Security Exploration - AWS Verified Permissions

In this video, Abhay Bhargav does a raw exploration of AWS's newest feature - Verified Permissions.

Authorization is a huge problem for applications and building scalable permission-systems and authorization models is a key concern for software development teams everywhere

Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and admins can define policy-based access controls using roles and attributes for more granular, context-aware access control.

With Verified Permissions, developers can build more secure applications faster by externalizing authorization and centralizing policy management. They can also align application access with Zero Trust principles. Security and audit teams can also better analyze and audit who has access to what within applications.

This is the first video in our series of Security Explorations. This is a raw, no-edit video approach of how we learn and figure out topics at AppSecEngineer. This takes you through a journey of learning a very specific concept with a project-oriented mindset.

Enjoy!

00:00 AWS Verified Permissions - Intro
02:36 Handling Verified Permissions Policy Store
04:56 Let's start our project
07:00 Understanding Resources in Verified Permissions
08:13 Setting up a User Pool in Cognito
10:09 Defining AuthZ requirements for our Application
15:23 Exploring the Verified Permissions SDK with Python's Boto3
16:35 Testing our policy
21:00 Policy Templates
30:35 Testing Policy with the user's ID Token with Cognito
47:00 Understanding User Definition in Policy
59:47 Finally figured out the solution