{"id":66763,"date":"2026-07-05T09:21:22","date_gmt":"2026-07-05T02:21:22","guid":{"rendered":"https:\/\/aws.cmctelecom.vn\/2026\/06\/16\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/"},"modified":"2026-06-30T17:52:23","modified_gmt":"2026-06-30T10:52:23","slug":"amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung","status":"publish","type":"post","link":"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/","title":{"rendered":"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C"},"content":{"rendered":"<p>Vi\u1ec7c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd cho \u1ee9ng d\u1ee5ng web hi\u1ec7n \u0111\u1ea1i, \u0111\u1eb7c bi\u1ec7t l\u00e0 x\u00e1c th\u1ef1c (b\u1ea1n l\u00e0 ai?) v\u00e0 ph\u00e2n quy\u1ec1n (b\u1ea1n \u0111\u01b0\u1ee3c l\u00e0m g\u00ec?), l\u00e0 m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n. AWS cung c\u1ea5p gi\u1ea3i ph\u00e1p k\u1ebft h\u1ee3p gi\u1eefa Amazon Cognito cho x\u00e1c th\u1ef1c v\u00e0 Amazon Verified Permissions cho ph\u00e2n quy\u1ec1n chi ti\u1ebft, gi\u00fap doanh nghi\u1ec7p x\u00e2y d\u1ef1ng l\u1edbp b\u1ea3o m\u1eadt c\u1ea5p doanh nghi\u1ec7p v\u1edbi n\u1ed7 l\u1ef1c ph\u00e1t tri\u1ec3n t\u1ed1i thi\u1ec3u. C\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y cho ph\u00e9p \u0111\u1ed9i ng\u0169 k\u1ef9 thu\u1eadt t\u1eadp trung v\u00e0o c\u00e1c ch\u1ee9c n\u0103ng c\u1ed1t l\u00f5i c\u1ee7a \u1ee9ng d\u1ee5ng thay v\u00ec ph\u1ea3i vi\u1ebft m\u00e3 b\u1ea3o m\u1eadt ph\u1ee9c t\u1ea1p.<\/p>\n<p>B\u00e0i vi\u1ebft n\u00e0y s\u1ebd h\u01b0\u1edbng d\u1eabn c\u00e1ch x\u00e2y d\u1ef1ng ki\u1ec3m so\u00e1t truy c\u1eadp chi ti\u1ebft cho m\u1ed9t \u1ee9ng d\u1ee5ng m\u1eabu b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng <strong>Amazon Cognito<\/strong> v\u00e0 <strong>Amazon Verified Permissions<\/strong> v\u1edbi c\u00e1c policy b\u1eb1ng ng\u00f4n ng\u1eef Cedar. Ki\u1ebfn tr\u00fac n\u00e0y gi\u00fap gi\u1ea3m th\u1eddi gian ph\u00e1t tri\u1ec3n, tri\u1ec3n khai x\u00e1c th\u1ef1c c\u1ea5p doanh nghi\u1ec7p v\u00e0 m\u1edf r\u1ed9ng quy m\u00f4 b\u1ea3o m\u1eadt khi l\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng t\u0103ng l\u00ean.<\/p>\n<h2>T\u1ed5ng quan ki\u1ebfn tr\u00fac b\u1ea3o m\u1eadt<\/h2>\n<p>Ki\u1ebfn tr\u00fac tham kh\u1ea3o tu\u00e2n theo thi\u1ebft k\u1ebf b\u1ea3o m\u1eadt theo l\u1edbp v\u1edbi b\u1ed1n th\u00e0nh ph\u1ea7n ch\u00ednh, t\u00e1ch bi\u1ec7t vi\u1ec7c x\u00e1c minh danh t\u00ednh, \u0111\u00e1nh gi\u00e1 ph\u00e2n quy\u1ec1n, logic \u1ee9ng d\u1ee5ng v\u00e0 c\u00e1c ranh gi\u1edbi th\u1ef1c thi. B\u1eb1ng c\u00e1ch ph\u00e2n chia tr\u00e1ch nhi\u1ec7m r\u00f5 r\u00e0ng cho t\u1eebng l\u1edbp, ki\u1ebfn tr\u00fac n\u00e0y gi\u1edbi h\u1ea1n b\u00e1n k\u00ednh \u1ea3nh h\u01b0\u1edfng v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng s\u1ef1 c\u1ed1 \u1edf m\u1ed9t l\u1edbp ki\u1ec3m so\u00e1t duy nh\u1ea5t kh\u00f4ng l\u00e0m t\u1ed5n h\u1ea1i \u0111\u1ebfn to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng.<\/p>\n<ul>\n<li><strong>L\u1edbp x\u00e1c th\u1ef1c (Authentication layer):<\/strong> <strong>Amazon Cognito<\/strong> x\u1eed l\u00fd x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng v\u1edbi vi\u1ec7c x\u00e1c th\u1ef1c th\u00f4ng tin \u0111\u0103ng nh\u1eadp an to\u00e0n v\u00e0 c\u1ea5p m\u00e3 th\u00f4ng b\u00e1o web JSON (JWT). D\u1ecbch v\u1ee5 n\u00e0y cung c\u1ea5p s\u1eb5n c\u00e1c ch\u00ednh s\u00e1ch m\u1eadt kh\u1ea9u, b\u1ea3o v\u1ec7 kh\u00f3a t\u00e0i kho\u1ea3n v\u00e0 qu\u1ea3n l\u00fd phi\u00ean l\u00e0m vi\u1ec7c.<\/li>\n<li><strong>L\u1edbp ph\u00e2n quy\u1ec1n (Authorization layer):<\/strong> <strong>Verified Permissions<\/strong> s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 policy Cedar \u0111\u1ec3 \u0111\u00e1nh gi\u00e1 c\u00e1c y\u00eau c\u1ea7u truy c\u1eadp chi ti\u1ebft d\u1ef1a tr\u00ean c\u00e1c policy \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef t\u1eadp trung.<\/li>\n<li><strong>L\u1edbp \u1ee9ng d\u1ee5ng (Application layer):<\/strong> Frontend c\u1ee7a \u1ee9ng d\u1ee5ng (v\u00ed d\u1ee5: Streamlit) t\u00edch h\u1ee3p v\u1edbi c\u1ea3 hai d\u1ecbch v\u1ee5, qu\u1ea3n l\u00fd phi\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 th\u1ef1c thi c\u00e1c ki\u1ec3m so\u00e1t truy c\u1eadp tr\u00ean giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng.<\/li>\n<li><strong>Ranh gi\u1edbi b\u1ea3o m\u1eadt (Security boundaries):<\/strong> Nhi\u1ec1u l\u1edbp ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt gi\u00fap ch\u1ed1ng l\u1ea1i truy c\u1eadp tr\u00e1i ph\u00e9p, leo thang \u0111\u1eb7c quy\u1ec1n, v\u00e0 y\u00eau c\u1ea7u x\u00e1c th\u1ef1c, ph\u00e2n quy\u1ec1n v\u00e0 x\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o.<\/li>\n<\/ul>\n<p>Vi\u1ec7c t\u00e1ch bi\u1ec7t n\u00e0y cho ph\u00e9p x\u00e1c th\u1ef1c v\u00e0 ph\u00e2n quy\u1ec1n ho\u1ea1t \u0111\u1ed9ng nh\u01b0 c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ed5 sung cho nhau, tu\u00e2n theo nguy\u00ean t\u1eafc <em>defense-in-depth<\/em> (b\u1ea3o v\u1ec7 theo chi\u1ec1u s\u00e2u). S\u01a1 \u0111\u1ed3 d\u01b0\u1edbi \u0111\u00e2y minh h\u1ecda lu\u1ed3ng x\u00e1c th\u1ef1c v\u00e0 ph\u00e2n quy\u1ec1n t\u1eeb \u0111\u1ea7u \u0111\u1ebfn cu\u1ed1i.<\/p>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 1647px; --smush-placeholder-aspect-ratio: 1647\/905;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/5ad7b85954.png\" alt=\"S\u01a1 \u0111\u1ed3 ki\u1ebfn tr\u00fac gi\u1ea3i ph\u00e1p v\u00e0 lu\u1ed3ng c\u00f4ng vi\u1ec7c k\u1ebft h\u1ee3p Amazon Cognito v\u00e0 Amazon Verified Permissions.\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<p>Lu\u1ed3ng ho\u1ea1t \u0111\u1ed9ng k\u1ebft h\u1ee3p ba l\u1edbp ki\u1ebfn tr\u00fac nh\u01b0 sau:<\/p>\n<ol>\n<li>Ng\u01b0\u1eddi d\u00f9ng g\u1eedi y\u00eau c\u1ea7u \u0111\u0103ng nh\u1eadp th\u00f4ng qua \u1ee9ng d\u1ee5ng.<\/li>\n<li>Y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c b\u1edfi <strong>Amazon Cognito<\/strong>.<\/li>\n<li>M\u1ed9t access token \u0111\u01b0\u1ee3c g\u1eedi tr\u1edf l\u1ea1i \u1ee9ng d\u1ee5ng.<\/li>\n<li>M\u1ed9t y\u00eau c\u1ea7u ph\u00e2n quy\u1ec1n \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn <strong>Verified Permissions<\/strong>.<\/li>\n<li>C\u00f4ng c\u1ee5 policy Cedar \u0111\u00e1nh gi\u00e1 y\u00eau c\u1ea7u.<\/li>\n<li>M\u1ed9t quy\u1ebft \u0111\u1ecbnh (cho ph\u00e9p\/t\u1eeb ch\u1ed1i) \u0111\u01b0\u1ee3c g\u1eedi l\u1ea1i.<\/li>\n<li>L\u1ec7nh cho ph\u00e9p ho\u1eb7c t\u1eeb ch\u1ed1i \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn \u1ee9ng d\u1ee5ng.<\/li>\n<li>N\u1ebfu \u0111\u01b0\u1ee3c cho ph\u00e9p, ng\u01b0\u1eddi d\u00f9ng s\u1ebd \u0111\u01b0\u1ee3c c\u1ea5p quy\u1ec1n truy c\u1eadp.<\/li>\n<\/ol>\n<h2>Ph\u00e2n quy\u1ec1n chi ti\u1ebft v\u1edbi ng\u00f4n ng\u1eef Cedar<\/h2>\n<p>Trong khi x\u00e1c th\u1ef1c thi\u1ebft l\u1eadp danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, ph\u00e2n quy\u1ec1n x\u00e1c \u0111\u1ecbnh nh\u1eefng h\u00e0nh \u0111\u1ed9ng m\u00e0 ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n. <strong>Verified Permissions<\/strong> cung c\u1ea5p m\u1ed9t d\u1ecbch v\u1ee5 ph\u00e2n quy\u1ec1n c\u00f3 kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng d\u1ef1a tr\u00ean <strong>Cedar<\/strong>, m\u1ed9t ng\u00f4n ng\u1eef policy \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1eb7c bi\u1ec7t cho vi\u1ec7c ki\u1ec3m so\u00e1t truy c\u1eadp chi ti\u1ebft.<\/p>\n<p>M\u1ed7i policy trong Cedar x\u00e1c \u0111\u1ecbnh ai (principal) c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng (action) n\u00e0o tr\u00ean t\u00e0i nguy\u00ean (resource) n\u00e0o d\u01b0\u1edbi nh\u1eefng \u0111i\u1ec1u ki\u1ec7n (conditions) n\u00e0o.<\/p>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 1417px; --smush-placeholder-aspect-ratio: 1417\/400;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/7d4594f461.png\" alt=\"C\u00e1c th\u00e0nh ph\u1ea7n c\u1ee7a m\u1ed9t policy Cedar: Effect, Principal, Action, Resource, v\u00e0 Condition.\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<p>C\u00e1c th\u00e0nh ph\u1ea7n c\u1ee7a m\u1ed9t policy Cedar bao g\u1ed3m:<\/p>\n<ul>\n<li><strong>Effect:<\/strong> <code>permit<\/code> (cho ph\u00e9p) ho\u1eb7c <code>forbid<\/code> (c\u1ea5m) x\u00e1c \u0111\u1ecbnh li\u1ec7u policy cho ph\u00e9p hay t\u1eeb ch\u1ed1i truy c\u1eadp.<\/li>\n<li><strong>Principal:<\/strong> Th\u1ef1c th\u1ec3 (ng\u01b0\u1eddi d\u00f9ng) \u0111\u01b0a ra y\u00eau c\u1ea7u, \u0111\u01b0\u1ee3c bi\u1ec3u di\u1ec5n b\u1eb1ng bi\u1ebfn <code>?principal<\/code>.<\/li>\n<li><strong>Action:<\/strong> Thao t\u00e1c \u0111ang \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n, \u0111\u01b0\u1ee3c \u0111\u1ecbnh ph\u1ea1m vi trong kh\u00f4ng gian t\u00ean \u1ee9ng d\u1ee5ng c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>Resource:<\/strong> M\u1ee5c ti\u00eau c\u1ee7a h\u00e0nh \u0111\u1ed9ng, c\u0169ng \u0111\u01b0\u1ee3c bi\u1ec3u di\u1ec5n b\u1eb1ng m\u1ed9t bi\u1ebfn.<\/li>\n<li><strong>Conditions:<\/strong> M\u1ec7nh \u0111\u1ec1 <code>when<\/code> ch\u1ee9a c\u00e1c bi\u1ec3u th\u1ee9c logic ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 \u0111\u00fang.<\/li>\n<\/ul>\n<h2>C\u00e1c m\u1eabu policy Cedar n\u00e2ng cao<\/h2>\n<p>Ph\u1ea7n n\u00e0y m\u00f4 t\u1ea3 c\u00e1c m\u1eabu policy Cedar th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 tri\u1ec3n khai ph\u00e2n quy\u1ec1n chi ti\u1ebft v\u1edbi Amazon Verified Permissions. C\u00e1c v\u00ed d\u1ee5 minh h\u1ecda c\u00e1ch m\u00f4 h\u00ecnh h\u00f3a quy\u1ec1n s\u1edf h\u1eefu, truy c\u1eadp d\u1ef1a tr\u00ean vai tr\u00f2, quy\u1ec1n h\u1ea1n theo c\u1ea5p b\u1eadc v\u00e0 c\u00e1c quy\u1ec1n ki\u1ec3m so\u00e1t qu\u1ea3n tr\u1ecb trong c\u00e1c \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf.<\/p>\n<h3>Ki\u1ec3m so\u00e1t quy\u1ec1n s\u1edf h\u1eefu t\u00e0i nguy\u00ean<\/h3>\n<p>M\u1eabu n\u00e0y \u0111\u1ea3m b\u1ea3o ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 c\u00f3 th\u1ec3 truy c\u1eadp c\u00e1c t\u00e0i nguy\u00ean m\u00e0 h\u1ecd s\u1edf h\u1eefu. V\u00ed d\u1ee5, m\u1ed9t policy cho ph\u00e9p sinh vi\u00ean ch\u1ec9 xem \u0111i\u1ec3m c\u1ee7a ch\u00ednh m\u00ecnh b\u1eb1ng c\u00e1ch ki\u1ec3m tra vai tr\u00f2 <code>Student<\/code> v\u00e0 x\u00e1c minh r\u1eb1ng thu\u1ed9c t\u00ednh <code>student<\/code> c\u1ee7a t\u00e0i nguy\u00ean \u0111i\u1ec3m kh\u1edbp v\u1edbi <code>entityId<\/code> c\u1ee7a sinh vi\u00ean.<\/p>\n<h3>Truy c\u1eadp d\u1ef1a tr\u00ean vai tr\u00f2 v\u00e0 lo\u1ea1i t\u00e0i nguy\u00ean<\/h3>\n<p>M\u1eabu n\u00e0y c\u1ea5p quy\u1ec1n truy c\u1eadp d\u1ef1a tr\u00ean vai tr\u00f2 v\u00e0 lo\u1ea1i t\u00e0i nguy\u00ean. V\u00ed d\u1ee5, m\u1ed9t policy cho ph\u00e9p gi\u1ea3ng vi\u00ean ch\u1ec9nh s\u1eeda c\u00e1c kh\u00f3a h\u1ecdc m\u00e0 h\u1ecd d\u1ea1y b\u1eb1ng c\u00e1ch x\u00e1c minh vai tr\u00f2 <code>Faculty<\/code>, x\u00e1c nh\u1eadn t\u00e0i nguy\u00ean l\u00e0 lo\u1ea1i <code>Course<\/code> v\u00e0 ki\u1ec3m tra xem thu\u1ed9c t\u00ednh <code>instructor<\/code> c\u1ee7a kh\u00f3a h\u1ecdc c\u00f3 kh\u1edbp v\u1edbi <code>entityId<\/code> c\u1ee7a gi\u1ea3ng vi\u00ean hay kh\u00f4ng.<\/p>\n<h3>Ph\u00e2n quy\u1ec1n theo c\u1ea5p b\u1eadc<\/h3>\n<p>M\u1eabu n\u00e0y cho ph\u00e9p tr\u01b0\u1edfng khoa qu\u1ea3n l\u00fd c\u00e1c gi\u1ea3ng vi\u00ean trong khoa c\u1ee7a h\u1ecd. Policy y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng ph\u1ea3i l\u00e0 <code>DepartmentHead<\/code>, x\u00e1c minh t\u00e0i nguy\u00ean l\u00e0 m\u1ed9t gi\u1ea3ng vi\u00ean v\u00e0 kh\u1edbp ph\u00f2ng ban c\u1ee7a gi\u1ea3ng vi\u00ean \u0111\u00f3 v\u1edbi ph\u00f2ng ban c\u1ee7a tr\u01b0\u1edfng khoa.<\/p>\n<h3>Ghi \u0111\u00e8 c\u1ee7a qu\u1ea3n tr\u1ecb vi\u00ean<\/h3>\n<p>M\u1eabu n\u00e0y cung c\u1ea5p quy\u1ec1n truy c\u1eadp kh\u1ea9n c\u1ea5p v\u1edbi l\u00fd do ch\u00ednh \u0111\u00e1ng. Policy cho ph\u00e9p qu\u1ea3n tr\u1ecb vi\u00ean th\u1ef1c hi\u1ec7n b\u1ea5t k\u1ef3 h\u00e0nh \u0111\u1ed9ng n\u00e0o tr\u00ean b\u1ea5t k\u1ef3 t\u00e0i nguy\u00ean n\u00e0o, nh\u01b0ng y\u00eau c\u1ea7u m\u1ed9t c\u1edd truy c\u1eadp kh\u1ea9n c\u1ea5p (<code>emergency access flag<\/code>) ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u1eb7t th\u00e0nh <code>true<\/code> v\u00e0 ph\u1ea3i c\u00f3 l\u00fd do gi\u1ea3i tr\u00ecnh. \u0110i\u1ec1u n\u00e0y h\u1ed7 tr\u1ee3 tr\u00e1ch nhi\u1ec7m gi\u1ea3i tr\u00ecnh trong khi v\u1eabn cho ph\u00e9p c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u1ea9n c\u1ea5p.<\/p>\n<h2>Lu\u1ed3ng x\u1eed l\u00fd v\u00e0 t\u1ed1i \u01b0u h\u00f3a policy<\/h2>\n<p>Hi\u1ec3u c\u00e1ch c\u00e1c policy \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 gi\u00fap thi\u1ebft k\u1ebf h\u1ec7 th\u1ed1ng ph\u00e2n quy\u1ec1n hi\u1ec7u qu\u1ea3. Quy tr\u00ecnh \u0111\u00e1nh gi\u00e1 tu\u00e2n theo c\u00e1c b\u01b0\u1edbc sau:<\/p>\n<ol>\n<li>Ng\u01b0\u1eddi d\u00f9ng c\u1ed1 g\u1eafng truy c\u1eadp m\u1ed9t t\u00e0i nguy\u00ean \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7.<\/li>\n<li>\u1ee8ng d\u1ee5ng g\u1eedi y\u00eau c\u1ea7u ph\u00e2n quy\u1ec1n \u0111\u1ebfn <strong>Verified Permissions<\/strong>.<\/li>\n<li>Verified Permissions truy xu\u1ea5t c\u00e1c policy Cedar \u00e1p d\u1ee5ng t\u1eeb kho policy.<\/li>\n<li>C\u00f4ng c\u1ee5 policy Cedar \u0111\u00e1nh gi\u00e1 t\u1eebng policy so v\u1edbi y\u00eau c\u1ea7u.<\/li>\n<li>N\u1ebfu c\u00f3 b\u1ea5t k\u1ef3 policy <code>forbid<\/code> n\u00e0o kh\u1edbp, quy\u1ec1n truy c\u1eadp s\u1ebd b\u1ecb t\u1eeb ch\u1ed1i ngay l\u1eadp t\u1ee9c.<\/li>\n<li>N\u1ebfu c\u00f3 b\u1ea5t k\u1ef3 policy <code>permit<\/code> n\u00e0o kh\u1edbp v\u00e0 kh\u00f4ng c\u00f3 policy <code>forbid<\/code> n\u00e0o kh\u1edbp, quy\u1ec1n truy c\u1eadp s\u1ebd \u0111\u01b0\u1ee3c cho ph\u00e9p.<\/li>\n<li>N\u1ebfu kh\u00f4ng c\u00f3 policy n\u00e0o kh\u1edbp, quy\u1ec1n truy c\u1eadp s\u1ebd b\u1ecb t\u1eeb ch\u1ed1i theo m\u1eb7c \u0111\u1ecbnh.<\/li>\n<li>K\u1ebft qu\u1ea3 \u0111\u00e1nh gi\u00e1 (ALLOW ho\u1eb7c DENY) \u0111\u01b0\u1ee3c tr\u1ea3 v\u1ec1 cho \u1ee9ng d\u1ee5ng.<\/li>\n<li>\u1ee8ng d\u1ee5ng th\u1ef1c thi quy\u1ebft \u0111\u1ecbnh ph\u00e2n quy\u1ec1n.<\/li>\n<\/ol>\n<blockquote><p><strong>L\u01b0u \u00fd:<\/strong> C\u00e1c policy <code>forbid<\/code> lu\u00f4n \u0111\u01b0\u1ee3c \u01b0u ti\u00ean. N\u1ebfu b\u1ea5t k\u1ef3 policy <code>forbid<\/code> n\u00e0o kh\u1edbp, quy\u1ec1n truy c\u1eadp s\u1ebd b\u1ecb t\u1eeb ch\u1ed1i b\u1ea5t k\u1ec3 c\u00f3 c\u00e1c policy <code>permit<\/code> kh\u00e1c hay kh\u00f4ng.<\/p><\/blockquote>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 1635px; --smush-placeholder-aspect-ratio: 1635\/268;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/b6a7c4a335.png\" alt=\"S\u01a1 \u0111\u1ed3 quy tr\u00ecnh \u0111\u00e1nh gi\u00e1 policy trong Amazon Verified Permissions.\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<p><strong>M\u1eb9o t\u1ed1i \u01b0u h\u00f3a policy:<\/strong><\/p>\n<ul>\n<li><strong>S\u1eafp x\u1ebfp \u0111i\u1ec1u ki\u1ec7n:<\/strong> \u0110\u1eb7t c\u00e1c \u0111i\u1ec1u ki\u1ec7n c\u00f3 kh\u1ea3 n\u0103ng \u0111\u00fang cao nh\u1ea5t l\u00ean \u0111\u1ea7u trong m\u1ec7nh \u0111\u1ec1 <code>when<\/code> \u0111\u1ec3 t\u1eadn d\u1ee5ng <em>short-circuit evaluation<\/em>.<\/li>\n<li><strong>S\u1eed d\u1ee5ng thu\u1ed9c t\u00ednh \u0111\u01b0\u1ee3c \u0111\u00e1nh ch\u1ec9 m\u1ee5c:<\/strong> S\u1eed d\u1ee5ng c\u00e1c thu\u1ed9c t\u00ednh th\u1ef1c th\u1ec3 m\u00e0 Verified Permissions \u0111\u00e1nh ch\u1ec9 m\u1ee5c t\u1ef1 nhi\u00ean (v\u00ed d\u1ee5: <code>entityId<\/code>, vai tr\u00f2, lo\u1ea1i t\u00e0i nguy\u00ean) l\u00e0m \u0111i\u1ec1u ki\u1ec7n ch\u00ednh \u0111\u1ec3 tra c\u1ee9u nhanh h\u01a1n.<\/li>\n<li><strong>L\u01b0u cache k\u1ebft qu\u1ea3 \u0111\u00e1nh gi\u00e1 policy<\/strong> khi th\u00edch h\u1ee3p.<\/li>\n<li><strong>Gi\u00e1m s\u00e1t c\u00e1c ch\u1ec9 s\u1ed1<\/strong> v\u00e0 hi\u1ec7u su\u1ea5t \u0111\u00e1nh gi\u00e1.<\/li>\n<\/ul>\n<h2>H\u01b0\u1edbng d\u1eabn tri\u1ec3n khai m\u1eabu<\/h2>\n<p>\u0110\u1ec3 tri\u1ec3n khai \u1ee9ng d\u1ee5ng m\u1eabu, b\u1ea1n c\u1ea7n c\u00f3 t\u00e0i kho\u1ea3n AWS \u0111ang ho\u1ea1t \u0111\u1ed9ng, Python 3.8 tr\u1edf l\u00ean, ki\u1ebfn th\u1ee9c c\u01a1 b\u1ea3n v\u1ec1 Streamlit v\u00e0 quy\u1ec1n IAM cho Amazon Cognito v\u00e0 Verified Permissions.<\/p>\n<ol>\n<li><strong>T\u1ea3i m\u00e3 ngu\u1ed3n:<\/strong> T\u1ea3i m\u00e3 ngu\u1ed3n t\u1eeb <a href=\"https:\/\/github.com\/aws-samples\/sample-blog-avp-streamlit\">repository m\u1eabu tr\u00ean GitHub<\/a>.<\/li>\n<li><strong>Thi\u1ebft l\u1eadp m\u00f4i tr\u01b0\u1eddng:<\/strong> C\u00e0i \u0111\u1eb7t AWS SDK cho Python (boto3) v\u00e0 c\u1ea5u h\u00ecnh th\u00f4ng tin \u0111\u0103ng nh\u1eadp AWS c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>T\u1ea1o t\u00e0i nguy\u00ean AWS:<\/strong> S\u1eed d\u1ee5ng AWS Management Console ho\u1eb7c c\u00e1c c\u00f4ng c\u1ee5 <em>Infrastructure as Code<\/em> (IaC) \u0111\u1ec3 c\u1ea5p ph\u00e1t Amazon Cognito user pool v\u00e0 Verified Permissions policy store. B\u1ea1n c\u00f3 th\u1ec3 ch\u1ea1y script \u0111\u01b0\u1ee3c cung c\u1ea5p:<br \/>\n<code>bash<br \/>\n.\/deploy-demo-environment.sh<\/code><\/li>\n<li><strong>Ch\u1ea1y \u1ee9ng d\u1ee5ng demo:<\/strong> T\u01b0\u01a1ng t\u00e1c v\u1edbi b\u1ea3n demo \u0111\u1ec3 ki\u1ec3m tra c\u00e1c policy v\u00e0 t\u00ednh n\u0103ng.<\/li>\n<\/ol>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 1647px; --smush-placeholder-aspect-ratio: 1647\/727;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/d77b47a246.png\" alt=\"M\u00e0n h\u00ecnh \u0111\u0103ng nh\u1eadp c\u1ee7a \u1ee9ng d\u1ee5ng demo \u0111\u1ec3 x\u00e1c th\u1ef1c th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng.\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<h2>C\u00e1c ph\u01b0\u01a1ng ph\u00e1p b\u1ea3o m\u1eadt t\u1ed1t nh\u1ea5t<\/h2>\n<p>Khi tri\u1ec3n khai ki\u1ebfn tr\u00fac n\u00e0y, h\u00e3y tu\u00e2n th\u1ee7 c\u00e1c ph\u01b0\u01a1ng ph\u00e1p t\u1ed1t nh\u1ea5t sau \u0111\u1ec3 h\u1ed7 tr\u1ee3 b\u1ea3o m\u1eadt:<\/p>\n<ul>\n<li><strong>B\u1ea3o m\u1eadt theo l\u1edbp:<\/strong> S\u1eed d\u1ee5ng c\u1ea3 x\u00e1c th\u1ef1c v\u00e0 ph\u00e2n quy\u1ec1n nh\u01b0 c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ed5 sung.<\/li>\n<li><strong>Tu\u00e2n th\u1ee7 nguy\u00ean t\u1eafc \u0111\u1eb7c quy\u1ec1n t\u1ed1i thi\u1ec3u:<\/strong> Ch\u1ec9 c\u1ea5p c\u00e1c quy\u1ec1n c\u1ea7n thi\u1ebft cho c\u00e1c vai tr\u00f2 ng\u01b0\u1eddi d\u00f9ng c\u1ee5 th\u1ec3.<\/li>\n<li><strong>Qu\u1ea3n l\u00fd phi\u00ean l\u00e0m vi\u1ec7c \u0111\u00fang c\u00e1ch:<\/strong> \u0110\u1eb7t ch\u00ednh s\u00e1ch h\u1ebft h\u1ea1n v\u00e0 l\u00e0m m\u1edbi token ph\u00f9 h\u1ee3p.<\/li>\n<li><strong>X\u00e1c th\u1ef1c t\u1ea5t c\u1ea3 \u0111\u1ea7u v\u00e0o:<\/strong> L\u00e0m s\u1ea1ch d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng injection.<\/li>\n<li><strong>Gi\u00e1m s\u00e1t c\u00e1c s\u1ef1 ki\u1ec7n x\u00e1c th\u1ef1c:<\/strong> Thi\u1ebft l\u1eadp ghi log v\u00e0 c\u1ea3nh b\u00e1o cho c\u00e1c ho\u1ea1t \u0111\u1ed9ng \u0111\u00e1ng ng\u1edd.<\/li>\n<li><strong>Th\u1ef1c hi\u1ec7n \u0111\u00e1nh gi\u00e1 b\u1ea3o m\u1eadt th\u01b0\u1eddng xuy\u00ean:<\/strong> \u0110\u1ecbnh k\u1ef3 ki\u1ec3m tra c\u00e1c policy v\u00e0 c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt c\u1ee7a b\u1ea1n.<\/li>\n<\/ul>\n<h2>K\u1ebft lu\u1eadn<\/h2>\n<p>B\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng <strong>Amazon Cognito<\/strong> v\u00e0 <strong>Amazon Verified Permissions<\/strong>, doanh nghi\u1ec7p c\u00f3 th\u1ec3 x\u00e2y d\u1ef1ng c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd m\u00e0 kh\u00f4ng c\u1ea7n m\u00e3 t\u00f9y ch\u1ec9nh ph\u1ee9c t\u1ea1p. C\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y cho ph\u00e9p tri\u1ec3n khai x\u00e1c th\u1ef1c c\u1ea5p doanh nghi\u1ec7p, th\u1ef1c thi c\u00e1c policy ph\u00e2n quy\u1ec1n chi ti\u1ebft, m\u1edf r\u1ed9ng quy m\u00f4 ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt v\u00e0 qu\u1ea3n l\u00fd, ki\u1ec3m to\u00e1n c\u00e1c policy m\u1ed9t c\u00e1ch t\u1eadp trung. \u0110i\u1ec1u n\u00e0y gi\u00fap c\u00e1c nh\u00f3m ph\u00e1t tri\u1ec3n t\u1eadp trung v\u00e0o vi\u1ec7c t\u1ea1o ra gi\u00e1 tr\u1ecb kinh doanh thay v\u00ec lo l\u1eafng v\u1ec1 vi\u1ec7c x\u00e2y d\u1ef1ng v\u00e0 duy tr\u00ec c\u00e1c h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt ph\u1ee9c t\u1ea1p.<\/p>","protected":false},"excerpt":{"rendered":"<p>Vi\u1ec7c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd cho \u1ee9ng d\u1ee5ng web hi\u1ec7n \u0111\u1ea1i, \u0111\u1eb7c bi\u1ec7t l\u00e0 x\u00e1c th\u1ef1c (b\u1ea1n l\u00e0 ai?) v\u00e0 ph\u00e2n quy\u1ec1n (b\u1ea1n \u0111\u01b0\u1ee3c l\u00e0m g\u00ec?), l\u00e0 m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n. AWS cung c\u1ea5p gi\u1ea3i ph\u00e1p k\u1ebft h\u1ee3p gi\u1eefa Amazon Cognito cho&#8230;<\/p>","protected":false},"author":22,"featured_media":66758,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-66763","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctelers-blogs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C | CMC Telecom<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C | CMC Telecom\" \/>\n<meta property=\"og:description\" content=\"Vi\u1ec7c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd cho \u1ee9ng d\u1ee5ng web hi\u1ec7n \u0111\u1ea1i, \u0111\u1eb7c bi\u1ec7t l\u00e0 x\u00e1c th\u1ef1c (b\u1ea1n l\u00e0 ai?) v\u00e0 ph\u00e2n quy\u1ec1n (b\u1ea1n \u0111\u01b0\u1ee3c l\u00e0m g\u00ec?), l\u00e0 m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n. AWS cung c\u1ea5p gi\u1ea3i ph\u00e1p k\u1ebft h\u1ee3p gi\u1eefa Amazon Cognito cho...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/\" \/>\n<meta property=\"og:site_name\" content=\"CMC Telecom\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CMCTelecomOfficial\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-05T02:21:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"731\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"publisher-bot\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"publisher-bot\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/\"},\"author\":{\"name\":\"publisher-bot\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/person\\\/630c0582c38b5246ea44d055155d721e\"},\"headline\":\"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C\",\"datePublished\":\"2026-07-05T02:21:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/\"},\"wordCount\":2736,\"publisher\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg\",\"articleSection\":[\"Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/\",\"name\":\"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C | CMC Telecom\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg\",\"datePublished\":\"2026-07-05T02:21:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#primaryimage\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg\",\"contentUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg\",\"width\":1280,\"height\":731},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/05\\\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Trang ch\u1ee7\",\"item\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blogs\",\"item\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/en\\\/danh-muc-tin-tuc\\\/ctelers-blogs\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#website\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/\",\"name\":\"CMC Telecom\",\"description\":\"\u0110\u1ed1i t\u00e1c D\u1ecbch v\u1ee5 C\u1ea5p cao c\u1ee7a AWS t\u1ea1i Vi\u1ec7t Nam\",\"publisher\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#organization\"},\"alternateName\":\"AWS Advanced Partner in Vietnam\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#organization\",\"name\":\"CMC Telecom\",\"alternateName\":\"CMC Telecom\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/cmc-telecom-logo.png\",\"contentUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/cmc-telecom-logo.png\",\"width\":400,\"height\":96,\"caption\":\"CMC Telecom\"},\"image\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/CMCTelecomOfficial\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/person\\\/630c0582c38b5246ea44d055155d721e\",\"name\":\"publisher-bot\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g\",\"caption\":\"publisher-bot\"},\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/en\\\/author\\\/publisher-bot\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C | CMC Telecom","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/","og_locale":"en_US","og_type":"article","og_title":"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C | CMC Telecom","og_description":"Vi\u1ec7c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd cho \u1ee9ng d\u1ee5ng web hi\u1ec7n \u0111\u1ea1i, \u0111\u1eb7c bi\u1ec7t l\u00e0 x\u00e1c th\u1ef1c (b\u1ea1n l\u00e0 ai?) v\u00e0 ph\u00e2n quy\u1ec1n (b\u1ea1n \u0111\u01b0\u1ee3c l\u00e0m g\u00ec?), l\u00e0 m\u1ed9t th\u00e1ch th\u1ee9c l\u1edbn \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n. AWS cung c\u1ea5p gi\u1ea3i ph\u00e1p k\u1ebft h\u1ee3p gi\u1eefa Amazon Cognito cho...","og_url":"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/","og_site_name":"CMC Telecom","article_publisher":"https:\/\/www.facebook.com\/CMCTelecomOfficial","article_published_time":"2026-07-05T02:21:22+00:00","og_image":[{"width":1280,"height":731,"url":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg","type":"image\/jpeg"}],"author":"publisher-bot","twitter_card":"summary_large_image","twitter_misc":{"Written by":"publisher-bot","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#article","isPartOf":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/"},"author":{"name":"publisher-bot","@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/person\/630c0582c38b5246ea44d055155d721e"},"headline":"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C","datePublished":"2026-07-05T02:21:22+00:00","mainEntityOfPage":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/"},"wordCount":2736,"publisher":{"@id":"https:\/\/aws.cmctelecom.vn\/#organization"},"image":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#primaryimage"},"thumbnailUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg","articleSection":["Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/","url":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/","name":"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C | CMC Telecom","isPartOf":{"@id":"https:\/\/aws.cmctelecom.vn\/#website"},"primaryImageOfPage":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#primaryimage"},"image":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#primaryimage"},"thumbnailUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg","datePublished":"2026-07-05T02:21:22+00:00","breadcrumb":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#primaryimage","url":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg","contentUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/building-secure-b2c-applications-with-fine-grained-access-control-using-amazon-cognito-and-amazon-verified-permissions.thumbnail.jpg","width":1280,"height":731},{"@type":"BreadcrumbList","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/05\/amazon-cognito-va-verified-permissions-phan-quyen-truy-cap-chi-tiet-cho-ung\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Trang ch\u1ee7","item":"https:\/\/aws.cmctelecom.vn\/"},{"@type":"ListItem","position":2,"name":"Blogs","item":"https:\/\/aws.cmctelecom.vn\/en\/danh-muc-tin-tuc\/ctelers-blogs\/"},{"@type":"ListItem","position":3,"name":"Amazon Cognito v\u00e0 Verified Permissions: Ph\u00e2n quy\u1ec1n truy c\u1eadp chi ti\u1ebft cho \u1ee9ng d\u1ee5ng B2C"}]},{"@type":"WebSite","@id":"https:\/\/aws.cmctelecom.vn\/#website","url":"https:\/\/aws.cmctelecom.vn\/","name":"CMC Telecom","description":"CMC Telecom holds the position of a Advanced Tier Service Partner of AWS in Vietnam and has closely","publisher":{"@id":"https:\/\/aws.cmctelecom.vn\/#organization"},"alternateName":"AWS Advanced Partner in Vietnam","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/aws.cmctelecom.vn\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/aws.cmctelecom.vn\/#organization","name":"CMC Telecom","alternateName":"CMC Telecom","url":"https:\/\/aws.cmctelecom.vn\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/logo\/image\/","url":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2023\/07\/cmc-telecom-logo.png","contentUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2023\/07\/cmc-telecom-logo.png","width":400,"height":96,"caption":"CMC Telecom"},"image":{"@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CMCTelecomOfficial"]},{"@type":"Person","@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/person\/630c0582c38b5246ea44d055155d721e","name":"publisher-bot","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g","caption":"publisher-bot"},"url":"https:\/\/aws.cmctelecom.vn\/en\/author\/publisher-bot\/"}]}},"_links":{"self":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts\/66763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/comments?post=66763"}],"version-history":[{"count":2,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts\/66763\/revisions"}],"predecessor-version":[{"id":66892,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts\/66763\/revisions\/66892"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/media\/66758"}],"wp:attachment":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/media?parent=66763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/categories?post=66763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/tags?post=66763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}