US 11,677,789 B2
Intent-based governance
Neha Rungta, San Jose, CA (US); Daniel George Peebles, Richland, WA (US); Andrew Jude Gacek, Maple Grove, MN (US); Marvin Theimer, Seattle, WA (US); Rebecca Claire Weiss, Vienna, VA (US); and Brigid Ann Johnson, Seattle, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Dec. 11, 2020, as Appl. No. 17/119,663.
Prior Publication US 2022/0191253 A1, Jun. 16, 2022
Int. Cl. G06F 15/16 (2006.01); H04L 9/40 (2022.01); H04L 41/5051 (2022.01); H04L 41/50 (2022.01)
CPC H04L 63/205 (2013.01) [H04L 41/5051 (2013.01); H04L 41/5096 (2013.01); H04L 63/102 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, at an intent-based governance service in a provider network, via a user interface of the intent-based governance service of the provider network, one or more intent statements written in a domain-specific language from a customer expressing security intent for customer computing resources hosted by the provider network;
parsing the one or more intent statements based on a provider network model to generate parsed one or more intent statements;
compiling the parsed one or more intent statements into at least one access control policy;
associating the at least one access control policy with the customer computing resources based on the parsed one or more intent statements;
detecting a change to the provider network based on a static code analysis of one or more services of the provider network;
updating the provider network model based on the change to the provider network; and
recompiling, by an update manager of the intent-based governance service, the parsed one or more intent statements into an updated at least one access control policy, the updated at least one access control policy applying to at least the one or more services of the provider network that have changed.