Docs

Getting Started

• How k9 Works
• How To Configure k9 Access To AWS Accounts
• The Value of k9 Security
• How k9 simplifies AWS IAM for the entire team
• How k9 relates to AWS security services
• AWS service support matrix & roadmap
• AWS security policies analyzed by k9 Security
• Learn how to use k9 with the k9 Security Katas
• IAM Song: 🎵 Keys to the Cloud🎵
• Frequently Asked Questions

Cloud Architecture, Security, and Governance

• The k9 Access Capability Model
• The 6 Pillars to Scale AWS Cloud Security
• How to Organize Cloud Accounts for AWS, GCP, and Azure
• Continuous security policy engineering
• Guide to Tagging Cloud Deployments

AWS Security Architecture and Engineering

• AWS Identity health checks
• Why good AWS security policies are so difficult
• What is Cloud Infrastructure Entitlement Management (CIEM)?
• What is a Cloud Access Management Toolkit (CAMT)?
• How to create a secure S3 bucket policy
• Cloud Pattern: Secure Inbox using S3 and KMS
• Debugging AccessDenied in AWS IAM
• Test an S3 Bucket Policy using IAM Simulator
• AWS KMS Key Scope Guide
• Secure data in AWS with Key Management Service
• Send a message to encrypted SQS queue in another AWS account in same organizational unit
• Simplify and scale AWS data security (webinar)
• AWS IAM Interview Questions

AWS Governance and Compliance

• Audit IAM access in an AWS account with k9

Infrastructure Code Libraries

The k9 Security infrastructure code libraries are open source and freely available in the k9securityio organization on GitHub.  These libraries implement secure policies using k9’s access capability and tagging models.  Professional support for these libraries and prioritized enhancement are included when you subscribe to the k9 access analysis service.

Terraform

All k9 Security’s modules are available in the Terraform Registry.

• terraform-local-context – A Terraform module to capture the context your team needs to manage, operate, and secure resources on any Cloud.
• terraform-aws-s3-bucket – Provision AWS S3 buckets safely with least privilege access and comprehensive tagging using Terraform.
• terraform-aws-kms-key – Provision AWS KMS keys safely with least privilege access and comprehensive tagging using Terraform.

 

AWS Cloud Development Kit (CDK)
The k9-cdk helps you provision best practice AWS security policies defined using the simplified k9 access capability model and safe defaults. In CDK terms, this library provides Curated (L2) constructs that wrap core CloudFormation resources (L1) to simplify security.

Currently the k9-cdk supports:

• AWS Resources: S3 Bucket Policies, KMS Key Policies
• Languages: TypeScript, (next) Python

The k9-cdk is distributed on:

• NPM: @k9securityio/k9-cdk

General

• Legal Agreements and Commitments