Performant, Fine Grained Authorization at scale powered by Amazon DynamoDB
Database Blog
This article discusses how Okta uses Amazon DynamoDB to build a highly scalable and performant Fine Grained Authorization (FGA) service for fine-grained access control at any scale. FGA is a multi-Region SaaS offering based on relationship-based access control (ReBAC) that allows apps to add flexible authorization policies.
Specifically, the article covers:
- An overview of Okta FGA and its requirements for high availability, scalability, multi-Region replication, low latency, and fully managed infrastructure
- The FGA architecture using Application Load Balancers, AWS Fargate, and DynamoDB global tables for active-active multi-Region deployment
- FGA query patterns and the DynamoDB single-table design to optimize for high throughput and low latency queries
- Benchmark results showing FGA's ability to serve over 1 million authorization requests per second with sub-20ms p95 latency
- Lessons learned around connection management, pre-warming tables, and accounting for GSI costs
- Conclusion highlighting DynamoDB's scalability, availability, and ease of use for the FGA use case
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Mar 26
2024
2024
Use Amazon Verified Permissions for fine-grained authorization at scale
May 21
2024
2024
Enable fine-grained access control and observability for API operations in Amazon DynamoDB
Feb 12
2025
2025
Unlock the power of fine-grained access control with Amazon Verified Permissions
Sep 3
2024
2024
Amazon DynamoDB announces support for Attribute-Based Access Control
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.