What It Does
Cedar is a declarative authorization policy language created by Amazon and open-sourced under Apache 2.0. It lets you express fine-grained access control rules as human-readable permit/forbid statements evaluated against a principal-action-resource model. Amazon uses it internally to power AWS Verified Permissions and Amazon Verified Access. It has formal verification — policies can be mathematically proven to behave as intended.
Leash by StrongDM adopted Cedar as its policy substrate for AI agent governance, transpiling Cedar policies into eBPF rules, HTTP proxy configs, and MCP observer rules — demonstrating Cedar’s versatility beyond traditional IAM.
Key Features
- Declarative permit/forbid model: Policies are human-readable statements with
whenconditions; forbid always wins over permit (deny-by-default) - Principal-Action-Resource structure: Maps naturally to authorization questions — “Can this entity do this action on this resource?”
- Formal verification: Cedar includes tools to mathematically prove policy properties (e.g., “no policy permits admin deletion by non-admins”)
- Entity-based evaluation: Policies reference typed entities with hierarchical relationships (groups, roles, resource trees)
- Condition expressions: Rich
whenclause with attribute access, set operations, and hierarchicalinchecks - Multiple language SDKs: Rust (reference), Java, Go, TypeScript, Python, Wasm
- Fast evaluation: Sub-millisecond policy evaluation; designed for inline authorization in hot paths
- Schema validation: Optional schema enforcement ensures policies reference valid entity types and attributes
Use Cases
- Application authorization: Replace scattered if/else permission checks with centralized, auditable Cedar policies
- AI agent governance: Define what agents can access at file, network, process, and tool levels (as in Leash)
- Multi-tenant SaaS: Tenant isolation policies expressed declaratively and verifiable via formal analysis
- AWS Verified Permissions: Native integration for applications built on AWS
- Policy-as-code pipelines: Cedar files version-controlled alongside application code, reviewed in PRs, tested in CI
Adoption Level Analysis
Small teams (<20 engineers): Usually overkill. Simple role-based checks in application code suffice unless you have complex multi-tenant authorization requirements.
Medium orgs (20-200 engineers): Good fit when authorization logic has grown beyond what’s manageable in application code. Centralizing policies in Cedar makes them auditable and testable.
Enterprise (200+ engineers): Strong fit. Formal verification, centralized policy management, and AWS-native integration align with enterprise compliance and governance requirements.
Alternatives
| Alternative | Key Difference | Prefer when… |
|---|---|---|
| Open Policy Agent (OPA/Rego) | General-purpose policy engine; Rego is more powerful but harder to learn | You need policies beyond authorization (admission control, data filtering, compliance) |
| Casbin | Library-based, multiple model support (RBAC, ABAC, ACL) | You want a lightweight embedded library, not a standalone policy language |
| Cerbos | API-first policy engine, YAML-based policies | You want simpler policy syntax and a managed SaaS option |
Evidence & Sources
- Cedar GitHub — 4k+ stars, Apache 2.0
- Cedar official site
- AWS Verified Permissions — production Cedar usage
- Leash by StrongDM — Cedar as agent governance substrate
Notes & Caveats
- Amazon-controlled: While open-source (Apache 2.0), development is primarily driven by Amazon. Community contributions exist but governance is Amazon-led.
- Younger than OPA: Cedar (open-sourced 2023) has less ecosystem maturity than OPA (2016). Fewer integrations, fewer community policies, less tooling.
- Authorization-specific: Unlike OPA which handles arbitrary policy decisions, Cedar is purpose-built for authorization. This is a strength (simpler, verifiable) and a limitation (can’t do admission control, data filtering, etc.).
- AWS gravity: Strongest integration story is with AWS services. Non-AWS usage is viable but has less vendor support.