Interested in cloud offerings specifically available in the China region? Please visit www.amazonaws.cn. Learn about the China region free tier at www.amazonaws.cn/free.
Amazon Verified Permissions is a fully managed authorization service that uses the provably correct Cedar policy language, so you can build more secure applications. With Verified Permissions, developers can build applications faster by externalizing authorization and centralizing policy management. They can also align authorization within the application with Zero Trust principles. Security and audit teams can better analyze and audit who has access to what within applications.
Benefits
Decouple authorization from application logic
Accelerate application development by decoupling authorization from business logic.
Protect your application resources
Protect application resources and manage user access to the principle of least privilege.
Simplify application and resource access audits
Simplify compliance audits at scale using automated analysis to confirm that permissions written in Cedar work as intended.
Continual, realtime authorization decisions
Build applications aligned with Zero Trust principles of continual real-time authorization decisions.
Use cases
Define a fine-grained authorization model
Create policies from templates and enforce those controls in Amazon API Gateway and AWS AppSync.
Grant fine-grained permissions within applications
Administrators can create application-wide policies written in Cedar, and developers can grant user permissions to access data and resources.
Audit permissions across applications
Review Cedar policy model changes and monitor authorization requests using Verified Permissions.
Customer testimonials
TELUS
TELUS Communications is a Canadian national telecommunications company that provides a wide range of telecommunications products and services including internet access, voice, entertainment, video, and security. TELUS is developing a smart living solution that will use the latest advancements in cloud technologies to create automation experiences across connected devices. TELUS is using Amazon Verified Permissions to control permissions to smart home devices such as cameras and door locks. For example, a customer can define permissions that allows their neighbor to turn on/off the outside lights but not unlock the main door.
There's no way we could have written an authorization engine for our home automation use cases and get the authorization engine solid and tested in the time it took us to implement permissions management with Amazon Verified Permissions.
Grosvenor Engineering Group oversees a portfolio of 1.5 billion assets, such as HVAC, fire control, and electrical systems, across 45,000 buildings in Australia and New Zealand. To ensure efficient and secure operations, the company recognized the need for a robust authorization system to manage access to the assets within buildings.
One of the critical requirements was to provide granular access control, allowing technicians to be granted access only to specific buildings or assets within a building. This approach enhances security by limiting access to authorized personnel and assets, mitigating potential risks. They decided to use Amazon Verified Permissions as their authorization system as it raised their security posture, provided flexibility and was scalable.
Using Cedar and Amazon Verified Permissions to solve our use cases helped us achieve high performance and brought the flexibility and scale that pays off in the long run for our application. Our switching costs were low because of the consumption-based pricing model of AVP.
Stedi is a healthcare clearinghouse and Electronic Data Interchange (EDI) platform – they enable healthcare technology businesses and established players to exchange mission-critical transactions, such as healthcare insurance claims, eligibility checks, and more. Stedi uses Amazon API Gateway to protect access to endpoints that process transactions. The API Gateway calls Amazon Verified Permissions to evaluate authorization policies written in Cedar. These policies determine which API endpoints a given user is permitted to access.
Stedi built fine-grained RBAC on a tight timeline using Amazon Verified Permissions. By batching authorization requests and caching decisions, we are able to cost-effectively process up to 700M requests per month with low latencies.
