One of the parts of this new #AWS service is a policy language called "Cedar".
Cedar has the following properties:
Expressive
Cedar is a simple yet expressive language that is purpose-built to support authorization use cases for common authorization models such as RBAC and ABAC.
Performant
Cedar is fast and scalable. The policy structure is designed to be indexed for quick retrieval and to support fast and scalable real-time evaluation, with bounded latency.
Analyzable
Cedar is designed for analysis using Automated Reasoning. This enables analyzer tools capable of optimizing your policies and proving that your security model is what you believe it is.
That last property should come as no surprise. Cedar builds on the pioneering work by #AWS scientists and engineers to apply #AutomatedReasoning techniques to problems like IAM.
AWS is committed to helping you achieve the highest levels of security in the cloud. Using automated reasoning, the application of mathematical logic to help answer critical questions about your infrastructure, AWS is able to detect entire classes of misconfigurations that could potentially expose vulnerable data. We call this provable security, and it provides higher assurance in security of the cloud and in the cloud.
@msw this service genuinely really super neat! Would've been super handy back when I worked at Amazon.
In the page source, i'm seeing a waterford_wasm_bg with a bunch of Rust symbols; any chance of seeing the language itself be open-sourced any time soon?
Matt "msw" Wilson
David Barsky