Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
terraform
Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Let's assume that we would like to recreate one of the scenarios from avp-cli in Terraform, for example, the documents scenario. This is a basic scenario with a document management platform schema and two policies (Allow all users to view all documents and Forbid user X from viewing any documents).
If we check the support for the Terraform AWS Provider here (state for the date of publishing this article), we will see that the service is not yet fully supported. Last week, after more than half a year, support for creating a policy store was added. Additionally, we have the configuration to add template policies. However, the identity source is in the form of a PR draft, and there is no PR yet for the ability to create policies.
Welcome back to my blog post series dedicated to building authorization using Cedar and Amazon Verified Permissions. In a previous blogpost we've learned about batch authorization. Today, we will take a look at how to build AVP with one of the most popular Infrastructure as Code (IaC) tool - Terraform.
Does this mean that we currently cannot use AVP with Terraform? Not necessarily, as the Cloud Control Provider comes to our rescue.
The example we will create is not intended for production use; it has been created for educational purposes. However, in the future, I will add more advanced projects with Terraform to the repository, also more suited for production use.
Related posts
- Abusing Terraform to Upload Static Websites to S3
- Anyone like the new 2 part plan in 0.15.4?
- Retrieve token data from Kubernetes Service Account in Terraform
-
terraform VS selefra - a user suggested alternative
2 projects | 20 Mar 2023
- Terraform을 이용해서 Amazon IVS Live Streams 및 Chat 배포하기 (Deploy Amazon IVS Live Streams and Chat with Terraform)