Amazon has released Verified Permissions, a fine-grained permissions management and authorization service for developers to use in applications at any scale. Amazon Verified Permissions was announced in a preview version at re:Invent 2022. It centralizes permissions in a policy store and helps developers use those permissions to authorize user actions within their applications.

Amazon says that Verified Permissions lets developers build more secure applications faster by externalizing authorization and centralizing policy management. It also means developers can "align application access with Zero Trust principles", and it provides a way for security and audit teams to analyze and audit who has access to what within applications.

To define fine-grained permissions, Amazon Verified Permissions uses Cedar, an open-source policy language and software development kit (SDK) for access control.

Cedar is described on GitHub as an open source policy language and evaluation engine. Cedar lets developers express fine-grained permissions as easy-to-understand policies enforced in their applications, and decouples access control from application logic. Cedar supports common authorization models such as role-based access control and attribute-based access control. The developers say it is the first policy language built from the ground up to be verified formally by using automated reasoning, and tested rigorously using differential random testing.

The use of Cedar in Amazon Verified Permissions means you can define a schema for your authorization model in terms of principal types, resource types, and valid actions.When a policy is created, it is validated against your authorization model. Templates can be used to simplify the creation of similar policies, and any changes to the policy store are audited so that you can see of who made the changes and when.

You can then connect your applications to Amazon Verified Permissions through AWS SDKs to authorize access requests. For each authorization request, the relevant policies are retrieved and evaluated to determine whether the action is permitted or not,  and developers can test that permissions work as intended by reproducing test authorization requests.

More Information

AWS Verified Permissions

Cedar On GitHub

Related Articles

Amazon Open Sources Python Library for AWS Glue

Amazon Announces AWS Visual Embedding

Amazon Launches AWS Workflow Studio

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info