CPC H04L 63/205 (2013.01) [H04L 41/5051 (2013.01); H04L 41/5096 (2013.01); H04L 63/102 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
receiving, at an intent-based governance service in a provider network, via a user interface of the intent-based governance service of the provider network, one or more intent statements written in a domain-specific language from a customer expressing security intent for customer computing resources hosted by the provider network;
parsing the one or more intent statements based on a provider network model to generate parsed one or more intent statements;
compiling the parsed one or more intent statements into at least one access control policy;
associating the at least one access control policy with the customer computing resources based on the parsed one or more intent statements;
detecting a change to the provider network based on a static code analysis of one or more services of the provider network;
updating the provider network model based on the change to the provider network; and
recompiling, by an update manager of the intent-based governance service, the parsed one or more intent statements into an updated at least one access control policy, the updated at least one access control policy applying to at least the one or more services of the provider network that have changed.
|