Abstract: Apparatus and methods are disclosed herein for remote, direct memory access (RDMA) technology that enables direct memory access from one host computer memory to another host computer memory over a physical or virtual computer network according to a number of different RDMA protocols. In one example, a method includes receiving remote direct memory access (RDMA) packets via a network adapter, deriving a protocol index identifying an RDMA protocol used to encode data for an RDMA transaction associated with the RDMA packets, applying the protocol index to a generate RDMA commands from header information in at least one of the received RDMA packets, and performing an RDMA operation using the RDMA commands.

Abstract: Methods, systems, and computer-readable media for tracing service interactions without global transaction identifiers are disclosed. A service monitoring system receives an event message from a first service in a service-oriented system. The event message comprises one or more elements of data from a body of a service request from an upstream service. The first service initiates a sub-task associated with the service request. The service monitoring system receives one or more additional event messages from one or more additional services. The additional event message(s) comprise one or more additional elements of data from one or more additional service requests associated with one or more additional sub-tasks. The service monitoring system determines, based (at least in part) on the element(s) of data in the event message and the additional element(s) of data in the additional event message(s), that the sub-task and the additional sub-task(s) are associated with a higher-level task.

Abstract: Learning iterations, individual ones of which include a respective bucket group selection phase and a class boundary refinement phase, are performed using a source data set whose records are divided into buckets. In the bucket group selection phase of an iteration, a bucket is selected for annotation based on output obtained from a classification model trained in the class boundary refinement phase of an earlier iteration. In the class boundary refinement phase, records of buckets annotated as positive-match buckets for a target class in the bucket group selection phase are selected for inclusion in a training set for a new version of the model using a model enhancement criterion. The trained version of the model is stored.

Abstract: Systems and methods for configuring a virtual machine provided by a remote computing system based on the availability of one or more remote computing resources and respective corresponding prices of the one or more remote computing resources are disclosed. Users are presented with an interface that allows for selection of individual remote computing resources to be included in a custom-configured virtual machine. Also, a customized corresponding price is determined for the custom-configured virtual machine based on user selections and current availability of the selected remote computing resources to be included in the custom-configured virtual machine.

Abstract: A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.

Abstract: Methods, systems, and computer-readable media for automated management of machine images are disclosed. A machine image management system determines that a trigger for a machine image build process has occurred. The machine image management system performs the machine image build process responsive to the trigger. The machine image build process generates a machine image, and the machine image comprises a plurality of operating system components associated with an application. The machine image is validated by the machine image management system for compliance with one or more policies. The machine image management system provides the machine image to one or more recipients. One or more compute resources are launched using the machine image, and the application is executed on the compute resource(s) launched using the machine image.

Abstract: A simulation environment (e.g., multi-player game) hosted by a provider network may implement componentized entities to reduce the amount of resource usage for a simulation (e.g., by reducing the amount of input/state data transmitted through the use of dynamically changing input structures). A user may add or remove any number of components to an entity that is simulated at the local client device. When inputs are received for one or more components, values for predictive states are locally determined for each component. An input packet is generated and sent to the provider network, which includes the inputs as well as data that is based on the values for the locally predicted states (e.g., a fingerprint or other unique ID). If necessary, a correction packet may be generated at the provider network and sent back to the client.

Abstract: A system for managing deployment of quantum circuits is described. The system may include a web server configured to receive, from a consumer, a quantum computing request to perform a job using a given quantum application. The web server may generate a response based on execution of the quantum application and at least a portion of the quantum computing request and return the response to the consumer. The system may also include a deployment service configured to store quantum circuit definitions in a data store. The deployment service may receive, from the web server, a deployment request for executing a quantum circuit. The deployment service may generate a container for implementing the quantum circuit. The deployment service may configure a quantum application in the container for executing a job using the quantum circuit. The deployment service may provide the web server access to results of the execution of the job.

Abstract: An Application Programming Interface (API) allows a launching of a virtual machine where a queue count can be configured by a user. More specifically, each virtual machine can be assigned a pool of queues. Additionally, each virtual machine can have multiple virtual networking interfaces and a user can assign a number of queues from the pool to each virtual networking interface. Thus, a new metadata field is described that can be used with requests to launch a virtual machine. The metadata field includes one or more parameters that associate a number of queues with each virtual networking interface. A queue count can be dynamically configured by a user to ensure that the queues are efficiently used given that the user understands the intended application of the virtual machine being launched.

Abstract: A data service implements a configurable data compressor/decompressor using a recipe generated for a particular data set type and using compression operators of a common registry (e.g., pantry) that are referenced by the recipe, wherein the recipe indicates at which nodes of a compression graph respective ones of the compression operators of the registry are to be implemented. The configurable data compressor/decompressor provides a customizable framework for compressing data sets of different types (e.g., belonging to different data domains) using a common compressor/decompressor implemented using a common set of compression operators.

Abstract: Connectivity is enabled between a first and second isolated network using a virtual traffic hub that includes a decision master node responsible for determining a routing action for a packet received at the hub. At the hub, a determination is made that a particular domain name system (DNS) message being directed to a first resource in the first isolated network is to include an indication of a second resource in the second isolated network. The second resource is assigned a network address within a private address range of the second isolated network, which overlaps with a private address range being used in the first isolated network. The hub causes a transformed version of the network address to be included in the DNS message delivered to the first resource.

Abstract: A multitenant solver execution service provides managed infrastructure for defining and solving large-scale optimization problems. In embodiments, the service executes solver jobs on managed compute resources such as virtual machines or containers. The compute resources can be automatically scaled up or down based on client demand and are assigned to solver jobs in a serverless manner. Solver jobs can be initiated based on configured triggers. In embodiments, the service allows users to select from different types of solvers, mix different solvers in a solver job, and translate a model from one solver to another solver. In embodiments, the service provides developer interfaces to, for example, run solver experiments, recommend solver types or solver settings, and suggest model templates. The solver execution service relieves developers from having to manage infrastructure for running optimization solvers and allows developers to easily work with different types of solvers via a unified interface.

Abstract: Techniques are described for providing a policy refiner application used to analyze and recommend modifications to identity and access management policies created by users of a cloud provider network (e.g., to move the policies toward least-privilege permissions). A policy refiner application receives as input a policy to analyze, and a log of events related to activity associated with one or more accounts of a cloud provider network. The policy refiner application can identify, from the log of events, actions that were permitted based on particular statements contained in the policy. Based on field values contained in the corresponding events, the policy refiner application generates an abstraction of the field values, where the abstraction of the field values may represent a more restrictive version of the field from a policy perspective. These abstractions can be presented to users as recommendations for modifying their policy to reduce the privileges granted by the policy.

Abstract: Systems and methods for implementing record locking for transactions using a probabilistic data structure are described. This probabilistic structure enables adding of data records without growth of the data structure. The data structure includes a hash table for each of multiple hash functions, where entries in the respective hash tables store a transaction time and locking state. To lock a record, each hash function is applied to a record key to provide an index into a respective hash table and a minimum of the values stored in the hash tables is retrieved. If the retrieved value is less than a transaction time for a transaction attempting to lock the record, locking is permitted and the transaction time is recorded to each of the hash tables. To commit the transaction, the probabilistic data structure is atomically updated as part of the commit operation.

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Abstract: A multitenant solver execution service provides managed infrastructure for defining and solving large-scale optimization problems. In embodiments, the service executes solver jobs on managed compute resources such as virtual machines or containers. The compute resources can be automatically scaled up or down based on client demand and are assigned to solver jobs in a serverless manner. Solver jobs can be initiated based on configured triggers. In embodiments, the service allows users to select from different types of solvers, mix different solvers in a solver job, and translate a model from one solver to another solver. In embodiments, the service provides developer interfaces to, for example, run solver experiments, recommend solver types or solver settings, and suggest model templates. The solver execution service relieves developers from having to manage infrastructure for running optimization solvers and allows developers to easily work with different types of solvers via a unified interface.

Abstract: A system for providing code suggestions according to licensing criteria is described. The system comprises computing devices that implement a code suggestion service. The code suggestion service receives a request that specifies licensing criteria via an interface of the code suggestion service. The code suggestion service determines respective licenses for respective source code files according to a source code attribution database from parsing the plurality of source code files that are applicable to the plurality of source code files. The code suggestion service generates a set of candidate code suggestions based, at least in part, on the plurality of source code files. The code suggestion service determines code suggestions from the set of candidate code suggestions that satisfy the licensing criteria based on the respective licenses. The code suggestion service provides the code suggestions determined from the set of candidate source code files that satisfy the licensing criteria.

Abstract: A multitenant solver execution service provides managed infrastructure for defining and solving large-scale optimization problems. In embodiments, the service executes solver jobs on managed compute resources such as virtual machines or containers. The compute resources can be automatically scaled up or down based on client demand and are assigned to solver jobs in a serverless manner. Solver jobs can be initiated based on configured triggers. In embodiments, the service allows users to select from different types of solvers, mix different solvers in a solver job, and translate a model from one solver to another solver. In embodiments, the service provides developer interfaces to, for example, run solver experiments, recommend solver types or solver settings, and suggest model templates. The solver execution service relieves developers from having to manage infrastructure for running optimization solvers and allows developers to easily work with different types of solvers via a unified interface.

Abstract: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity such as a hub to manage authentication, for example. In some instances, the third party may also perform endpoint selection (e.g., load balancing) by providing a particular endpoint along with the token.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for dynamic product summary images. The dynamic product summary images may be displayed on product pages or in association with individual product search results. The dynamic product summary images may comprise a number of different visual icons that provide a customer quick and easily-digestible information about a product. The dynamic product summary image may also be specific to the user such that different users may be presented with different icons based on details about the product that they are likely to find most important. For example, a dynamic product summary image for a laptop may include an icon indicating a processor type, an icon indicating a graphics card type, an icon indicating an operating system, etc. This provides for a more efficient product browsing process and mitigates or eliminates the need for the customer to search the entire product page for important details about the product.

Abstract: A constraint on a location at which a portion of a data set can be stored is determined based on input received via a programmatic interface. The portion of the data set is stored at a location selected in accordance with the constraint. An analysis operation, whose input includes the portion of the data set, is performed at a set of computing resources selected from a plurality of resources based at least in part on their location.

Abstract: A system and method for indicating, via a heralding signal, that an amplitude damping decay event has occurred within a quantum low-density parity-check code is disclosed. Logical information may be encoded into a superconducting qubit using one or more transmons, wherein a first level and a second level are encoded into a code space of the qubit, and at least one intermediate level outside of the code space characterizes an amplitude damping decay channel which is then used to herald an amplitude damping decay event. Dynamical decoupling pulse sequences may be used to drive such qubit structures and bias noise towards the amplitude damping decay channel. The one or more heralding signals within a lower-level code may then be used as input to a quantum low-density parity-check code for decoding syndrome measurements with the knowledge of occurrences of amplitude damping decay as indicated via the one or more heralding signals.

Abstract: Systems, methods, and devices are disclosed for front-lit displays having uniform brightness. In one embodiment, an example display may include an electrophoretic display, a light guide configured to direct light from one or more light emitting diodes, and a cover lens assembly. The cover lens assembly may include a cover glass layer, an anti-glare film coupled to the cover glass layer, and a hot melt adhesive disposed about lateral edge surfaces of the cover glass layer and the anti-glare film, such that the hot melt adhesive forms a perimeter of the cover lens assembly.

Abstract: Methods and apparatus for dynamic modification of interruptibility settings of network-accessible resources are disclosed. A system includes a resource manager and a plurality of resource instances, each of which has an interruptibility setting. In response to an instance acquisition request, the resource manager allocates an instance with a first interruptibility setting, allowing the resource manager to revoke the client's access to the instance without a notification. In response to an approval of an interruptibility upgrade request, the resource manager modifies the interruptibility setting to a second setting that allows the client to retain access to the instance for at least a specified time. Respective billing amounts for the client's use of the instance are determined for each of the interruptibility settings used.

Abstract: Systems, methods, and computer-readable media are disclosed for improved wireless battery charging. The device may include a battery, and may be configured to determine that the battery is de-coupled from a wireless charger at a first time, determine that the battery is coupled to the wireless charger at a second time, determine that a first elapsed time between the first time and the second time is equal to or less than a first threshold, and cause charging of the battery to be disabled for a first time duration.

Abstract: An instance secrets management isolated runtime environment is launched at a virtualization server, and utilizes a subset of memory assigned to a compute instance. The subset of memory is inaccessible from entities external to the runtime environment. A secrets manager of the runtime environment provides a security artifact to an application, running at the compute instance, which has requested access to a resource. The artifact is generated by the secrets manager using a security secret associated with the compute instance; the secret is not accessible to programs external to the runtime environment. In response to a determination that the artifact is valid, the application obtains access to the resource.

Abstract: In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service.

Abstract: Systems, devices, and methods are provided for package delivery guidance and assistance. A vehicle may comprise one or more sensors. A processing unit of the vehicle may determine, based on vehicle data obtained from the one or more sensors, that the vehicle is in a first state, determine that the first state corresponds to a first sub-task of the plurality of sub-tasks, determine a first graphical interface for performance of the first sub-task, present the first graphical interface on a first display screen of the at vehicle, responsive to additional vehicle data obtained from the one or more sensors indicating that the vehicle is in a second state: determine that the second state corresponds to a second sub-task of the plurality of sub-tasks, and update the first display screen with a second graphical interface that is for performance of the second sub-task.

Abstract: A vehicle data streaming service may receive requests to register plug-ins to generate synthetic vehicle attribute data streams. A plug-in service of the vehicle data streaming service may configure a given plug-in in an internal containerized environment in a fully automated manner and/or configure the plug-in in an external compute service environment. The vehicle data streaming service may configure the plug-ins to receive input streams to generate synthetic attribute output streams. The vehicle data streaming service and the plug-in service may allow the synthetic attribute output streams to be associated with synthetic vehicle attributes included, or to be included, in a curated catalog of vehicle attributes. The vehicle data streaming service furthermore allows one or more vehicle data stream destinations to subscribe to the synthetic vehicle attributes included in the catalog.

Abstract: Systems and methods are disclosed for longitudinal scoring of roll-formed containers. In one embodiment, an example system may include a first scoring device having a first rolling die, a first arm coupled to the first rolling die, a second rolling die, a second arm coupled to the second rolling die, and a first support member configured to support the first arm and the second arm. The first arm and the second arm may be configured to: (i) slide along the first support member, such that a distance between the first rolling die and the second rolling die is adjusted, and (ii) rotate about the first support member from a first position to a second position, such that the first rolling die and the second rolling die move from the first position to the second position. The first scoring device may score ends of the packaging material.

Abstract: Systems and methods are disclosed for implementing a vehicle shadow service configured to construct and maintain up-to-date vehicle shadows using asynchronously received disaggregated vehicle data. For example, different sensors of a vehicle may provide sensor data into a data stream at different times in a disaggregated manner. A vehicle shadow may be constructed using partial sensor data from a sub-set of sensors of the vehicle, and may be updated or augmented using asynchronously received sensor data from other sensors of the vehicle.

Abstract: A vehicle data streaming service provides a curated catalog of vehicle attributes and allows a vehicle data stream source to register to the vehicle data streaming system and associate its data stream to a vehicle attribute of the attribute catalog. The vehicle data streaming service also allows vehicle data stream destinations to subscribe to the vehicle attribute in the vehicle catalog, receives streamed vehicle data from the data stream source, and sends streamed vehicle data conforming to registration requirements to the data stream destinations. Additionally, the vehicle data streaming service may allow management of the vehicle attribute catalog and may further manage the registration one or more sources and the subscriptions of one or more destinations.

Abstract: A feature deployment service of a provider network may deploy feature processing units (FPUs) to implement data processing features at both a provider network and edge devices. The use of FPUs may allow a client to use new features at the edge, without delays due to compliance/testing or software upgrades. An FPU includes a model and compute logic that are used to implement a data processing feature. A feature processing service deploys the FPU to an FPU engine at the provider network and also deploys the FPU to edge devices of the client's network that each include an edge FPU engine. The FPU engine at the provider network and the edge FPU engine at each edge device conform to a common specification/API, allowing deployment and use of the same FPU/data processing features at both the cloud and the edge.

Abstract: Methods, systems, and computer-readable media for a service for managing quantum computing resources are disclosed. A task management service receives a description of a task specified by a client. From a pool of computing resources of a provider network, the service selects a quantum computing resource for implementation of the task. The quantum computing resource comprises a plurality of quantum bits. The service causes the quantum computing resource to run a quantum algorithm associated with the task. The service receives one or more results of the quantum algorithm from the quantum computing resource.

Abstract: A quantum programming environment may include an assisted composition system to assist the composition of quantum objects. The assisted composition system may receive a partial portion of a quantum object that is being composed but not yet fully composed by a user. The assisted composition system may determine a first abstract representation of the partial portion of the quantum object being composed. The assisted composition system may determine that the first abstract representation resembles at least a first portion of a second abstract representation of a stored quantum object stored in a library for the quantum programming environment. The assisted composition system may obtain a second portion of the stored quantum object from the library and provide it to the user as a next portion to the partial portion of the quantum object being composed.

Abstract: Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.

Abstract: A timecoding technique for determining and assigning timecodes for variable frame rate video. Content identified for timecode assignment is decoded, and for sequential frames of the content, portions of timestamps are compared to determine if the frames are from a same time period (e.g., from the same second in time). For a subsequent frame from the same time period, an index is atomically incremented, a timecode generated from a combination of the time period and the index, and the timecode assigned to the frame. For a subsequent frame from a different time period, the index is initialized, a timecode generated from a combination of the different time period and the initialized index, and the timecode assigned to the frame. Accumulated durations of frames may be used in place of timestamps, in some instances.

Abstract: Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.

Abstract: Methods and apparatus for centralized networking configuration in distributed systems are disclosed. Networking related metrics from a plurality of sources within a distributed system are obtained at a networking configuration server. A set of rules to be used to apply a network configuration option to a particular category of traffic associated with a node of the distributed system is determined based on the collected metrics and on networking management policies. A representation of the set of rules is transmitted to the node of the distributed system to schedule network transmissions in accordance with the networking configuration option.

Abstract: Systems, methods, and computer-readable media are disclosed for determining contextually relevant application templates associated with electronic message content.

Abstract: Various embodiments of apparatuses and methods for multi-cast, multiple unicast, and unicast distribution of messages with time synchronized delivery are described. In some embodiments, the disclosed system and methods include a reference timekeeper providing a reference clock to one or more host computing devices. The one or more host computing devices host compute instances, and also contain respective isolated timing hardware outside the control of the compute instances. The isolated timing hardware of the one or more host computing devices then receive respective packets, and obtain the same time to deliver the respective packets. Each isolated timing hardware provides either the packet, or information to access the packet, to its respective destination compute instance subsequent to determining that the same specified time to deliver the packet has occurred. Thus, the respective packets are delivered near simultaneously to the one or more destination compute instances.

Abstract: Various embodiments of apparatuses and methods for an automated machine learning pipeline service and an automated machine learning pipeline generator are described. In some embodiments, the service receives a request from a user to generate a machine learning solution, as well as a dataset that comprises values with different user variable types, and mapping of the user variable types to pre-defined types. The generator can validate the dataset, enrich the values of the dataset using external data sources, transform values of the dataset based on the pre-defined types, train a machine learning model using the enriched and transformed values, and compose an executable package, comprising enrichment recipes, transformation recipes, and the trained machine learning model, that generates scores for other data when executed. The service can further test the executable package using testing data, and provide results of the test to the user.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for automated identification and mapping of objects in video content. Example methods may include determining a first set of frames in video content, determining, using one or more object recognition algorithms, a first object present in the first set of frames, determining that a first product corresponding to the first object is present in a product catalog comprising a set of product images, associating a first product identifier of the first product with a video identifier of the video content, and causing presentation of a set of product identifiers associated with the video identifier.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for voice-based device operation mode management. Example methods may include determining that a device is coupled to an accessory device, and determining that being coupled to the accessory device triggers activation of a first operation mode at the device. The first operation mode presents digital content at the display in a user interface having a first content density that is less than a second content density of a second operation mode. Example methods may include causing the device to activate the first operation mode, receiving first voice data indicative of a request to change the device operation mode to the second operation mode, and causing the device to activate the second operation mode.

Abstract: A resource provisioning service allows users to provision multiple, different network resources in an atomic manner and with a single call to a resource provisioning service. In some instances, the multiple, different network resources comprise individual types of resources that form a portion of one or more cloud-computing platforms. For instance, one or more entities may host and operate a cloud-computing platform that includes different types of network resources, such a storage service, a load balancing service, a compute service, a security service, or any other similar or different type of network-accessible service.

Abstract: A control plane server of a virtualized computing service determines that connectivity is to be established between a first portion and a second portion of a distributed application. The first portion runs at a first edge location of a provider network, and the second portion runs at a second edge location. The control plane server transmits metadata associated with the second edge location to a connectivity manager at the first edge location. The metadata is used to establish a secure network channel between the connectivity manager and the second edge location. A message from the first portion of the distributed application is sent to the second portion via the channel.

Abstract: A request to establish an encrypted VPN connection between a network and the provider network via a dedicated direct physical link and a set of resources of the provider network is received. An isolated virtual network (IVN) is established to implement an encryption virtual private gateway to be used for the connection. Protocol processing engines (PPEs) are instantiated within the IVN, address information of the PPEs is exchanged with the external network and an encrypted VPN tunnel is configured between the PPEs and the external network. Routing information pertaining to the set of resources is provided to the external network via at least one of the encrypted VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the external network via an encrypted VPN tunnel implemented over a dedicated direct physical link between the external network and the provider network.

Abstract: Methods, systems, and computer-readable media for implementing rule-based triggering in a provider network are disclosed. When conditions are met for one or more triggers, one or more rules that comprise the one or more triggers are determined. The conditions are determined in a provider network comprising a plurality of resources. One or more actions are determined in the one or more rules that comprise the one or more triggers. The one or more actions are performed, comprising modifying one or more of the resources in the provider network.

Abstract: A plurality of metrics records, including some records indicating metrics for which anomaly analysis has been performed, is obtained. Using a training data set which includes the metrics records, a machine learning model is trained to predict an anomaly analysis relevance score for an input record which indicates a metric name. Collection of a particular metric of an application is initiated based at least in part on an anomaly analysis relevance score obtained for the particular metric using a trained version of the model.

Abstract: Systems, devices, and methods are provided for end-to-end tagging and tracking of event signals subject to privacy policies. User events comprising event source data may be collected. A user may be associated with a segment, and the segment may be mapped to data lineage information corresponding to the events that were used to determine that the user is in segment. A segment cache may be generated comprising portions that correspond to different data lineages subject to different privacy policies. Bid requests may be received and processed according to applicable privacy policies.