I've built a small PaaS on AWS and I'm now looking to implement an authorization system. I have users, apps, and various actions/data within those apps that users can access. I really like the AWS IAM policy format and would prefer to use something similar for my own needs. While I know AWS has Verified Permissions, I'm not a fan of the Cedar language. Is there a way to run a custom policy engine on AWS that could evaluate my own policies?
6 Answers
You might want to check out Cedar, which AWS has open-sourced. It's kind of the foundational engine behind IAM, although it's not exactly the same.
Cerbos could be another option to consider. It uses YAML for authorization control and can help you set things up.
Apart from Cedar, you can check out options like Permit.io, OpenPolicyAgent, or Oso. There are several tools out there to explore!
AWS has a service that could fit your needs called Verified Permissions. It's designed for managing permissions effectively.
If you're leaning towards open source solutions, you should look into Casbin or CASL. They offer flexible options for access control.
I'm currently working on a similar project based on SQL. If you want, I could share our schema or help you adapt it to your project!
Just to clarify, Cedar wasn't the engine behind IAM; rather, it was developed by folks who have a deep understanding of IAM and its evolution.