication that is sent to the assigned network address by one of the multiple computing nodes so that the modified communication includes the identifier, to cause the remote resource service to associate the location represented by the identifier with the modified communication; and forward, by the computing system and over one or more networks separate from the private virtual computer network, the modified communication to the remote resource service. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computing system comprising:
-
one or more processors; and one or more memories with stored instructions that, when executed by at least one of the one or more processors, cause the at least one of the one or more processors to provide a computer network for a client from a service provider by; creating for the client a virtual computer network having multiple computing nodes; associating the multiple computing nodes with multiple network addresses from a plurality of network addresses specified for use with the created virtual computer network, and assigning one of the plurality of network addresses separate from the multiple network addresses to represent, within the created virtual computer network, a remote resource service external to the created virtual computer network; associating an identifier specific to a location of the created virtual computer network with the assigned network address representing the remote resource service, wherein the identifier is an indicator supplied by the service provider for use by the remote resource service in validating that communications are sent from the location of the created virtual computer network; restricting the multiple computing nodes of the virtual computer network from interacting with network addresses other than the plurality of network addresses; modifying a communication that is sent to the assigned network address by one of the multiple computing nodes, to cause the modified communication to include the identifier specific to the location of the created virtual computer network; and forwarding, over one or more networks separate from the created virtual computer network, the modified communication to the remote resource service, to cause the remote resource service to associate the modified communication with the created virtual computer network based at least in part on the included identifier specific to the location of the created virtual computer network. - View Dependent Claims (25, 26)
-
Specification