Amazon.com, Inc.
Access control system

Abstract:

A system provides credential management for computer systems and services within a customer data center by acting as an intermediary to an authentication service of a computing resource service provider. In an embodiment, an application server hosts an agent that is registered as a trusted provider of credentials. In an embodiment, the agent is cryptographically linked to the application server using a digital certificate. In an embodiment, the agent uses the digital certificate to authenticate with a credential server, and the credential server provides short-term credentials that may be used to access services of the computing resource service provider. In an embodiment, the short-term credentials are transmitted from the credential server to the agent, and the agent provides the credentials to one or more applications running on the application server. In an embodiment, the credentials allow the applications to access the services of the computing resource service provider.