AWS security policies analyzed by k9 Security

Evaluating the Effects of AWS Security Policies

Evaluating the effects of AWS security policies is hard. Each of the five types of security policy are integrated into the access decision making process. This is not simple to understand or evaluate.

And depending on where you define policies, engineers may have to account for many policies, defined in many places.

However, k9 Security can help.

k9 Security evaluates all of the policies defined in your AWS account to evaluate each principal’s access to AWS APIs and resources:

• Service Control policies
• Identity policies attached to an IAM role, user, or group, both managed and inline
• Permission Boundary policies attached to an IAM role or user
• Resource policies attached to a resource like an S3 bucket or KMS key (unless we’re not allowed to read it)

Note: k9 does not evaluate Session policies because those are created by the AWS client and are not defined within the account.

So engineers can understand effective access easily and actually start achieving least privilege today.

For more information about how AWS Security policies are evaluated and why this makes IAM so complicated, check out Chapter 2 of Effective IAM for AWS (free download below).

And if you want to talk with an expert about simplifying and scaling AWS IAM security, please contact us!

Learn more about scaling AWS IAM by downloading this free eBook!