Amazon Verified Permissions

Fully managed Cedar service for fine grained authorization

Introduction to Verified Permissions

Amazon Verified Permissions is a fully managed authorization service that uses the provably correct Cedar policy language, so you can build more secure applications. With Verified Permissions, developers can build applications faster by externalizing authorization and centralizing policy management. They can also align authorization within the application with Zero Trust principles. Security and audit teams can better analyze and audit who has access to what within applications.

Benefits

Accelerate application development by decoupling authorization from business logic.
Protect application resources and manage user access to the principle of least privilege.

Simplify compliance audits at scale using automated analysis to confirm that permissions written in Cedar work as intended.

Build applications aligned with Zero Trust principles of continual real-time authorization decisions.

How it works

Amazon Verified Permissions is a fully managed, Cedar compatible permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive, performant and analyzable open-source policy language, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control.

Diagram shows how Amazon Verified Permissions provides fine-grained authorization and permissions management for your custom applications.

Use cases

Create policies from templates and enforce those controls in Amazon API Gateway and AWS AppSync.

Administrators can create application-wide policies written in Cedar, and developers can grant user permissions to access data and resources.

Review Cedar policy model changes and monitor authorization requests using Verified Permissions.


Explore more of AWS