Abstract: An identity service in a cloud environment is communicatively coupled to a proxy key vault in the cloud environment and to an external key manager (EKM) located outside of the cloud environment. The identity service receives a token request for a communication credential from the proxy key vault and verifies the request based on a client credential associated with the proxy key vault. The identity service generates the client credential and signs the communication credential with a private key associated with the EKM. The identify service transmits the signed communication credential to the proxy key vault. The communication credential can be used to substantiate cryptographic operation requests to the EKM.

Abstract: A key management service (KMS) in a cloud computing environment has an internal vault for cryptographic operations by an internal cryptographic key within the cloud environment and a proxy key vault communicatively coupled to an external key manager (EKM) that stores an external cryptographic key. The KMS uses a provider-agnostic application program interface (API) that permits the cloud service customer to use the same interface request and format for cryptographic operation requests regardless of whether the request is for an operation directed to an internal vault or to an external vault and regardless of the particular vendor of the external key management service operating on the external hardware device.

Abstract: Techniques for enabling a customer operator of a cloud service provider (CSP) the ability to disable operator access to resources in a customer cloud environment are disclosed. Operator access may be disabled or suspended by operators of the CSP customer initiating a disable command. Disabling operator access includes (a) terminating existing sessions that provide operators access to the resources, (b) rejecting new requests for credentials to establish sessions that provide operator access, and/or (c) revoking existing credentials used to establish sessions that provide operator access. Disabling operator access may apply to resources in the customer cloud environment or to a subset of resources and/or may apply to some operators but not to other operators. The operators may be of the same or different categories of operators. At the conclusion of a designated period of time, the ability of operator to access the customer cloud environment may be restored.

Abstract: Techniques for providing user access to cloud environments through an administrative tenancy to comply with sovereignty requirements are disclosed. The administrative tenancy is one of multiple tenancies in the cloud environment. The administrative tenancy includes tools for communicating with services running outside of the administrative tenancy. The user may only be able to access these services through the administrative tenancy. User access to the administrative tenancy requires the user to satisfy one or more sovereignty requirements. After determining that the user satisfies the sovereignty requirements for the cloud environment, the system grants the user access to the tools within the administrative tenancy to communicate with services outside the administrative tenancy.

Abstract: A method and system for generating permissions policies and permission boundary policies are described. The system receives a first request from a central administrator to create a delegated administrator, the first request specifying with one or more access permissions. The system generates a permission boundary policy that specifies the one or more access permissions and a first permissions policy that grants permissions to the delegated administrator to at least one of create an IAM principal with the permission boundary policy or attach a second permissions policy to the IAM principal. An effective permission given to the IAM principal is an intersection of access permissions specified in the first permissions policy and the one or more access permissions in the permission boundary policy. The system attaches the first permissions policy and the permission boundary policy to the delegated administrator.