面向安全无服务器应用程序的高级授权模式 [重复].pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C N S 3 6 5-RAdvanced authorization patterns for secure serverless muti-tenant appsAnand Bilgaiyan(he/him)Senior Partner Solutions Architect,Enterprise Transformatio

2、n Amazon Web ServicesRishabh Yadav(he/him)Senior Solutions Architect,Public SectorAmazon Web Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Traditional Authorization&Related Challenges 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Authenticate1 1Trad

3、itional Authorization&Related Challenges 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AmazonAPI GatewayAuthenticateInvoke action with token1 12 2Traditional Authorization&Related Challenges 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Amazon CognitoAmazonA

4、PI GatewayAuthenticateInvoke action with tokenValidate token1 12 23 3Traditional Authorization&Related Challenges 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Amazon CognitoUnderlying Micro-servicesAmazonAPI GatewayAuthenticateInvoke action with tokenValidate token1 12 23 34 4T

5、raditional Authorization&Related Challenges 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Amazon CognitoUnderlying Micro-servicesAmazonAPI GatewayAuthenticateInvoke action with tokenValidate tokenAuthorization logic is Custom coded into applicationSpecially ABAC1 12 23 34 4Tradi

6、tional Authorization&Related Challenges5 5Dynamic Policies/Auth Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Amazon CognitoUnderlying Micro-servicesAmazonAPI GatewayAuthenticateInvoke action with tokenValidate tokenAuthorization logic is Custom coded into applicationSp