Generally described, computing devices utilize a communication network, or a series of communication networks, to exchange data. Companies and organizations operate computer networks that interconnect a number of computing devices to support operations or provide services to third parties. The computing systems can be located in a single geographic location or located in multiple, distinct geographic locations (e.g., interconnected via private or public communication networks). Specifically, data centers or data processing centers, herein generally referred to as a “data center,” may include a number of interconnected computing systems to provide computing resources to users of the data center. The data centers may be private data centers operated on behalf of an organization or public data centers operated on behalf, or for the benefit of, the general public.
To facilitate increased utilization of data center resources, virtualization technologies may allow a single physical computing device to host one or more instances of virtual machines that appear and operate as independent computing devices to users of a data center. With virtualization, a single physical computing device can create, maintain, delete, or otherwise manage virtual machines in a dynamic matter. In the simplest embodiment, users can request single computing device computer resources from a data center. In more complex embodiments, users, such as system administrators, can request the configuration of virtual machine instances corresponding to a desired set of networked computing devices. In such embodiments, the data center can implement varying number of virtual machine instances to implement the functionality and configuration of the requested physical computing device network, generally referred to as a virtual machine network.
For virtual machine network embodiments, users often want to utilize various services, components (such as network-based appliances), or other functionality in accordance with at least aspects of the implementation of a hosted virtual machine network. In one aspect, users are required to configure various information about a hosted network, such as address space information, domain name service (DNS) zones information, resilient packet transport (RPT) information, and the like, in order for the desired functionality to be implemented in the hosted virtual machine network. Additionally, in another aspect, users are also required to delegate access to, or otherwise grant access, to at least a portion of the hosted virtual machine network to the entity providing desired functionality. As such, the virtual machine network service provider would prefer for users to be aware of the type permissions or authorizations that are delegated in conjunction with the utilization of requested functionality. Current approaches to the management of configuration information and delegated permission information are ad hoc in nature.