Amazon Verified Permissions is a scalable, fine-grained permissions management and authorization service for custom applications. The service centralizes fine-grained permissions in custom applications and helps developers authorize user actions within applications. With Amazon Verified Permissions, authorization requests are evaluated in milliseconds, providing real-time decisions. The service shortens development cycles by months and provides a consistent mechanism for fine-grained authorization. It also offers integrated auditing to support your stringent compliance and regulatory requirements.
Policy store management
Create and manage a policy store within an account. A policy store can contain policies for one or more applications.
Authorization model definition
Define your authorization model in terms of principal types, resource types, and valid actions. Define templates that can be used to create policies.
Create and manage fine-grained permissions within your policy store. Administrators can create policies through the AWS Management Console, or application developers can use APIs. Policies are validated against your authorization model at the time of creation.
Connect your application to the service through the API to authorize user access requests. For each authorization request, the service will retrieve the relevant policies. It will evaluate those policies to determine whether a user is permitted to act on a resource based on context from a policy enforcement point.