Cedar is an open source policy language and evaluation engine. Cedar enables developers to express fine-grained permissions as easy-to-understand policies enforced in their applications, and decouple access control from application logic. Cedar supports common authorization models such as role-based access control and attribute-based access control. It is the first policy language built from the ground up to be verified formally by using automated reasoning, and tested rigorously using differential random testing.
- Project Website
- Documentation
- Need help? Try Slack
- cedar
Cedar SDK including the authorization engine, validator, policy formatter, and CLI - cedar-docs
Houses documentation for all cedar projects - cedar-examples
Example applications using the Cedar language and SDK - cedar-spec
Formal Lean specification for the Cedar language as well as the differential testing/property-based testing framework - cedar-local-agent
Configurable cache for Cedar policies and entities - cedar-go
Cedar Go implementation - cedar-java
Java language bindings for Cedar - cedar-awesome
Curated list of awesome Cedar related tools and articles. - rfcs
Request For Comments (RFC) for Cedar - vscode-cedar
Cedar policy language extension for Visual Studio Code - cedar-integration-tests
Cedar integration tests - highlightjs-cedar
highlight.js support for Cedar policy language - prism-cedar
Prism support for Cedar policy language
This project has adopted the Amazon Open Source Code of Conduct. For more information see the Code of Conduct FAQ, or contact opensource-codeofconduct@amazon.com with any additional questions or comments.
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
This project is licensed under the Apache v2.0 License.
See NOTICE for details.
Cedar is a trademark of Amazon Web Services. If publishing software using Cedar, you are not required to attribute. However, if you’d like to, we encourage you to use the language below.
Do: | Don't: |
---|---|
✅ Powered by Cedar | ❌ Cedar 2.0 |
✅ Created with Cedar | ❌ Created by Cedar |
✅ Using Cedar | ❌ Software created by Cedar |