<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon
Blog / AWS

Cedar Go Implementation: Simplifying Security for Developers

We are pleased to announce that Amazon has accepted StrongDM's native Go implementation of Cedar into the Cedar Policy Organization's official GitHub repository. This allows Go developers to use Cedar, a security and authorization framework built to be fast, secure, and analyzable natively in their Go programs. 

What is Cedar?

Cedar, created by AWS, is an open-source policy language and evaluation engine that empowers developers to define fine-grained permissions through straightforward policies enforced within their applications. This approach separates access control from application logic, facilitating a more modular and maintainable approach to authorization. Cedar natively supports widely used authorization models, including role-based access control (RBAC) and attribute-based access control (ABAC). This ensures that policies are correctly enforced and thoroughly validated against a wide range of potential scenarios.

Why StrongDM Loves Cedar.

At StrongDM, our enthusiasm for Cedar stems from its exceptional blend of expressiveness, performance, safety, and analyzability. These qualities make it the ideal policy language for implementing robust, efficient, and understandable policy-based access control systems. 

The key factor in our decision to embrace Cedar was its performance in large, complex environments. The AWS team and other noted researchers recently published an in-depth research paper, Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization, which documents Cedar's performance advantages. Compared to OpenFGA and Rego, Cedar uniquely maintains its performance efficiency, even as the number of users and resources scales up—a critical consideration in today's growing digital environments. This observation resonated with our experiences last year when evaluating different policy languages; Cedar consistently demonstrated superior scaling characteristics as entity count (Users, Resources, etc) increased. This characteristic is crucial for developing scalable, secure applications that adapt to growing user bases without compromising efficiency.

Source: Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization (Extended Version); March 2024

Our choice to implement Cedar in Go was deliberate because it aligned with one of our core design principles: making everything easy to use. The language core to our technology, Go, was a choice we made long ago because it is a language that emphasizes readability above all else, making it an ideal language for developing clear and maintainable code. By bringing Cedar's capabilities into the Go ecosystem, we extend this principle of readability to security, allowing developers to integrate strong authorization features into their applications easily. 

Benefits of the Go Implementation

The combination of Cedar's policy language and Go's programming approach enables the creation of secure, high-performance applications that are both powerful and easy to understand. The Go implementation by StrongDM extends Cedar's reach, enabling Go developers to leverage its advanced features, including:

  • Enhanced Security: Incorporating Cedar's cryptographic solutions and policy-based authorization into Go applications helps developers build more secure systems by default.
  • High Performance: Cedar's performance-oriented design is now accessible to Go applications, ensuring security measures without a performance impact.
  • Streamlined Authorization: By integrating policy-based authorization into their applications, developers can manage access controls more effectively, adapting to changing requirements with minimal effort.
  • Simplified Access Management: Developers can more easily define, update, and enforce access policies, thanks to Cedar's flexible and powerful policy framework.
  • Familiar Language Interface: A native Go implementation brings performance benefits, reliability, and readability for Go developers.

”Last year, we fell in love with everything the Amazon team built in Cedar. Our Go implementation allows us to take full advantage of everything the policy language offers in a way that integrates seamlessly with our product.

The Cedar team has been amazing to work with and has provided advice and support as we embarked on our journey with Cedar. As a demonstration of our commitment to both the Cedar and Go communities, we wanted to contribute our implementation to the Cedar project. We’re thrilled that AWS has accepted it into the official Cedar repo.”

- Justin McCarthy, CTO and co-founder of StrongDM

Our goal with contributing a Go implementation to Cedar is to empower developers with the tools they need to enforce robust security policies effortlessly. This is about enhancing the security and performance of applications with cutting-edge authorization.

Invitation to the Developer Community

This contribution marks a milestone in the ongoing development of the Cedar project and its adoption in the software development community. Developers and organizations are encouraged to explore the Go implementation, contribute to its development, and integrate Cedar's security features into their own projects.

The Go implementation is available on GitHub at https://github.com/cedar-policy/cedar-go, inviting collaboration, feedback, and further enhancement from the community.

StrongDM's contribution of a Go implementation to Cedar is a step toward the broader adoption of sophisticated security and authorization mechanisms in software development. By making policy-based authorization more accessible to Go developers, this initiative helps build more secure and efficient applications, fostering a safer digital environment for all. This first contribution is just a start, and we plan to further enrich and improve it over time.


About the Author

, Co-founder / CTO, originally developed empathy for Operations as a founding and pager-carrying member of many operations and data teams. As an Executive, he has led Engineering and Product in high-throughput and high-stakes e-Commerce, financial, and AI products. Justin is the original author of StrongDM's core protocol-aware proxy technology. To contact Justin, visit him on Twitter.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

How to Automate Continuous Compliance in AWS with StrongDM
How to Automate Continuous Compliance in AWS with StrongDM
Enterprises seek ways to effectively address the needs of dynamic, always-evolving cloud infrastructures, and StrongDM has developed a platform that is designed with built-in capabilities to support continuous compliance in AWS environments.
StrongDM Releases Cedar-Go 1.0.0: Policy-Based Authorization for Go Developers
StrongDM Releases Cedar-Go 1.0.0: Policy-Based Authorization for Go Developers
StrongDM releases Cedar-Go 1.0.0, delivering policy-based authorization for Go developers. Build secure, high-performance apps with Cedar’s powerful framework—now Go-native. Simplify access control, scale effortlessly, and keep security simple.
Why Just-in-Time Access Is Key for Zero Trust Security in AWS
Why Just-in-Time Access Is Key for Zero Trust Security in AWS
Learn why Just-in-Time (JIT) access is essential for Zero Trust security in AWS environments. Discover how StrongDM's JIT access enhances security, optimizes workflows, and ensures compliance with Zero Trust principles.
Cedar for Kubernetes: Authorization That Speaks Your Language
Cedar for Kubernetes: Authorization That Speaks Your Language
By simplifying the ability to enforce granular policies, Cedar has set a new benchmark for access control in Kubernetes, and we’re thrilled to be part of this journey. This evolution is a milestone for anyone dedicated to securing cloud infrastructure.
AWS re:Invent 2023 Recap
AWS re:Invent 2023 Recap: RDS for Db2, EKS Pod Identity & More
re:Invent 2023 was AWS’ 12th conference, and it did not disappoint. More than 50,000 of us descended onto Las Vegas for a week of learning, networking, and discussing all things cloud. The campus was insanely large, spanning most of the Las Vegas strip, so that meant we got our steps in! We had some fun along the way, as well, at the many social gatherings, parties and amazing musical experience re:Play.