Posted On: Mar 11, 2024

Amazon Verified Permissions has increased the default quotas for IsAuthorized and IsAuthorizedWithToken API from 30 to 200 transactions per second (TPS). Applications can call these APIs to request an authorization decision. Increasing the default TPS enables customers to continuously authorize user actions, in line with the principals of zero trust.

Amazon Verified Permissions is a permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control. For example, an HR application might call Amazon Verified Permissions (AVP) to determine if Alice is permitted access to Bob’s performance evaluation, given that she is in the HR Managers group. Amazon Verified Permissions evaluates the Cedar policies, and returns an ALLOW or DENY decision. Customers using the IsAuthorized API pass information in a JSON format about the principal, such as role membership and attribute values. Cognito customers can use the IsAuthorizedWithToken API to pass a token containing this information.

This higher default quote is available in all AWS regions supported by Amazon Verified Permissions. Customers requiring more than 200 TPS can request a quota increase. See Requesting a Quota Increase in the Service Quotas User Guide, and if the quota is not yet available in Service Quotas, use the limit increase form.