Providing location-specific network access to remote services

摘要

Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to automatically include access control information to limit access to particular resources to computing nodes at the location of that provided computer network.

主权项

1. A computer-implemented method comprising:
configuring, by one or more computing systems of a service provider, a first private virtual computer network that is provided by the service provider and includes multiple computing nodes, the configuring including associating the multiple computing nodes with multiple network addresses from a plurality of network addresses specified for use with the first private virtual computer network, and further including assigning one of the plurality of network addresses separate from the multiple network addresses to represent, within the first private virtual computer network, a remote resource service external to the first private virtual computer network; restricting, by the one or more computing systems, communications sent by the multiple computing nodes to only destinations indicated by the plurality of network addresses; associating, by the one or more computing systems and with the assigned network address, an identifier that represents a location of the first private virtual computer network, wherein the identifier is an indicator supplied by the service provider for use by the remote resource service in validating that communications are sent from the location of the first private virtual computer network; modifying, by the one or more computing systems, a communication that is sent to the assigned network address by one of the multiple computing nodes to cause the modified communication to include the identifier; and forwarding, by the one or more computing systems,the modified communication to the remote resource service via one or more networks external to the first private virtual computer network.