Posted On: Apr 5, 2024
AWS has launched a feature for HAQM Cognito customers to reduce the time spent securing HAQM API Gateway APIs with fine-grained access control, from weeks to days. The feature leverages HAQM Verified Permissions to manage and evaluate granular security policies that reference user attributes and groups. With a few clicks, you can enforce that only users in authorized HAQM Cognito groups have access to the application’s APIs. For example, say you are building a loan processing application, you can secure your application by restricting access to the “approve_loan” API to users in the “loan_officers” group. You can implement more fine-grained authorization, without making any code changes, by updating the underlying Cedar policy, so that only “loan_officers” above “Director” level can approve loans.
HAQM Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Today, we launched a feature that streamlines implementing fine-grained authorization by combining HAQM Cognito, HAQM Verified Permissions, and HAQM API Gateway. It automatically generates an authorization model based on your APIs and policies that allows only authorized HAQM Cognito groups access to your APIs. Additionally, it deploys an AWS Lambda authorizer which you attach to the APIs you want to secure. Once the authorizer is attached, all API requests are authorized by Verified Permissions.
To get started, visit the Verified Permissions console, and create a policy store by selecting “Setup with API Gateway and Cognito”. Learn more by watching a quick overview and demo video. For more information visit Verified Permissions product page.