| 发明名称 | Security policy creation in a computing environment | ||
| 摘要 | This disclosure describes, in part, systems and techniques for creating policies to enable software to access resources protected by one or more rule sets after the software is implemented to run in a computing service that includes the one or more rule sets. To access different resources, network communication protocols and port addresses may be used, such as for inter-server communications. In some embodiments, an administrator of a particular computing service may initiate a learning mode that enables configuration of software to be run in the computing service and/or configuration of a computing service that runs the software. The learning mode may be implemented by a transmission manager using a manual learning mode and/or an automatic learning mode. | ||
| 申请公布号 | US9413778(B1) | 申请公布日期 | 2016.08.09 |
| 申请号 | US201314133416 | 申请日期 | 2013.12.18 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Elisha Simon Jeremy |
| 分类号 | H04L29/00;H04L29/06;G06F21/62 | 主分类号 | H04L29/00 |
| 代理机构 | Lee & Hayes, PLLC | 代理人 | Lee & Hayes, PLLC |
| 主权项 | 1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed, cause one or more processors to perform acts comprising: causing a computing service to operate in a normal operation mode that implements rule sets that prevent unauthorized network access to one or more customer virtual machines operated by the computing service; causing the computing service to transition operation from the normal operation mode to a learning mode that at least temporarily disables at least some of the rule sets for a virtual machine and allows software, without previous configuration, to cause the virtual machine to obtain network access; recording, in a data log, information about traffic sent to or from the virtual machine in response to operations caused by the software; creating rules, based at least in part on the information about the traffic sent to or from the virtual machine in the data log, to include in the rule sets, the created rules to allow subsequent traffic to or from the virtual machine that is similar in at least one respect to the recorded information about the traffic; causing the computing service to terminate the learning mode and resume operation in the normal operation mode; and enforcing the rule sets that include the created rules. | ||
| 地址 | Reno NV US | ||