Authorization check using a web service request
First Claim
1. A method of performing an authorization check of an API request, the method comprising:
- receiving the API request associated with a requestor, the API request including a parameter controlling whether or not to perform an action associated with the API request;
retrieving state information associated with one or more resources that are impacted by the action should it be performed, wherein the one or more resources include an instance running on a host server computer and wherein the state information includes one of the following;
a type of the instance, a region in which the instance is executing, or a security group associated with the instance;
retrieving policy information;
comparing the state information to the policy information to determine whether the requestor is authorized to perform the action associated with the API request; and
if the parameter indicates that the action should not be performed, then returning a result indicating whether the requestor is authorized to perform the action, but without performing the action.
1 Assignment
0 Petitions
Accused Products
Abstract
An authorization check web service request is disclosed. The web service request can include a parameter controlling whether or not to perform the action associated with the web service request. The parameter can be included in the web service request itself, or it can be separated therefrom, such as being included in a customer account. Using this parameter, the requestor can perform an authorization check without actually performing the action. Thus, customers can determine the authorization result of a request without actually processing the request itself. Customers and other services can use this parameter to determine their effective permissions.
-
Citations
17 Claims
-
1. A method of performing an authorization check of an API request, the method comprising:
-
receiving the API request associated with a requestor, the API request including a parameter controlling whether or not to perform an action associated with the API request; retrieving state information associated with one or more resources that are impacted by the action should it be performed, wherein the one or more resources include an instance running on a host server computer and wherein the state information includes one of the following;
a type of the instance, a region in which the instance is executing, or a security group associated with the instance;retrieving policy information; comparing the state information to the policy information to determine whether the requestor is authorized to perform the action associated with the API request; and if the parameter indicates that the action should not be performed, then returning a result indicating whether the requestor is authorized to perform the action, but without performing the action. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage media having instructions thereon for performing an authorization check of a web service request, the method comprising:
-
receiving the web service request associated with an action to be performed in a multi-tenant environment, the web service request associated with a parameter indicating whether to return an authorization result without performing the action; performing an authorization check, the authorization check including retrieving state information for instances executing within the multi-tenant environment and retrieving policy information associated with permissions and comparing the state information to the permissions, wherein the state information includes one or more regions in which the instances are executing, security groups associated with the instances, or costs associated with the instances; detecting a state of the parameter; and based on the state of the parameter, returning an authorization result indicating whether the web service request is authorized without performing the action. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for performing an authorization check, comprising:
-
an admission control component for accessing a policy document in response to an API request from a user, the API request being a request to perform an action; a first host server computer executing a resource manager to obtain state information associated with resources executing on host server computers that are impacted by the API request, wherein the resources include instances executing on the host server computers and the state information includes security groups associated with the instances; and a second host server computer coupled to the first host server computer and executing an authorization check component to determine whether the user is authorized to perform the action based, at least in part, on a comparison between the policy document and the state information, and to return an authorization check response without performing the action.
-
Specification