What is Amazon Verified Permissions?
Amazon Verified Permissions is a managed authorization service that enables developers to integrate fine-grained access controls directly into their applications. Instead of scattering authorization logic throughout application code, access rules are defined and managed centrally as Cedar policies.
The service cleanly separates authorization logic from application code. Policies can be updated independently of deployments, and security teams can review access rules without knowing the source code.
Core Features
- Cedar Policy Language: Declarative, analyzable policy language specifically designed for authorization
- Policy Store: Central management of all authorization rules as versioned policies
- Schema Validation: Automatic validation of policies against a defined data model
- Cognito Integration: Native integration with Amazon Cognito for identity-based authorization
- Batch Authorization: Multiple authorization decisions in a single API call
Typical Use Cases
Multi-Tenant SaaS: SaaS applications define access rules per tenant, role, and resource. Cedar policies enable complex rules like “managers can view their team’s reports but not edit them.”
Healthcare Applications: Fine-grained access controls ensure medical staff can only access patient data relevant to their treatment.
Financial Applications: Transaction limits, four-eyes principle, and role-based access are implemented as auditable policies rather than hard-coded logic.
Benefits
- Clean separation of authorization and application logic
- Auditable and analyzable access rules
- Low latency under 10 milliseconds per decision
- Central policy management across multiple applications
Integration with innFactory
As an AWS Reseller, innFactory supports you with Amazon Verified Permissions: authorization architecture design, Cedar policy development, integration into existing applications, and migration from existing RBAC/ABAC systems.
Typical Use Cases
Frequently Asked Questions
What is Amazon Verified Permissions?
Amazon Verified Permissions is a managed authorization service that lets developers implement fine-grained access controls in applications. Policies are written in the Cedar policy language and managed centrally.
What is the Cedar policy language?
Cedar is a policy language developed by AWS specifically designed for authorization decisions. It is declarative, analyzable, and enables both simple and complex access rules with high performance.
How does authorization work?
Applications send authorization requests with principal, action, and resource to Verified Permissions. The service evaluates all relevant policies and returns an allow or deny decision, typically in under 10 milliseconds.