Authorization Briefing — Amazon Verified Permissions General Availability
AWS launched Amazon Verified Permissions GA on June 13, 2023, offering a managed Cedar policy store so applications can centralize fine-grained authorization decisions with auditing and simulation tooling.
Executive briefing: AWS announced Amazon Verified Permissions reached general availability on . The service externalizes authorization logic using the Cedar policy language and exposes APIs to evaluate requests consistently across microservices.
Key features
- Cedar policy engine. Developers write human-readable policies with role, attribute, and relationship semantics validated at compile time.
- Managed authorization store. AWS hosts policy and identity data, providing versioning, evaluation APIs, and decision logs.
- Simulation and auditing. Built-in simulation tools and CloudTrail integration support safe policy changes and compliance reporting.
Implementation guidance
- Model design. Define schema definitions for resources, actions, and context attributes before migrating application checks.
- Integration patterns. Use the evaluation API or SDKs within API gateways, Lambda authorizers, and custom services to enforce decisions.
- Governance. Establish policy review workflows and CI/CD gates to lint Cedar code and validate simulations before deployment.
Enablement moves
- Train platform teams on Cedar semantics and common policy patterns like ABAC and relationship-based access control.
- Migrate legacy authorization logic incrementally, starting with centralized services or partner integrations.
- Instrument CloudWatch metrics and logs to monitor decision latency and denied requests.