Secure AWS IAM without overloading experts

Deliver apps securely with usable automation and insightful audits. Today.

Continuous Security with k9

Understand the access apps & people have and what could be stolen or destroyed

Deploy secure IAM policies with your infrastructure code pipelines

Improve access granted by AWS IAM without overloading experts

Summarizing access so customers can focus on improvement

IAM users & roles

Buckets & Keys

AWS Security is Too Difficult

Complex AWS Security Model

Nobody understands how all the security policies fit together (details)

Even experts make mistakes

Changing Application Architectures

Cloud applications are deployed differently

+3x more identities

Increasing Rate Of Change

Applications and their infrastructure are changing faster than ever

+3x more changes to review

Custom security policy creation & manual audit doesn’t scale. 

Deliver security, simply


Analyze identities actual and desired access in terms everyone can understand, k9 Access Capabilities (details).


  • Reduce confusion within customer teams when discussing security controls and audit results
  • Declare desired access in the same terms access is audited
  • Accelerate path to secure deployments


Improve security policies easily and scalably with infrastructure automation libraries and expert support.

  • Code the access you intend and generate robust security policies with Terraform & CDK
  • Improve security policies continuously with simple, periodic reviews of actual access and policy automation updates
  • Access AWS security policy engineering experts on-demand or extend your team


Audit and report the effective access of each IAM principal whenever you want.


  • Comprehensive access report everyone understands, delivered daily
  • Reports formatted in JSON, CSV, and Excel formats integrate with existing tools and analysis processes
  • Customer data encrypted with customer encryption key


Continuously review and improve security policies — without overloading experts.

Operationalize AWS IAM security review and improvement with k9’s access monitoring service:

  1. Review access reports using the k9 Security Katas and identify issues
  2. Remediate access issues by cleaning up principals and using the k9 secure policy generators
  3. Repeat

Customers often find in production accounts:


Unexpected IAM admins


Unused IAM Principals


Access gaps to critical data and keys

Then they secure IAM.

Simple Daily Reporting

k9 assesses access granted by your AWS security policies nightly, and publishes a report to your own secure inbox in S3. 

Pivot, filter, slice, and dice with tools and data you already use.

Use the Excel format (sample) for quick, interactive analysis. Load the CSV or JSON format into your SIEM for monitoring.

Certified 3rd party access audit? ✓ Done.

Audit IAM administrators: ✓ Done.

Audit IAM for unused principals: ✓ Done.

Audit access to critical data sources & keys: ✓ Done.

Supported Services: IAM, STS, KMS, S3, RDS, DynamoDB, Redshift, and more (1375 AWS API Actions)

Who has access to what data? Really.

k9 tells you exactly what AWS permissions allow today and every day.

k9 dynamically determines who has access using AWS IAM APIs. k9 summarizes that into actionable reports (details).  Analysis includes Service Control, IAM, and Resource policies.

This is not a static analysis of IAM policy or summary of yesterday's CloudTrail events.

Robust Policy Automation

Improve your security policies by using k9's infrastructure automation libraries to specify your intended access clearly and let k9 take care of generating a least privilege security policy.  See k9 Security's Terraform libraries on GitHub.

Least privilege access policy? ✓ Done.

Code review? ✓ Done.


Our simple setup process will have you up and improving quickly (hours, not weeks).




Subscribe to k9 Security inAWS Marketplace

configure access

Configure k9 access to your AWS accounts in less than 30 minutes with our simple automation.


Audit access assessments of your accounts delivered daily to your secure inbox (S3 bucket).

Improve Policies

Use k9 access reports,  automation libraries, and pro support to improve security.

Ready To Get Started?