Find and fix excess IAM permissions

Control access to AWS APIs and data with usable automation and insightful audits built for continuous delivery. Today.

Continuous Security with k9

The quality and depth of expertise demonstrated by K9 security is unparalleled in the industry.  K9 has helped advise our AWS IAM strategy and guide a successful implementation of secure identity management that eliminates excess IAM permissions.

Lucas LaFrance

VP of Security, PlanetArt

AWS Partner Network
AWS Marketplace (logo)

Protect critical AWS APIs and customer data

k9 Security helps Cloud teams reduce the risk of accidents and data breaches with usable security automation and access reporting.

Simplify IAM

Simplify IAM so your whole team understands desired & actual access.

95% less time spent on IAM


Secure APIs & data

Increase your security easily with usable infrastructure code and expert support.

Production-ready Terraform & CDK


Audit access

Audit the access each IAM principal actually has whenever you want.  No experts required.

5 optimized audit processes

The simplest & most scalable way of understanding AWS IAM permissions.

IAM users & roles

Buckets, Keys, & DBs

How k9 Security works

k9 Security shows your engineers the access each IAM user and role has to critical AWS services and data.  Now you can test your security policies.  Then your engineers can use k9’s infrastructure code libraries to right-size access and secure data quickly.

Operationalize AWS IAM security review and improvement with k9’s access monitoring service:

  1. Review access reports using the k9 Security Katas and identify issues
  2. Remediate access issues by cleaning up principals and using the k9 secure policy generators
  3. Repeat

Customers find critical issues in their production accounts:


Unexpected IAM admins


Unused IAM Principals


Access gaps to critical data and keys

Then they secure IAM.

Simple Daily Reporting

k9 analyzes access granted by your AWS security policies nightly, then publishes an actionable report to your own S3 bucket.

Pivot, filter, slice, and dice with tools and data you already use.

Use the Excel format (sample) for quick, interactive analysis. Load the CSV into your SIEM (Splunk, Datadog) for monitoring.

k9 Principals View showing whether an IAM principal is an admin and when it was last used.

Use the certified 3rd party IAM access report to audit:

✅  IAM administrators

✅  Unused IAM users and roles

✅  Access to critical data sources, keys, and IAM roles

✅  IAM user passwords and API access keys

✅  Access to AWS service APIs

Supported Services: IAM, STS, KMS, S3, RDS, DynamoDB, Redshift, and more (1375+ AWS API Actions)

Who has access to what data? Really. (sample)

k9 tells you exactly what AWS permissions allow today and every day.

k9 determines who has access with the AWS IAM simulation APIs. k9 summarizes that into actionable reports (details).  Analysis includes Service Control, IAM, and Resource policies.

This is not a static analysis of IAM policy or summary of yesterday's CloudTrail events. (k9 reports what IAM users and roles could do with AWS APIs and data.)

Now you can "unit test" all of your AWS security policies, even in production.

Secure Policy Automation

Secure your data with security policies generated by k9's usable infrastructure automation libraries.  Built for continuous delivery.  Specify your intended access  in simple language and let k9 generate a least privilege security policy.  See k9 Security's Terraform & CDK libraries on GitHub.

✅  Least privilege access policy

✅  Code review

Next steps

k9 Security simplifies cloud security with usable access monitoring and policy automation.  Get started for free, and pay only for what you use.