Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.

Abstract: A policy auditing service can be implemented, in accordance with at least one embodiment that obtains a set of parameters that indicates a snapshot of a policy configuration for an account, a query, and a security policy. The security policy may encode a security requirement or invariant. The policy auditing system may determine states that can be reached via mutative operations (e.g., role assumption) and use a policy analyzer service to determine whether assuming a role results in a grant of access that is at least as permissive as the security policy of the set of parameters.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: In some embodiments, a system is provided, and computer-executable instructions cause the system to: obtain a file with instructions for provisioning resources of a service by referencing types of compute resources and including instructions for generating a customized resource of a first type; determine that the file references a first type of compute resources; retrieve threat modeling information associated with the first type of resource, including information identifying a first potential threat; generate a graph with nodes representing the first type of resource, the customized resource, and the first potential threat, and an edge connecting the first node and the second node with a predicate indicative of the relationship them; generate an ontology statement that relate the customized resource and first type of resource; and provide a plurality of ontology statements representing the graph to a reasoner to perform at least a portion of a security review without user intervention.

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.

Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.

Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: A constraint solver service of a computing resource service provider performs evaluations of logic problems provided by the service provider's users and/or services by deploying a plurality of constraint solvers to concurrently evaluate the logic problem. Each deployed solver has, or is configured with, different characteristics and/or capabilities than the other solvers; thus, the solvers can have varying execution times and ways of finding a solution. The service may control execution of the solvers using virtual computing resources, such as by installing and configuring a solver to execute in a software container instance. The service receives solver results and delivers them according to a solution strategy such as “first received” to reduce latency or “check for agreement” to validate the solution. An interface allows the provider of the logic problem to select and configure solvers, issue commands and modifications during solver execution, select the solution strategy, and receive the solution.

Abstract: A security assessment system of a computing resource service provider performs security analyses of virtual resource instances, such as virtual machine instances and virtual data store instances, to verify that certain invariable security requirements are satisfied by the instances' corresponding configurations; these analyses are performed before the instances are provisioned and deployed. If the security checks, which can be selected by the administrator of the resources, fail, the requested resources are denied deployment. Notifications identifying the faulty configuration(s) may be send to the administrative user. A template for launching virtual resource instances may be transformed into an optimized template for performing the pre-deployment security checks, such as by storing information needed to perform the checks within the optimized template itself.