Episode 138
Twilio & Amazon Verified Permissions
Nov 08, 24 • 00:48:03
With Peter Lavelle, Principal Software Engineer, Twilio, and Edward Sun, Solution Architect, AWS
The AWS Developers Podcast
Episode 138
Nov 08, 24 • 00:48:03
With Peter Lavelle, Principal Software Engineer, Twilio, and Edward Sun, Solution Architect, AWS
In this episode of the AWS Developers Podcast, Seb speaks with Peter Lavelle and Edward Sun about Twilio, and the complexities of authorization in cloud applications. They discuss the evolution of Twilio Flex, the challenges faced in implementing a sophisticated authorization model, and the decision-making process behind choosing between graph-based and policy-based authorization systems. The conversation also highlights the benefits of Amazon Verified Permissions (AVP) and the Cedar Policy Language, emphasizing the importance of decoupling authorization logic from business logic for better scalability and maintainability. This conversation delves into the implementation and benefits of AWS Verified Permissions (AVP) and the Cedar policy language. The speakers discuss the Quick Start experience for users, the challenges of policy-based systems, and the importance of automated reasoning in policy verification. They also explore metadata management, the flexibility of local versus central evaluation in authorization, and the implementation timeline for Twilio's use of AVP. The discussion highlights the growing adoption of these technologies and their potential future applications.
Links
Here are the links to the tools, technologies, or articles we mentioned in this episode.
Twilio
Google Zanzibar
Amazon Verified Permission
Cedar: Learn about the language, tutorial and playground
AWS blog: How we designed Cedar to be intuitive to use, fast, and safe
AWS blog: Authorize API Gateway APIs using Amazon Verified Permissions