Posted On: May 10, 2023

Today, AWS open-sourced the Cedar policy language and authorization engine. You can use Cedar to express fine-grained permissions as easy-to-understand policies enforced in your applications, and you can decouple access control from your application logic. Cedar supports common authorization models such as role-based access control and attribute-based access control. It follows a new verification-guided development process to give you high assurance of Cedar’s correctness and security: AWS formally models Cedar's authorization engine and other tools, proves safety and correctness properties about them using automated reasoning, and rigorously tests that the model matches the Rust implementation.

Amazon Verified Permissions uses Cedar to allow you to manage fine-grained permissions in your custom applications. With Amazon Verified Permissions, you can store Cedar policies centrally, have low latency with millisecond processing, and audit permissions across different applications. And now with the Cedar open-source libraries, you can test and validate Cedar policies on a local computer before deploying them with Amazon Verified Permissions. You can also adapt these open-source libraries for your requirements and implement use cases such as running applications that are disconnected from the network.

Cedar is open-sourced under the Apache License 2.0 and includes the Cedar language specification and software development kit (SDK). The SDK provides libraries for authoring and validating policies, and authorizing access requests. We invite you to contribute to Cedar in the cedar-policy GitHub repository and join the Cedar Policy Slack Workspace. To learn more about Cedar, see the AWS Science Blog post and the Open Source Blog post..