In this video, Justin McCarthy, Co-founder and CTO of StrongDM, speaks on why StrongDM chose the Cedar language to enhance their product. After evaluating several options, Cedar stood out due to its foundation in decades of Amazon's experience with IAM (Identity and Access Management).
So we did have quite a few options when we ultimately made the decision to proceed with Cedar. But I'll just highlight the number one, number two reasons that ultimately tipped us forward, embracing the Cedar language.
So first and foremost, you can see that the design of the language reflects many, many, many years from the Amazon team perfecting the concepts of IAM.
So this is a very elegant distillation of decades of lessons, and those lessons are that the language has to be readable, it has to be extremely performant, and then it has to be extremely reliable to the extent that it's actually provable in machine reasoning capacity.
All of these come together in the Cedar language, and as we've integrated it deeper and deeper into our product, we found that it absolutely delivers on that promise.
Every IAM scenario that we've sought to model, we've been able to model it in a fluent, natural way.
And then when it comes time to execute that model, we're executing it as what we refer to internally at wire speed.
So this is microseconds, not milliseconds, which means we can have fine grain policy for every resource type, for every action really without limits.
And knowing that all of this comes together in a way that could be validated by algorithms is something that assures us that this will scale really to our arbitrary complexity.
So those are the properties that really gave us conviction that Cedar was the right language.
So when we chose Cedar, we also faced a deeper technology decision related to which runtime the Amazon team has provided a reference implementation in Rust.
However, most of our code is written in Go, and in fact, our proxies all run go natively crossing that runtime boundary was going to be a cost for us.
So ultimately we decided that actually the Go community needed a great open source option.
So that prompted us to develop Cedar Go, which you can find in the, in the Cedar repository online.
So the Cedar Go implementation is a pure go implementation with no C dependencies.
It's extremely performant, and of course it has all the functionality of Cedar itself.
So we're really happy to give back to all the gophers out there and it's been great.
So please, please check it out and as always, submit a PR.
