In a Zero-Trust world, authentication is only step one. The real question is: should this principal be allowed to perform this action on this resource — right now? This session shows how cloud-native platforms enforce fine-grained authorization with AWS Verified Permissions and the Cedar policy language. We’ll break down what happens after authentication — from token claims and identity context to resource relationships and real-time policy evaluation. You’ll leave with a practical blueprint to: Treat authorization as a first-class architecture layer Move permissions out of application code into auditable policies Enforce least privilege across microservices and multi-tenant systems Ensure every API request is explicitly authorized — never implicitly trusted If you’re building secure systems at scale, authorization becomes the true foundation of Zero Trust.

Bruno Paiuca is an SRE and founder of Opsteam, a consultancy specialized in mission-critical operations, SRE, and FinOps.

Husband of Nataly and proud dad of Aurora — named after AWS Aurora, and also because he dreams of traveling with his family to see the Aurora Borealis.

Passionate about technology and people, he helps companies build resilient, efficient, and secure cloud systems that empower teams to innovate with confidence.