CedarPy
raw JSON → 4.8.1 verified Fri May 01 auth: no python
A Python binding for Cedar (AWS's policy language), enabling policy evaluation and management. Current version 4.8.1 requires Python >=3.9. Active development, monthly releases.
pip install cedarpy Common errors
error AttributeError: 'Decision' object has no attribute 'decision' ↓
cause In versions <4.0.0, `evaluate` returned a string; in 4.x it returns an object. Accessing `.decision` on the old string fails.
fix
Update to use
result.decision on the returned object (string comparison not needed). error ValueError: Invalid policy syntax... ↓
cause Cedar policy string contains syntax errors or unsupported features.
fix
Validate policy with the Cedar CLI or check the official Cedar grammar. Ensure no trailing semicolon issues.
Warnings
breaking In version 4.x, the API changed significantly from 3.x. The `evaluate` method now returns an object with a `decision` attribute instead of a string. ↓
fix Ensure your code accesses `.decision` on the result object, e.g., `result.decision`.
deprecated The `CedarPolicy.from_string()` method is deprecated in favor of the constructor `CedarPolicy(...)`. ↓
fix Replace `CedarPolicy.from_string(policy_str)` with `CedarPolicy(policy_str)`.
gotcha Entity UIDs must include the type prefix (e.g., 'User::"alice"'). Omitting the type will cause evaluation to fail silently or return Deny. ↓
fix Always specify the entity type in the UID string, like `'User::"alice"'`.
Imports
- CedarPolicy
from cedarpy import CedarPolicy - CedarEntity
from cedarpy import CedarEntity
Quickstart
from cedarpy import CedarPolicy, CedarEntity
policy = CedarPolicy('permit(principal in Namespace::"User::"+resource.owner, action, resource);')
entities = [CedarEntity(uid='User::"alice"', attrs={'owner': 'alice'})]
request = policy.evaluate(principal='User::"alice"', action='Action::"view"', resource='Resource::"file1"', entities=entities)
print(request.decision)