Express authorization as declarative, analyzable policy — separate from code. Learn Cedar's language, evaluation, RBAC/ABAC, and verifiable safety.

Welcome to Cedar: Authorization as Policy.

A practical, in-depth guide to Cedar, the open-source policy language and authorization engine. Learn how Cedar separates authorization from application code: the authorization problem (scattered code vs policy-based authZ), the Cedar language (permit/forbid, scope, when/unless conditions), the request and entity model (principal, action, resource, context, plus entities and hierarchies), policy evaluation (combining rules, default deny, forbid guardrails, diagnostics), schema and validation, RBAC and ABAC (and practical ReBAC) unified in one language, safety/analyzability/performance (a constrained, verifiable language), integration (SDKs and Amazon Verified Permissions) and operations, and Cedar in practice.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What Cedar Is
2. Chapter 2 — The Authorization Problem
3. Chapter 3 — The Cedar Language
4. Chapter 4 — The Request and Entity Model
5. Chapter 5 — Policy Evaluation
6. Chapter 6 — Schema and Validation
7. Chapter 7 — RBAC and ABAC with Cedar
8. Chapter 8 — Safety, Analyzability, and Performance
9. Chapter 9 — Integration and Operations
10. Chapter 10 — Cedar in Practice