Home icon

How to build a unified authorization layer for identity providers with Amazon Verified Permissions

Security Blog

This article discusses how to build a unified authorization layer for identity providers using Amazon Verified Permissions and Amazon API Gateway. It provides an architecture and walkthrough for implementing a solution that integrates multiple Amazon Cognito user pools with Amazon Verified Permissions and a Lambda authorizer to control access to APIs based on fine-grained policies.

Specifically, the article covers:

  • The architecture overview for a unified authorization layer using Cognito, Verified Permissions, API Gateway, and Lambda
  • A detailed walkthrough to implement the architecture, including prerequisites, deployment steps, and testing instructions
  • How to use Verified Permissions policies to define access controls for different user groups (e.g., employees vs. customers)
  • Additional information on integrating with CloudTrail for logging and monitoring
  • Conclusion and next steps for exploring Verified Permissions policies and third-party identity providers
Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Related articles

Aug 5
2024
Amazon Verified Permissions improves support for OIDC identity providers
Mar 26
2024
Use Amazon Verified Permissions for fine-grained authorization at scale
Apr 23
2024
Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications
Mar 13
2025
Manage authorization within a containerized workload using Amazon Verified Permissions

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.