Skip to content

Latest commit

 

History

History
232 lines (159 loc) · 32.5 KB

File metadata and controls

232 lines (159 loc) · 32.5 KB

Awesome Amazon Verified Permissions And Cedar

Welcome to the awesome-amazon-verified-permissions-and-cedar repository, the central hub for learning, using, and mastering Amazon Verified Permissions (AVP) and Cedar. This repository serves as a collective resource for developers, architects, and anyone interested in permissions management across AWS resources.

Repository Goals

This repository aims to centralize:

  • AWS CloudFormation templates for AVP setup.
  • Terraform modules for AVP configuration.
  • Informative blog articles on AVP/Cedar.
  • Scenarios for hands-on implementation.
  • And a growing list of additional relevant resources.

To start, take a moment to peruse the AVP User Guide and familiarize yourself with the principal concepts and capabilities of AVP.

Repository Organization

The repository is organized into specific sections for ease of navigation:

  • cloudformation/: AWS CloudFormation templates for AVP. Read readme over there.
  • terraform/: Terraform examples for AVP. Read readme over there.

Official Resources

AVP

For those new to Amazon Verified Permissions, consult the official resources below:

Starting Points

If you're just beginning with Amazon Verified Permissions, these resources will provide the foundational knowledge and steps to get started quickly.

Link Description
What is AVP? Overview and core concepts of Amazon Verified Permissions (User Guide).
Getting Started with AVP Detailed instructions for setting up AVP and creating policies.
AVP and AWS CloudFormation How to manage AVP resources using AWS CloudFormation.
API Reference Guide Amazon Verified Permissions API Reference Guide.
AVP Cost Calculator Tool for estimating the cost of using Amazon Verified Permissions.

These resources are ideal for newcomers to understand, set up, and effectively manage permissions through AVP, as well as to estimate the associated costs.

...

SDKs and CLI

Developers can utilize various language-specific SDKs or the AWS CLI to programmatically interact with Amazon Verified Permissions.

SDK / CLI Description
AWS SDK for Ruby Official AWS SDK for Ruby offering access to Amazon Verified Permissions services.
AWS SDK for .Net Official AWS SDK for .Net enabling .NET developers to work with Amazon Verified Permissions.
AWS SDK for Java Amazon Verified Permissions client library for Java applications.
AWS SDK for JavaScript JavaScript SDK for interacting with Amazon Verified Permissions in browser scripts and Node.js applications.
AWS SDK for Rust Use this Rust SDK to manage Amazon Verified Permissions within Rust applications.
AWS SDK for Python (Boto3) Boto3 package allows Python developers to write software that makes use of Amazon Verified Permissions.
AWS SDK for C++ Amazon Verified Permissions client library for C++ applications.
AWS SDK for PHP PHP SDK for Amazon Verified Permissions allows PHP developers to manage permissions and use AVP services in their applications.
AWS CLI for Verified Permissions AWS CLI command reference for Amazon Verified Permissions provides direct access from the terminal.

...

Blogposts

Link Description
Authorize API Gateway APIs using Amazon Verified Permissions and Amazon Cognito Learn how to secure API Gateway APIs using Amazon Verified Permissions and Amazon Cognito for fine-grained access control.
Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications Learn about creating and managing fine-grained permissions using Verified Permissions for different user personas for your smart thermostat IoT device.
Use Amazon Verified Permissions for fine-grained authorization at scale Learn how you use AVP at scale with batch authorization and decision caching.
SaaS access control using Amazon Verified Permissions with a per-tenant policy store Learn how you can use Amazon Verified Permissions for access control in a multi-tenant document management SaaS application using a per-tenant policy store approach.
How to build a unified authorization layer for identity providers with Amazon Verified Permissions Learn how to build a unified authorization layer for identity providers with Amazon Verified Permissions.
Manage Roles and Entitlements with PBAC Using Amazon Verified Permissions Learn how to manage roles and entitlements policy-based access control (PBAC) with Amazon Verified Permissions.
Custom Authorization Policy Provider for ASP.NET Core with AVP Implement custom authorization in ASP.NET Core applications using Amazon Verified Permissions.
Policy-Based Access Control in Application Development with AVP An exploration of policy-based access control during application development leveraging Amazon Verified Permissions.
Fine-Grained Authorization with Strata and Amazon Verified Permissions A guide to implementing fine-grained authorization in legacy applications using Strata identity orchestration.
Controlling Access to Amazon API Gateway with CyberArk and AVP See how to control access to Amazon API Gateway using CyberArk Identity coupled with Amazon Verified Permissions.
Risk-Based Fine-Grained Authorization with Transmit Security Learn about integrating risk-based fine-grained authorization with Transmit Security's platform and Amazon Verified Permissions.
Authorization Simplification with AVP and Amazon Cognito Simplify fine-grained authorization in your applications with the integration of Amazon Verified Permissions and Amazon Cognito.
Amazon Verified Permissions – General Availability Announcement Announcement about Amazon Verified Permissions general availability, demonstrating how it simplifies application authorization management.

...

Workshop

Link Description
Verified Permissions in Action Workshop An official workshop to get practical experience using AVP.
Amazon Verified Permissions Quick Start workshop An official workshop to get practical experience using Quick Start AVP.

...

Projects

Link Description
avp-petstore-sample-v2 This application uses Amazon Cognito for authentication and uses Amazon Verified Permissions for policy-based authorization, the application uses Amplify platform to accelerate deployment and provisioning of backend resources.
Bookstore Demo Application with Authorization It contains a sample application that demonstrates how you could add authorization layer using Amazon Verified Permissions and Cedar policy language. The backend as a serverless application, written in Python and exposed as a REST API, making use of Amazon API Gateway, AWS Lambda, and Amazon Cognito. The frontend is a Vue.js application using the AWS Amplify SDK for authentication and communication with the provided API.
amazon-verifiedpermissions-cache-sample Amazon Verified Permissions Cache sample caches auhthz responses to reduce response time and cost of invoking AVP API.

...

Videos

If you're just beginning with Amazon Verified Permissions, these resources will provide the foundational knowledge and steps to get started quickly.

Verified Permissions Video Primer

In response to the swift adoption of Amazon Verified Permissions and Cedar, AWS has created a video primer series to assist customers in developing their Application Policy Model, creating a Cedar schema, and writing and testing policies. This series is an invaluable resource for those starting with Amazon Verified Permissions.

Title Description Link
Verified Permissions Video Primer #1 (Create an Application Policy Model) A guide to creating an Application Policy Model for use with Amazon Verified Permissions. Watch Here
Verified Permissions Video Primer #2 (Create an Application Schema) Instructions on how to develop a schema for your application that integrates with Amazon Verified Permissions. Watch Here
Verified Permissions Video Primer #3 (Create and Test Policies for your Application) Step-by-step guidance on writing and testing policies for your application using Amazon Verified Permissions. Watch Here

Videos

Link Description
AWS re:Invent 2022 - [NEW] Use policies to manage permissions w/Amazon Verified Permissions (SEC335) Join us in this session to learn how policy-based permissions can be applied to your applications using Amazon Verified Permissions, and discover how this fits into the end-to-end journey of application authentication, authorization, and fine-grained access control.
AWS re:Inforce 2023 - Fine-grained authorization for apps with Amazon Verified Permissions (IAM308) Learn how to scope a permissions model based on principals, actions, resources, and context, and how to define attribute- and role-based policies using the Cedar language. The session also covers integration models with identity providers and services such as Amazon API Gateway.
AWS re:Invent 2023 - How to use Amazon Verified Permissions for authorization inside apps (SEC241) Join this session to learn about new features for Verified Permissions that further simplify schema editing and policy analysis. Also explore how these features help developers batch authorize actions and resources simultaneously, further reducing latency and making it more cost-effective for AWS users to externalize their authorization.
AWS On Air ft. Amazon Verified Permissions AWS On Air ft. Amazon Verified Permissions.

...

Podcasts

Link Description
Episode 105 – AWS Identity with Kevin Shanley and Victor Moreno Spotify Join Brooke and Dave in this exciting episode of our podcast as we delve into the intricate world of cloud security and access control with AWS. We're thrilled to have two distinguished guests from AWS - Victor Moreno, Sr. Software Engineer, and Kevin Shanley, Principle for Identity - who are here to unravel the complexities of authorization and identity management in the AWS cloud.
Episode 105 – AWS Identity with Kevin Shanley and Victor Moreno Apple Join Brooke and Dave in this exciting episode of our podcast as we delve into the intricate world of cloud security and access control with AWS. We're thrilled to have two distinguished guests from AWS - Victor Moreno, Sr. Software Engineer, and Kevin Shanley, Principle for Identity - who are here to unravel the complexities of authorization and identity management in the AWS cloud.

...

CDK

Cloud Development Kit for AVP:

Link Description
Amazon Verified Permissions Typescript L2 CDK Construct Amazon Verified Permissions L2 CDK Construct written in Typescript. Constructs have been published on ConstructHub

|

Cedar

Cedar is the policy language used within AVP for crafting fine-grained, attribute-based access control policies. Find official documentation, in-depth tutorials, and other resources to help you become proficient with Cedar.

Blogposts

Link Description
Cedar Language Official Documentation Comprehensive documentation covering the specifics of Cedar language specifications.
Cedar Official Tutorial Interactive tutorial providing a hands-on approach to learning Cedar.
Cedar Playground An online tool to write and test Cedar policies in an interactive environment.
Writing and Enforcing Custom Authorization Policies with Cedar AWS blog post discussing how to use open-source Cedar to create custom authorization policies.
Cedar SDK Tutorial Detailed guide on how to write Cedar policies using the official SDK.
Cedar SDK Tutorial - Extended Version A more extensive tutorial demonstrating the use of the Cedar SDK with a sample application.
Cedar Official GitHub Repository The official GitHub organization for Cedar, containing libraries, examples, and tools.
Cedar Community Slack Join the Slack community to discuss Cedar, get help, and collaborate with others.
Crates for Using Cedar Locally AWS blog post about the tools available for managing Cedar policies locally.
Automating Cedar Policy Validation Learn how to automate the validation of your Cedar policies using AWS Developer Tools.
Design Philosophy of Cedar Insight into the design principles that make Cedar intuitive, fast, and secure.
Cedar security information about security as it relates to the Cedar policy language

...

Videos

If you're just beginning with Cedar, these resources will provide the foundational knowledge and steps to get started quickly.

Link Description
Lean Together 2024: Emina Torlak, Cedar Join session about Cedar; a new language for expressive, fast, safe, and analyzable authorization.

...

Community Resources

Below is a list of resources created by the Community.

AVP

Blogposts

Link Description
Series of blog posts from Daniel on dev.to about AVP Multiple blogposts about AVP/Cedar. Full of explanations, tutorials, examples, blueprints.
Fine-grained Authorization in OutSystems with Amazon Verified Permissions An article on integrating fine-grained authorization into OutSystems applications using Amazon Verified Permissions.

...

Tools/Projects

Link Description
AVP-CLI Tool for easing out the start with Amazon Verified Permissions (and Cedar)

Supports all actions available in Amazon Verified Permissions Predefined blueprints with tests for different authorization scenarios that can be deployed to AWS

...

Videos

If you're just beginning with Amazon Verified Permissions, these resources will provide the foundational knowledge and steps to get started quickly.

Link Description
AWS re:Invent 2023 - Build verifiable and effective application authorization in 40 minutes (BOA209)) Learn how, with the help of Cedar and Amazon Verified Permissions, to add those capabilities to a nontrivial web application in 40 minutes, including some ABAC and RBAC examples.

...

Cedar

Link Description
cedar-agent Cedar-agent is the easiest way to deploy and run Cedar.

...

Contributing

Contributions are what make the open-source community an amazing place to learn, inspire, and create. Any contributions you make to the awesome-amazon-verified-permissions-and-cedar repository are greatly appreciated.

If you have a suggestion that would make this repository better, have additional resources to share, or want to contribute your own insights or materials, please don't hesitate to:

  • Create pull request.
  • Or raise an issue. Also if something is missing and you would like to see some kind of tutorial.
  • You can also ping me on Linkedin for direct communication.