Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.

Abstract: A method and apparatus for testing and simulating an access control policy are disclosed. Evaluating an access control policy may be performed by utilizing a deny statement that causes the access request to be rejected despite actions indicated in the access request being authorized. Further, an independent simulation environment may be utilized for testing access control policy evaluation.

Abstract: A method and apparatus for the evaluation and remediation of an access control policy is disclosed. In the method and apparatus, an intermediary service may make access request, on behalf of a customer, to one or more computing resources and the access control policy is evaluation to determine whether the request is authorized. Further, remediation options for the access control policy are offered for the request to be authorized.

Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.

Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.

Abstract: A 3D shipping container engine may obtain item information for one or more items. Once obtained, container specifications may be determined for a container in which to store the one or more items based on the item(s) information. Based the container specifications, 3D additive manufacturing instructions may be provided for the container.

Abstract: Techniques are described for generating and using virtual machine images and other software images in configured manners, such as by an image generating service on behalf of clients. An image may be configured to include or use multiple underlying components to construct the image, and specified configuration information may cause the generating process for the image to be triggered when underlying construction components change or otherwise when specified triggering conditions are satisfied. For example, an image to be manufactured may include a software program under development by a software developer client, with code files used to create the software program being among the construction components, such that client actions involving those code files (e.g., committing a new version with recent changes to a code repository) triggers a new version of the image to be manufactured that incorporates those changes.

Abstract: A customer network client detects, through a user interface, selection of a graphical representation of a set of virtual machine images and an indication to migrate this set of virtual machine images to an off-premises network managed by a computing resource service provider. In response, the client generates a set of application programming interface calls, which may be transmitted to the service provider and causes the service provider to convert the selected images for use within the off-premises network. The client monitors fulfillment of the calls and, upon determining that the calls has been fulfilled, updates a portion of the user interface associated with the computing resource service provider to indicate that the images may be instantiated within the off-premises network.

Abstract: An authorization check web service request is disclosed. The web service request can include a parameter controlling whether or not to perform the action associated with the web service request. The parameter can be included in the web service request itself, or it can be separated therefrom, such as being included in a customer account. Using this parameter, the requestor can perform an authorization check without actually performing the action. Thus, customers can determine the authorization result of a request without actually processing the request itself. Customers and other services can use this parameter to determine their effective permissions.

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.

Abstract: A network-based discovery system and service are disclosed that provide client discovery services to a number of clients over a network. The network-based discovery system includes a database that stores discovery information of client network-based resource configurations. The discovery information may be obtained from client resources by client-side discovery components that are placed on client resources, obtain the discovery information and that send the information to the discovery system. The discovery system analyzes the discovery information to determine the client network-based resource configurations and generates client network-based resource configuration representations for the respective clients. The client network-based resource configuration representation may include a description of, and dependencies among, a plurality of computer-based resources.

Abstract: A computing resource service provider may receive, from a user client connected to an on-premises network, a security document specifying one or more user roles defining a level of access to customer resources within the on-premises network. In response, the service provider may generate and provide the user client with a cookie specifying the user roles and including an address for an interface within the service provider network. The service provider may receive a request from the user client to access one or more customer resources hosted by the service provider. The request may include the cookie previously provided to the user client. Accordingly, the service provider may extract the user roles from the cookie and determine, based at least in part on these user roles, whether to fulfill the user client request.