The New Stack Podcast All About Cedar, an Open Source Solution for Fine-Tuning Kubernetes Authorization
8 snips
Dec 2, 2025 Micah Hausler, a principal engineer at AWS, focuses on cutting-edge authorization systems and contributes to the Cedar open-source engine. He delves into Cedar's benefits over traditional Kubernetes RBAC, highlighting its ability to implement attribute-based rules and conditions. Micah shares how Cedar enhances policy clarity, allowing nontechnical users to understand it easily. The discussion touches on Cedar's adoption by companies like Cloudflare and MongoDB, as well as its future goals, including expanding language support and incorporating AI features.
AI Snips
Chapters
Transcript
Episode notes
Cedar As A General Authorization Engine
- Cedar is an open-source authorization engine and policy language created by AWS to solve authorization, safety, and performance needs.
- It generalizes authorization problems so teams and customers can model and enforce complex policies beyond simple role checks.
RBAC Limits Drive Need For Cedar
- Kubernetes RBAC is simple and fast but limited: it only allows actions and cannot express denials, conditions, or attribute-based rules.
- Cedar fills those gaps by enabling conditions, denies, and attribute-based access in a concise, readable policy language.
Real-World Adoption Examples
- Organizations like Cloudflare and MongoDB Atlas use Cedar to govern access, showing real-world adoption.
- Micah joined via working on Kubernetes at AWS and discovered Cedar modeled Kubernetes needs surprisingly well.