k9 Security Blog
Secure your cloud infrastructure quickly and confidently
Effective IAM News – 2025-05-02
PowerUserAccess: The Hidden Path to Admin Control Ever wonder how attackers see the AWS permissions you grant? This week, we gain a critical perspective from the trenches with PowerUserAccess vs. AdministratorAccess from an attacker's perspective by Eduard Agavriloae,...
Effective IAM News – 2025-04-18
If you're responsible for securing Azure, you should know about Azure's Apex Permissions: Elevate Access & The Logs Security Teams Overlook because it exposes a critical security blindspot affecting virtually every Azure environment. Nathan Eades and the Permiso...
Effective IAM News – 2025-04-04
This Week’s Featured IAM Resource This week we are highlighting The Director's Guide: IAM Security at Scale by Kyle Chrzanowski (Mandiant | Google Cloud) because it offers a concise, implementation-focused guide to architecting IAM at scale. The article defines...
Effective IAM News – 2025-03-21
Welcome to The Effective IAM Newsletter! Our mission is simple: curate high-impact resources that address real-world cloud IAM challenges for busy security professionals. Each edition features an industry trend, expert insight, or practical tool that you can use. You...
Scaling IAM Security For Major Cloud Platforms: Insights from the ScaleToZero Podcast
In a recent episode of the ScaleToZero podcast powered by Cloudanix, k9 Security’s founder, Stephen Kuenzli, broke down one of the most persistent challenges in cloud security: how to scale identity and access management (IAM) in large, fast-moving engineering...
k9 Security Now Resolves Well-Known AWS Account Owners for Enhanced Visibility
k9 Security now resolves well-known AWS account owners like Datadog and AWS Support in external access reports. Enhanced visibility helps security teams quickly identify legitimate vendors vs. unknown entities, improving incident response and access governance.
Top 5 Open-Source Cloud Security Tools You Need to Know in 2025
In today’s rapidly evolving cloud landscape, security teams face the challenge of protecting increasingly complex environments without expanding their budgets. This guide highlights five powerful open-source cloud security tools that provide enterprise-grade protection without the price tag. From Prowler’s multi-cloud compliance auditing to Falco’s real-time threat detection, these solutions help security professionals identify vulnerabilities, enforce policies, and respond to incidents across AWS, Azure, and GCP environments. Whether you’re starting your cloud security journey or looking to enhance your existing toolset, these free, community-supported tools deliver immediate value while integrating seamlessly into modern DevSecOps workflows.
Generate least-privilege SQS resource policies with k9-cdk
k9-cdk now supports fine-grained access control for Amazon SQS queues in CDK v2. Learn how to secure your messaging infrastructure using our simplified security model for S3, KMS, DynamoDB, and SQS resources.
Generate least-privilege DynamoDB resource policies with k9-cdk
The k9-cdk now supports generating least-privilege resource policies for Amazon DynamoDB tables, indices, and streams. This addition complements existing S3 and KMS capabilities, bringing simplified security to DynamoDB resources managed by AWS CDK infrastructure code.
k9 now reports entitlements to Amazon Bedrock APIs
k9 Security now reports IAM principals’ access entitlements to the Amazon Bedrock APIs, which manages generative AI in your account. k9 reports whether IAM principals may administer, change, or read AI data resources and services so that you can govern access to AI services and reduce risks to your data and AI models.
Get k9 News
Get k9 Security technical articles & release updates, at most weekly.