ステータスなどに基づき評価 • すべてのアクセスをログに記録可能 • S3/CloudWatch/Kinesis Firehose • Policy は Cedar で記述 • AWS が開発したポリシー言語 • Amazon Verified Permissions でも Cedar を採用 How Works 7 Client AWS Verified Access VPC Private subnet Corp Application AVA Instance AVA Group AVA Trust Providers Device Trust Provider Jamf (macOS) CloudStrike (Windows10/11) User Trust Provider AWS IAM Identity Center 3rd Party IdP (OIDC) Policy Endpoint
Secure connections to your apps (NET214) • https://www.youtube.com/watch?v=Kkxn-bAIlnI • Leaping ahead: The power of cloud network innovation (NET211-L) • https://www.youtube.com/watch?v=aHClvCQfuPs 15