Verified Access policies - AWS Verified Access

Verified Access policies

AWS Verified Access policies allow you to define rules for accessing your applications hosted in AWS. They are written in Cedar, an AWS policy language. Using Cedar, you can create policies that are evaluated against the trust data sent from the identity or device-based trust providers that you configure to use with Verified Access.

For more detailed information about the Cedar policy language, see the Cedar Reference Guide.

When you create a Verified Access group or create a Verified Access endpoint, you have the option to define the Verified Access policy. You can create a group or endpoint without defining the Verified Access policy, but all access requests will be blocked until you define a policy. Alternatively, you can add or change a policy on an existing Verified Access group or endpoint after it has been created.

This section describes how Verified Access policies are structured, what they contain, how to define them, and provides a few examples.