Posted On: Jun 13, 2023

Today, AWS is announcing the general availability of Amazon Verified Permissions, service for fine-grained authorization and permissions management for applications that you build. Verified Permissions uses Cedar, an open-source language for access control, allowing you to define permissions as easy-to-understand policies. Use Verified Permissions to support role - and attribute-based access control in your applications.

Verified Permissions is designed for high availability and scalability as it continually evaluates authorization decisions. Use Verified Permissions to decouple permissions from your application logic, and build more secure applications faster with centralized policy stores, reusable policy templates, and policy testing. You can manage application permissions and control access in your application using your existing identity provider that manages users and groups. You now have an integrated authentication and authorization solution for applications that use Amazon Cognito. You can validate policies based on the attributes in Amazon Cognito and authorize requests using Amazon Cognito tokens.

With Verified Permissions, you can deliver secure delegated authorization to application resources and implement continual identity-based authorization in applications, a core principle of Zero Trust architecture. An integration with AWS CloudTrail records all access requests, helping security and audit teams better assess and audit who has accessed what in applications.

Verified Permissions is now available in all commercial AWS Regions, excluding those based in China. 

To get started, see the following list of Verified Permissions resources: