Patent attributes
Authorization decisions can be made in a resource environment using authorization functions which can be provided by customers, third parties, or other such entities. The functions can be implemented using virtual machine instances with one or more transient compute containers. This compute capacity can be preconfigured with certain software and provided using existing compute capacity assigned to a customer, or capacity invoked from a warming pool, to execute the appropriate authorization function. The authorization function can be a lambda function that takes in context and generates the appropriate security functionality inline. The utilization of ephemeral compute capacity enables the functionality to be provided on demand, without requiring explicit naming or identification, and can enable cause state information to be maintained for a customer.
