ESTABLISHING SECURE REMOTE ACCESS TO PRIVATE COMPUTER NETWORKS

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation. 117-. (canceled)18. A non-transitory computer-readable medium having stored contents that configure a computing system to perform a method , the method comprising:receiving, by a service associated with the configured computing system, a request that is programmatically made by a first client via a first programmatic interface to configure remote access from a first remote location to a first computer network provided by the service; andresponding, by the configured computing system, to the received request by initiating an acquisition of a hardware device for use at the first remote location and initiating providing of configuration information to the first remote location for use with the hardware device, wherein the initiating of the acquisition of the hardware device includes interacting with a computer system of a retailer to cause the hardware device to be provided for use at the first remote location, and wherein use of the hardware device with the provided configuration information at the first remote location initiates establishment ...

Providing Access to Configurable Private Computer Networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms. 130-. (canceled)31. A non-transitory computer-readable medium having stored contents that configure a computing system to:create a private virtual network at a configurable network service for a customer of the configurable network service, the private virtual network including multiple computing nodes associated with a plurality of private network addresses of a remote private computer network;receive configuration information for the private virtual network via a provided programmatic interface, the received configuration information specifying a service that is external to the remote private computer network and external to the private virtual network;configure a local access mechanism within the private virtual network that represents the service by at least assigning a private network address of the remote private computer network to represent the service within the private virtual network; andforward to the service a communication sent to the assigned private network address.32. The non-transitory computer-readable medium of wherein the non-transitory computer- ...

Interfaces To Manage Direct Network Peerings

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. 1. A system , comprising:a data center including a resource collection designated to respond to service requests received from a client;a plurality of endpoint routers linked to the data center by one or more private network paths; anda connectivity coordinator; implement an interface defining connectivity operations available to the client;', 'receive a connectivity request from the client for dedicated connectivity to the resource collection, wherein the connectivity request is formatted in accordance with the interface;', select a target endpoint router of the plurality of endpoint routers, wherein the target endpoint router is configurable to provide a route over a private network path of the one or more private network paths in accordance with the connectivity request;', 'generate a reply comprising configuration instructions for a physical network link to be established to the target endpoint router to provide at least a portion of the dedicated connectivity; and', 'transmit the reply to the client., 'in response to the connectivity request,'}], 'wherein the connectivity coordinator is operable to2. The system as recited in claim 1 , wherein the interface comprises at least one of: an application programming interface (API) claim 1 , a graphical user interface (GUI) claim 1 , or a command-line interface.3. ...

Interfaces To Manage Inter-Region Connectivity For Direct Network Peerings

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link. 1. A system , comprising:a plurality of resource collections of a provider network, including a first resource collection within a first geographical zone of the provider network and a second resource collection within a second geographical zone of the provider network;an endpoint router within the first geographical zone, linking the first resource collection to a client network of a client via a dedicated physical network link; anda connectivity coordinator; implement an interface to receive connectivity requests from the client;', 'receive a connectivity request from the client to establish a logically isolated network path to the second resource collection, wherein the connectivity request is formatted in accordance with the interface; and', 'perform one or more configuration operations to enable traffic to flow from the client network to the second resource collection over a logically isolated network path using the dedicated physical network link., 'wherein the connectivity coordinator is operable to2. The system as recited in claim 1 , wherein the connectivity coordinator is further operable to:in response to the ...

Interfaces to manage service marketplaces accessible via direct network peerings

Methods and apparatus for interfaces to manage service marketplaces accessible via direct network peerings. A system may include a plurality of resource collections and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. A first client may implement a service using one of the resource collections. The coordinator may use the interface to notify a second client that the service implemented by the first client is accessible via a dedicated direct physical link set up on behalf of the second client. In response to a subscription request for the service, the coordinator performs one or more configuration operations to enable a request for the service from the second client to be routed using the second client's dedicated physical link.

PROVIDING ACCESS TO CONFIGURABLE PRIVATE COMPUTER NETWORKS

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms. 130-. (canceled)31. A computer-implemented method comprising:providing, by one or more computing systems of a network service, an interface for use in configuring virtual networks provided by the network service;receiving, by the one or more computing systems and via the provided interface, configuration information from a client of the network service, the received configuration information being for a virtual network and at least specifying one or more virtual network addresses to use for the virtual network;assigning, by the one or more configured computing systems, one or more of the specified virtual network addresses to computing nodes of the network service to use for the virtual network; andproviding, by the one or more computing systems, access for the client to the configured virtual network.32. The computer-implemented method of wherein the received configuration information further specifies information for a VPN (“virtual private network”) connection from the virtual network to a remote computer network of the client claim 31 , and wherein the method ...

PROVIDING ACCESS TO CONFIGURABLE PRIVATE COMPUTER NETWORKS

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms. 130-. (canceled)31. A computer-implemented method comprising:receiving, by one or more computing systems configured to provide a network service, configuration information for a virtual network having multiple computing nodes, the configuration information being received via a programmatic interface of the network service;configuring, by the one or more configured computing systems and based on the received configuration information, a virtual border router to control access of the multiple computing nodes to external nodes that are not part of the virtual network, the configuring of the virtual border router including establishing a private virtual connection between the multiple computing nodes and one or more first external nodes that are part of an indicated remote private computer network; andproviding, by the one or more configured computing systems, emulated functionality of the configured virtual border router to manage communications of the multiple computing nodes in accordance with the received configuration information.32. The computer-implemented method of ...

Providing local secure network access to remote services

Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to include a local access mechanism as part of a provided computer network that is configured to forward communications sent to the access mechanism to a particular remote resource service.

USING VIRTUAL NETWORKING DEVICES TO MANAGE ROUTING INFORMATION

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. 13-. (canceled)4. A computer-implemented method comprising: receiving one or more requests to provide a first virtual computer network for a first client in accordance with specified configuration information, the configuration information indicating one or more specified networking devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network; and', forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified networking devices if the one or more specified networking devices were physically provided;', 'identifying two or more alternative intermediate destinations via which communications directed to one or more indicated final destinations are routed;', 'after the forwarding of the multiple communications, receiving ...

PROVIDING LOGICAL NETWORKING FUNCTIONALITY FOR MANAGED COMPUTER NETWORKS

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 125.-. (canceled)26. A method , comprising: managing, by a communication manager, communications to and from a computing node in a virtual computer network of computing nodes provided for a client,', 'wherein the computing nodes are virtual machine instances hosted on physical hosts in a substrate network,', 'wherein the communication manager is implemented on one of the physical hosts and includes a switch that physically connects to the substrate network, and', storing mapping information that maps a virtual network address of the computing node in the virtual computer network to a substrate network address in the substrate network;', 'receiving a communication for the computing node on the substrate network;', 'identifying substrate network addresses for a sending node and a destination node of the communication from a header of the communication;', 'verifying that the substrate network address of the sending node identified from the header of the communication is mapped to a known virtual ...

Secure data destruction in a distributed environment using key protection mechanisms

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

EMULATING VIRTUAL ROUTER DEVICE FUNCTIONALITY IN VIRTUAL COMPUTER NETWORKS

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network. 127-. (canceled)28. A non-transitory computer-readable storage medium having stored contents that cause one or more computing systems to at least:receive, by the one or more computing systems, information from a client that is for use in configuring a virtual computer network and that specifies interconnections between multiple computing nodes of the virtual computer network, the specified interconnections including a virtual router device of the virtual computer network;provide, by the one or more computing systems, the configured virtual computer network for the client;emulate, by the one or more computing systems, functionality of the virtual router device for the virtual computer network, including obtaining one or more routing communications that are directed to the virtual router device and include network routing information for the virtual computer network; andupdate, by the one or more computing systems and based on the network routing information included in the one ...

Using virtual networking devices to manage network configuration

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid.

USING VIRTUAL NETWORKING DEVICES AND ROUTING INFORMATION TO ASSOCIATE NETWORK ADDRESSES WITH COMPUTING NODES

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information. 132.-. (canceled)33. A method , comprising: receiving Internet Protocol (IP) configuration for a virtual network of virtual machines to be provided for a client, wherein the IP configuration indicates a range of public network addresses to be assigned to the virtual machines of the virtual network;', 'providing the virtual network to the client according to the IP configuration, wherein the virtual network is overlaid on a substrate network of the configurable network service;', 'assigning a public network address of the public network addresses in the range to one of the virtual machines in the virtual network;', 'sending a Border Gateway Protocol (BGP) routing announcement to one or more routers in a client private network external to the configurable network service, wherein the BGP routing announcement indicates that the public network address is associated with the virtual network;', 'receiving a communication from the client private ...

Providing location-specific network access to remote services

Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to automatically include access control information to limit access to particular resources to computing nodes at the location of that provided computer network.

Using virtual networking devices to manage routing cost information

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly.

Secure data destruction in a distributed environment using key protection mechanisms

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

PREVENTING PERSISTENT STORAGE OF CRYPTOGRAPHIC INFORMATION USING SIGNALING

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently. 1. A non-transitory computer-readable storage medium having stored thereon executable instructions that , as a result of being executed by one or more processors of a computer system , cause the computer system to at least:execute a hypervisor that controls interaction between a computer system instances and physical hardware of the system; a first function that causes one or more cryptographic keys maintained by the computer system instances to be unavailable for inclusion in serialization data; and', 'a second function that restores the one or more cryptographic keys to the computer system instances;, 'expose two functions to the computer system instances, the two functions including at leastdetermine that a serialization event is to occur;cause the hypervisor to signal the computer system instance that the serialization event is scheduled to occur by at least calling the first function, prior to the serialization event such that one or more cryptographic keys contained in the computer system instance is made unavailable for inclusion in serialization data; andgenerate serialization data lacking the one or more cryptographic keys as a result of the first function having been called.2. The non-transitory computer-readable storage medium of claim 1 , wherein the instructions that cause the system to generate ...

MANAGING COMMUNICATIONS FOR MODIFIED COMPUTER NETWORKS

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise moving a particular computing node that is part of a virtual network to a new physical network location, or modifying other aspects of how the computing node participates in the virtual network (e.g., changing one or more virtual network addresses used by the computing node). In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 13-. (canceled)4. A computer-implemented method for managing communications for modified computer networks , the method comprising:automatically managing multiple communications sent between multiple computing nodes of a first virtual computer network that is overlaid on a substrate network that interconnects the multiple computing nodes, the multiple communications including one or more outgoing communications that are sent to a first of the computing nodes by one or more other of the computing nodes and that each specify a first virtual network address of the first computing node to indicate a destination of the communication, the managing of each of the one or more communications including modifying the communication to change the first virtual network address in the communication to a distinct second substrate network address that corresponds to a location of the first computing node in the substrate network, and including forwarding the modified communication to the first computing node over the substrate network;after ...

PROVIDING VIRTUAL NETWORKING DEVICE FUNCTIONALITY FOR MANAGED COMPUTER NETWORKS

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network. 127.-. (canceled)28. A method , comprising: [ (a) a Classless Inter-Domain Routing (CIDR) block of Internet Protocol (IP) addresses to use for the virtual computer network, and', '(b) one or more switches in the virtual computer network;, 'receiving configuration information for a virtual computer network hosted by the configurable network service on behalf of a client, the configuration information including, 'configuring the virtual computer network according to the configuration information, wherein the virtual computer network includes a plurality of computing nodes implemented as virtual machines host on physical hosts, the virtual computer network is implemented over a substrate network that includes the physical hosts, and the virtual computer network implements the one or more switches specified by the configuration information; and', 'generating, based at least part on the configuration information, a routing table for the virtual computer network;'}, 'routing ...

MANAGING REPLICATION OF COMPUTING NODES FOR PROVIDED COMPUTER NETWORKS

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. 133.-. (canceled)34. A method , comprising: implementing a first computing node in for a client at a first geographical location, wherein the first computing node is implemented as a first virtual machine hosted a first physical host associated with a first substrate address in a substrate network of physical hosts, and assigned a first virtual address in a virtual computer network overlaid on the substrate network;', 'forwarding state data of the first computing node to a second geographical location, wherein the state data includes a current state of volatile memory of the first computing node and is used to update a consistent copy of a state of the first computing node in the second geographical location; and', 'causing the second computing node to begin actively operating based on the consistent copy of the state of the first computing node, wherein the second computing node is implemented as a second virtual machine hosted a second physical host associated with a ...

Using virtual networking devices and routing information to associate network addresses with computing nodes

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

Interfaces to manage inter-region connectivity for direct network peerings

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.

MANAGING COMMUNICATIONS FOR MODIFIED COMPUTER NETWORKS

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise moving a particular computing node that is part of a virtual network to a new physical network location, or modifying other aspects of how the computing node participates in the virtual network (e.g., changing one or more virtual network addresses used by the computing node). In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 132-. (canceled)33. A computer-implemented method comprising:managing, by one or more configured computing systems, a first communication that specifies a first virtual network address associated with a first computing node of a first virtual computer network, the managing of the first communication being based at least in part on mapping information for the first virtual computer network that associates the first virtual network address with a distinct substrate network address for the first computing node;after the managing of the first communication, determining, by the one or more configured computing systems, to initiate a change to the first computing node that results in a modification of the associated first virtual network address for the first computing node or of the substrate network address for the first computing node; andmanaging, by the one or more configured computing systems and based at least in part on updated mapping information for the first virtual computer network, a second communication sent to the first ...

PROVIDING DEVICES AS A SERVICE

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network. 1. A computer-implemented method , comprising:generating a first request to associate a security module with a first network;causing, based at least in part on information in the first request, a second network to identify a hardware security module of the second network; androuting a second request at the first network to the hardware security module of the second network.2. The computer-implemented method of claim 1 , wherein the first network is an on-premise network associated with a customer of a computing resource service provider implementing the second network.3. The computer-implemented method of claim 1 , wherein the second network claim 1 , as a result of identifying the hardware security module claim 1 , implements a virtual network to associate with the hardware security module.4. The computer-implemented method of claim 3 , further comprising:generating, by a device on the first network, a cryptographic request;submitting the cryptographic request to cause the second network to route, via the virtual network, the cryptographic request to the identified hardware security module; androuting a result of the cryptographic request to the device.5. The computer-implemented method of claim 1 , wherein the information includes a credential associated with the hardware security module.6. The computer-implemented method of claim 1 , further comprising presenting the hardware security module on the first network as a local device of the first network.7. A system claim 1 , comprising: generate a first request to associate a security module ...

MANAGING REPLICATION OF COMPUTING NODES FOR PROVIDED COMPUTER NETWORKS

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. 133-. (canceled)34. A computer-implemented method comprising:providing, by one or more computing systems of a configurable network service and for a client of the configurable network service, a first virtual computer network having a first computing node that has an assigned virtual Internet Protocol (IP) address for the first virtual computer network;maintaining, by the one or more computing systems, a second computing node as a replicated copy of the first computing node, the maintaining including updating the second computing node to reflect changes in state of the first computing node as the first computing node runs;determining, by the one or more computing systems, to replace the first computing node in the first virtual computer network with the second computing node; andupdating, by the one or more computing systems and in response to the determining, mapping information for the first virtual computer network to associate the second computing node with the ...

Interfaces To Manage Direct Network Peerings

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. 1. A system , comprising:a data center including a resource collection designated to respond to service requests received from a client;a plurality of endpoint routers linked to the data center by one or more private network paths; anda connectivity coordinator; implement an interface defining connectivity operations available to the client;', 'receive a connectivity request from the client for dedicated connectivity to the resource collection, wherein the connectivity request is formatted in accordance with the interface;', select a target endpoint router of the plurality of endpoint routers, wherein the target endpoint router is configurable to provide a route over a private network path of the one or more private network paths in accordance with the connectivity request;', 'generate a reply comprising configuration instructions for a physical network link to be established to the target endpoint router to provide at least a portion of the dedicated connectivity; and', 'transmit the reply to the client., 'in response to the connectivity request,'}], 'wherein the connectivity coordinator is operable to2. The system as recited in claim 1 , wherein the interface comprises at least one of: an application programming interface (API) claim 1 , a graphical user interface (GUI) claim 1 , or a command-line interface.3. ...

USING VIRTUAL NETWORKING DEVICES TO MANAGE ROUTING COST INFORMATION

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly. 135-. (canceled)36. A computer-implemented method comprising:providing, by one or more computing systems of a configurable network service, a virtual computer network for a customer of the configurable network service based on configuration information received from the customer, wherein the configuration information indicates that a logical router device of the virtual computer network provides functionality to interconnect computing nodes of the virtual computer network, and wherein the provided functionality of the logical router device is emulated for the virtual computer network;intercepting, by the one or more computing systems, one or more routing communications directed to the logical router device, the one or more routing communications including routing information for the virtual computer network that indicates one or more costs specified by the customer for at least one of multiple alternative ...

PROVIDING DEVICES AS A SERVICE

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network. 1. A computer-implemented method , comprising: receiving, from a customer of a computing resource provider, a request to add a hardware security module to a customer network that is hosted by the computing resource provider and remotely managed by the customer;', 'as a result of receiving the request, selecting a hardware security module from a plurality of available hardware security modules of the computing resource provider;', 'creating, in the customer network, a network interface to another network in communication with the selected hardware security module allocated to the customer; and', 'configuring the network interface and other network such that requests through the customer network addressed to the network interface are provided to the selected hardware security module., 'under the control of one or more computer systems configured with executable instructions,'}2. The computer-implemented method of claim 1 , wherein:the customer network comprises one or more devices having assigned corresponding network addresses defined by the customer; andthe customer network is connected to an on-premise network hosted by the customer by a virtual private network connection.3. The computer-implemented method of claim 1 , wherein the network interface has a network address in a set of network addresses defined by the customer.4. The computer-implemented method of claim 1 , further comprising:receiving, from a device of the customer, a communication addressed to a network address of the interface; andtranslating the network address of the ...

PROVIDING EXTENDIBLE NETWORK CAPABILITIES FOR MANAGED COMPUTER NETWORKS

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 128.-. (canceled)29. A method , comprising:implementing a first computer network of computing nodes at a first geographical location;implementing a second computer network of additional computing nodes at a second geographical location, wherein the second computer network is managed by a network-accessible service accessible via a public network, and the additional computing nodes are implemented as virtual machines hosted on physical hosts of the network-accessible service; and configuring a computing node in the first computer network as a gateway for the first computer network, wherein the gateway is associated with a publicly available network address and configured to (a) forward outgoing communications from the computing nodes to the network-accessible service over the public network and (b) forward incoming communications from the additional computing nodes received via the public network to the computing nodes; and', 'configuring the gateway to encrypt the outgoing communications and decrypt the incoming communications., 'extending the first computer network to ...

Providing virtual networking device functionality for managed computer networks

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

MANAGING REPLICATION OF COMPUTING NODES FOR PROVIDED COMPUTER NETWORKS

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. 133.-. (canceled)34. A method , comprising: receiving a request from a client to provide a first computing node for the client in a first geographical location and a second computing node as a replicated copy of the first computing node in a second geographical location distinct from the first geographical location;', 'providing the first computing node in the first geographic location, wherein the first computing node is implemented as a first virtual machine hosted a first physical host, associated with a first substrate address in a substrate network of physical hosts, and assigned a first virtual address in a virtual computer network overlaid on the substrate network;', 'providing the second computing node in the second geographical location, wherein the second computing node is implemented as a second virtual machine hosted a second physical host and associated with a second substrate address in the substrate network;', determining a destination virtual address of an ...

USING VIRTUAL NETWORKING DEVICES AND ROUTING INFORMATION TO ASSOCIATE NETWORK ADDRESSES WITH COMPUTING NODES

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information. 13-. (canceled)4. A computer-implemented method comprising: receiving one or more requests to provide a first virtual computer network for a first client in accordance with specified configuration information, the configuration information indicating one or more specified networking devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network, the multiple computing nodes each having an associated virtual network address for the first virtual computer network; and', forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified networking devices if the one or more specified networking devices were physically provided, the forwarding of the multiple communications including forwarding to a first of the multiple computing nodes one or more ...

Providing extendible network capabilities for managed computer networks

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

MANAGING REPLICATION OF COMPUTING NODES FOR PROVIDED COMPUTER NETWORKS

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. 133-. (canceled)34. A computer-implemented method comprising:providing, by one or more computing systems of a configurable network service and for a client of the configurable network service, a first virtual computer network having a first computing node that has an assigned virtual Internet Protocol (IP) address for the first virtual computer network;maintaining, by the one or more computing systems, a second computing node as a replicated copy of the first computing node, the maintaining including updating the second computing node to reflect changes in state of the first computing node as the first computing node runs;determining, by the one or more computing systems, to replace the first computing node in the first virtual computer network with the second computing node; andupdating, by the one or more computing systems and in response to the determining, mapping information for the first virtual computer network to associate the second computing node with the ...

Preventing persistent storage of cryptographic information using signaling

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.

PROVIDING LOGICAL NETWORKING FUNCTIONALITY FOR MANAGED COMPUTER NETWORKS

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 125.-. (canceled)26. A method , comprising: managing, by a communication manager, communications to and from a computing node in a virtual computer network of computing nodes provide for a client,', 'wherein the computing nodes are virtual machine instances hosted on physical hosts in a substrate network and', obtaining, from a system manager of the network-accessible service, mapping information that maps a virtual network address of the computing node in the virtual computer network to a substrate network address in the substrate network;', 'receiving an incoming communication for the computing node on the substrate network;', 'identifying substrate network addresses for a sending node and a destination node of the communication from a header of the communication;', 'verifying, via the system manager, that the substrate network address of the sending node is mapped to a known virtual network address in the virtual computer network;', 'retrieving, from the mapping information, the virtual ...

ESTABLISHING SECURE REMOTE ACCESS TO PRIVATE COMPUTER NETWORKS

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation. 142-. (canceled)43. A computer-implemented method comprising:providing, by one or more computing systems that are part of a network service, an interface for use by remote clients of the network service to configure remote access to computer networks provided by the network service for the remote clients;receiving, by the one or more computing systems and from a first client of the network service via the interface, a request to configure a secure connection between a first remote location and a first computer network provided by the network service for the first client; andresponding, by the one or more computing systems, to the received request by providing configuration information that causes one or more devices of the first client at the first remote location to participate in the secure connection for the first computer network.44. The computer-implemented method of further comprising claim 43 , by the one or more computing systems claim 43 , receiving additional information from the first client to configure the secure connection and ...

Establishing secure remote access to private computer networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.

PROVIDING EXTENDIBLE NETWORK CAPABILITIES FOR MANAGED COMPUTER NETWORKS

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 13-. (canceled)4. A computer-implemented method for managing communications for computer networks , the method comprising:receiving configuration information for a first virtual computer network that includes multiple computing nodes each having a virtual network address from a first group of virtual network addresses for the first virtual computer network, the configuration information indicating other additional computing nodes that are not part of the first virtual computer network and that each has a virtual network address from a distinct second group of virtual network addresses, the configuration information further indicating a first of the multiple computing nodes that is associated with the other additional computing nodes; and identifying the destination additional computing node based on the virtual network address included in the communication;', 'identifying that the first computing node is associated with the identified destination additional computing node for the communication;', 'forwarding the communication over the substrate network to a location of ...

USING VIRTUAL NETWORKING DEVICES TO CONNECT MANAGED COMPUTER NETWORKS

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.

Interfaces to manage inter-region connectivity for direct network peerings

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.

PROVIDING LOGICAL NETWORKING FUNCTIONALITY FOR MANAGED COMPUTER NETWORKS

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. 13-. (canceled)4. A computer-implemented method for providing logical networking functionality for computer networks , the method comprising:receiving configuration information for a first virtual computer network that includes multiple computing nodes arranged via a specified network topology, the multiple computing nodes each having a distinct virtual network address for the first virtual computer network, the configuration information indicating one or more specified networking devices that interconnect the multiple computing nodes and that are each associated with one or more of the multiple computing nodes; and identifying the one or more destination computing nodes based on the virtual network address included in the communication; and', forwarding the communication over the substrate network to a location of the destination computing node;', 'modifying the communication to include information corresponding to the communication having been forwarded via the specified network topology ...

Using virtual networking devices to manage routing communications between connected computer networks

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information.

USING VIRTUAL NETWORKING DEVICES AND ROUTING INFORMATION TO ASSOCIATE NETWORK ADDRESSES WITH COMPUTING NODES

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information. 13-. (canceled)4. A computer-implemented method comprising: receiving one or more requests to provide a first virtual computer network for a first client in accordance with specified configuration information, the configuration information indicating one or more specified networking devices of the first virtual computer network that interconnect multiple computing nodes of the first virtual computer network, the multiple computing nodes each having an associated virtual network address for the first virtual computer network; and', forwarding multiple communications between the multiple computing nodes over the substrate network in a manner that emulates functionality that would be provided by the one or more specified networking devices if the one or more specified networking devices were physically provided, the forwarding of the multiple communications including forwarding to a first of the multiple computing nodes one or more ...

PROVIDING DEVICES AS A SERVICE

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network. 1. A computer-implemented method , comprising: receiving, by a computing resource provider, a request identifying a customer account to add a hardware security module to a virtual network of the computing resource service provider;', selecting a hardware security module from a plurality of hardware security modules available to the computing resource provider;', 'configuring the hardware security module to be made available on a customer-defined subset of the virtual network for processing cryptographic requests; and', 'routing cryptographic requests initiated by a customer network associated with the customer account to the hardware security module for processing, via the customer-defined subset of the virtual network., 'in response to the request], 'under the control of one or more computer systems configured with executable instructions,'}2. The computer-implemented method of claim 1 , wherein:the customer network is an on-premise network associated with the customer account; andthe customer-defined subset of the virtual network comprises one or more devices of the computing resource service provider having corresponding network addresses defined by the customer account.3. The computer-implemented method of claim 1 , wherein the customer network is connected to the virtual network via a virtual private network connection.4. The computer-implemented method of claim 1 , further comprising:receiving, by the virtual network from a device on the customer network, a cryptographic request; androuting the cryptographic request to the customer- ...

PROVIDING VIRTUAL NETWORKING DEVICE FUNCTIONALITY FOR MANAGED COMPUTER NETWORKS

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network. 1. A computer-implemented method comprising:under control of one or more computing systems of a configurable network service that provides virtual computer networks to remote customers, and for each of multiple remote customers,receiving configuration information from the customer for a virtual computer network provided for the customer by the configurable network service, the provided virtual computer network including multiple of a plurality of computing nodes provided by the configurable network service, the configuration information being received via a programmatic interface of the configurable network service and indicating network topology information for the provided virtual computer network and indicating multiple network addresses to use for the provided virtual computer network, the indicated network topology information specifying one or more network routers that each are indicated to be connected to one or more of the multiple computing nodes of the provided ...

INTERFACES TO MANAGE DIRECT NETWORK PEERINGS

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. 121.-. (canceled)22. A method comprising:receiving a connectivity request from a client of a provider network for connectivity from a client network of the client to a resource collection of the provider network via a dedicated physical connection between the client network and the provider network; identifying two or more connectivity providers for providing the dedicated physical connection between the client network and the provider network; and', 'generating a response to the connectivity request comprising an identification of the two or more connectivity providers;, 'in response to the connectivity request,'}receiving a selection from the client selecting a particular one of the two or more connectivity providers to provide the dedicated physical connection between the client network and the provider network;transmitting configuration instructions for establishing the dedicated physical connection between the client network and the provider network; andenabling network traffic to flow between the client network and the resource collection of the provider network via the dedicated physical connection between the client network and the provider network.23. The method of claim 22 , wherein the dedicated physical connection comprises a cross-network connection between the client network and the provider network. ...

PROVIDING ACCESS TO CONFIGURABLE PRIVATE COMPUTER NETWORKS

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms. 1. A method for a computing system of a configurable network service to provide access to private computer networks , the method comprising:providing a programmatic interface for the configurable network service to enable remote users to create and configure network extensions to remote private computer networks of the remote users, the configurable network service including a plurality of computing systems that are for use in providing the created network extensions to the remote users; and receiving configuration information that is programmatically provided by the remote user via the provided programmatic interface to create and configure a local private network extension to a remote private computer network of the user, the private network extension being provided by the configurable network service and including a subset of multiple of the plurality of computing systems, the received configuration information including user-specified network topology information for the private network extension and a user-specified subset of multiple network addresses of the ...

INTERFACES TO MANAGE DIRECT NETWORK PEERINGS

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. 1. A system , comprising:a data center including a resource collection designated to respond to service requests received from a client;a plurality of endpoint routers linked to the data center by one or more private network paths; anda connectivity coordinator; implement an interface defining connectivity operations available to the client;', 'receive a connectivity request from the client for dedicated connectivity to the resource collection, wherein the connectivity request is formatted in accordance with the interface;', select a target endpoint router of the plurality of endpoint routers, wherein the target endpoint router is configurable to provide a route over a private network path of the one or more private network paths in accordance with the connectivity request;', 'generate a reply comprising configuration instructions for a physical network link to be established to the target endpoint router to provide at least a portion of the dedicated connectivity; and', 'transmit the reply to the client., 'in response to the connectivity request,'}], 'wherein the connectivity coordinator is operable to2. The system as recited in claim 1 , wherein the interface comprises at least one of: an application programming interface (API) claim 1 , a graphical user interface (GUI) claim 1 , or a command-line interface.3. ...

Location-based mobile advertising

An advertisement service enables advertisers to bid on or select a particular geographic region for public display of an advertisement by a mobile ad platform when the mobile ad platform enters the particular geographic region. For instance, the mobile ad platform provides location information to the advertisement service. Based on the location, the advertisement service provides ad information to the mobile ad platform for display of an advertisement corresponding to the advertiser that has purchased rights to display advertisements on the mobile ad platform in the current geographic region. The publicly displayed advertisement content may change dynamically as the location of the mobile ad platform changes. In some implementations, the advertisement may offer an incentive, such as a coupon, to consumers that see the advertisement. The incentive may be redeemable at the advertiser's business such as by using a mobile device to capture, obtain or redeem the incentive.

Interfaces to manage direct network peerings

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity.

Providing local secure network access to remote services

Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to include a local access mechanism as part of a provided computer network that is configured to forward communications sent to the access mechanism to a particular remote resource service.

Interfaces to manage direct network peerings

Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity.

Providing devices as a service

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.

Providing access to configurable private computer networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

interfaces to manage direct network traffic exchanges

INTERFACES PARA GERENCIAR TROCAS DE TRÁFEGO DE REDE DIRETAS. Métodos e aparelhos para interfaces para gerenciar trocas de tráfego de re-de diretas. Um sistema pode incluir um centro de dados, roteadores de ponto de extremidade e um coordenador de conectividade. O coordenador implementa uma interface de programática que define as operações de conectividade. O coordenador recebe uma solicitação para a conectividade dedicada para os recursos do centro de dados, formatados de acordo com a interface. O coordenador seleciona um roteador de ponto de extremidade de destino no qual se deseja estabelecer um link físico para implementar a conectividade dedicada, e transmite uma resposta, identificando o roteador de ponto de extremidade de destino e incluindo instruções de configuração para configurar um link físico para a conectividade dedicada. INTERFACES TO MANAGE DIRECT NETWORK TRAFFIC EXCHANGES. Methods and apparatus for interfaces to manage direct network traffic exchanges. A system can include a data center, endpoint routers, and a connectivity coordinator. The coordinator implements a programmatic interface that defines connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a destination endpoint router on which to establish a physical link to implement dedicated connectivity, and transmits a response identifying the destination endpoint router and including configuration instructions for configuring a physical link to the dedicated connectivity.

Method and system for product restocking using machine-readable codes

The present disclosure provides a number of systems and associated processes for using machine-readable codes to perform a transaction. Embodiments of the present disclosure provide a system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system. Further, embodiments of the present disclosure provide a system and associated processes for reordering a product provided by a product provider. Moreover, embodiments of the present disclosure provide a system and associated processes for accepting a gift, or gift transaction, associated with a gift card. In addition, embodiments of the present disclosure provide a system and associated processes for performing an Automatic Teller Machine (ATM) transaction using a machine-readable code.

Providing access to configurable private computer networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Preventing persistent storage of cryptographic information using signaling

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.

Providing devices as a service

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.

Using virtual networking devices to connect managed computer networks

Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage data communications between computing nodes of the inter-connected managed computer networks in accordance with client-specified configuration information.

Managing replication of computing nodes for provided computer networks

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

Providing logical networking functionality for managed computer networks

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub- networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

Using virtual networking devices to manage network configuration

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid.

Techniques for accessing logical networks via a programmatic service call

Techniques for accessing logical networks via a programmatic service call

Disclosed are various embodiments for configuring logical networks. A client makes a request, through a service call, for creation of a logical network, including a logical network gateway and accounts for users to access the logical network gateway. In response to the service call, the logical network is created and configured, and a confirmation is provided to the client.

Providing devices as a service

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.

Interfaces to manage direct network peerings

Providing access to configurable private computer networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Unique credentials verification

Systems and methods for receiving a session and establishing authentication credentials associated with a user by verifying the uniqueness of requested authentication credentials among one or more entities by one or more credential verification servers. Once the authentication credentials associated with the user are established, the session may be transferred back.

Managing replication of computing nodes for provided computer networks

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

Providing devices as a service

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.

Exchange or routing information to support virtual computer networks hosted on telecommunications infrastructure network

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

Providing devices as a service

PROVIDING DEVICES AS A SERVICE Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.

Techniques for accessing logical networks via a programmatic service call

Disclosed are various embodiments for configuring logical networks. A client makes a request, through a service call, for creation of a logical network, including a logical network gateway and accounts for users to access the logical network gateway. In response to the service call, the logical network is created and configured, and a confirmation is provided to the client.

Providing devices as a service

Devices, such as hardware security modules, are provided as a service. A customer of a computing resource provider is able to request the addition of a device to a network of the customer hosted by the computing resource provider. The computing resource provider reconfigures a set of computing resources so that the devices of the customer are able to communicate with the device as if the device was in the customer's own network.

Managing communications in a virtual network of virtual machines using telecommunications infrastructure systems

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

Providing local secure network access to remove services

Automatic replacement of computing nodes in a virtual computer network

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

Providing access to configurable private computer networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Exchange of routing information to support virtual computer networks hosted on telecommunications infrastructure network

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

Interfaces to manage inter-region connectivity for direct network peerings

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.

Configuration system for configuring telecomunications infrastructure networks

Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.

Providing access to configurable private computer networks

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Providing access to configurable private computer networks

Providing extendible network capabilities for managed computer networks

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

Providing extendible network capabilities for managed computer networks

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

Providing virtual networking device functionality for managed computer networks

Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

Providing access to configurable private computer networks

Interfaces to manage inter-region connectivity for direct network peerings

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.