AWS re:Invent 2023
How to Use Amazon Verified Permissions for Authorization inside Apps Sec241

Title

AWS re:Invent 2023 - How to use Amazon Verified Permissions for authorization inside apps (SEC241)

Summary

  • Amazon Verified Permissions is a product designed to manage permissions within applications, providing fine-grained authorization expressed in CEDAR policies.
  • The product offers a control plane API for policy management and a data plane API for real-time authorization decisions.
  • It was launched in gated preview at re:Invent 2022, with the CEDAR policy language open-sourced shortly before the general launch in June.
  • The service is available in all commercial regions, integrates with AWS CloudTrail, CloudFormation, and Cognito, and recently introduced batch authorization and UX enhancements.
  • Benefits include faster application development, enhanced security, centralized policy administration, simplified compliance audits, and implementation of least privilege.
  • TELUS, a Canadian communication service provider, used Verified Permissions to build a multi-tenant, event-driven platform for smart home solutions, leveraging the product's scalability, availability, and security features.
  • The session included a live demo of an e-commerce application to illustrate optimization techniques for performance, specifically batch authorization and response caching.
  • The presentation concluded with a call to action to try out the product and attend further sessions on CEDAR and Verified Permissions.

Insights

  • Amazon Verified Permissions addresses the challenge of hard-coded authorization logic in applications, which complicates audits and requires code changes for policy updates.
  • The product's design aligns with modern application development practices, emphasizing serverless architectures, statelessness, and event-driven models.
  • The use of CEDAR policies and the open-source policy evaluation engine demonstrates AWS's commitment to transparency and community collaboration.
  • Batch authorization and response caching are key optimization techniques that can significantly reduce latency and infrastructure costs while maintaining fine-grained authorization.
  • The case study of TELUS illustrates the product's real-world applicability, particularly for complex, high-scale, and dynamic environments like smart home platforms.
  • The session's emphasis on developer experience and security suggests that AWS is targeting both efficiency and robustness as key selling points for Verified Permissions.
  • The presentation's focus on practical demonstrations and actionable advice, such as the provided QR code for a public repo, reflects AWS's strategy to encourage hands-on experimentation and adoption of their services.
How to Scale at Speed on Aws While Addressing Security and Compliance Gbl205How to Use Generative Ai to Deliver Self Service Data Products Hyb105