Let’s prepare for the k9 Security Katas by finding and touring a k9 resource access inventory in Excel format.
The Excel report format (sample) is very useful for both the structured and ad-hoc analysis new users perform of their accounts.
k9 Security delivers access inventory reports to the S3 bucket created during setup.
k9 organizes reports in the bucket using a structure that looks like:
customers/{k9_customer_id}/reports/aws/{aws_account_id}/{year}/{month}/
Each element of the key path in {braces}
is replaced with the relevant information for a given report:
k9_customer_id
: your k9 customer id, e.g.C123456
aws_account_id
: the analyzed AWS account id, e.g.012345678912
year
: the year component of the analysis start time (UTC), e.g.2021
month
: the year component of the analysis start time (UTC), e.g.04
Two important things about time:
- k9 uses UTC time for all reports
- k9 starts analysis at
UTC-7
to maximize utility for daily analysis in North & South America.
So the Excel report generated on April 9th, 2021 at 07:28 UTC is stored at:
customers/C123456/reports/aws/012345678912/2021/04/resource-access-audit.2021-04-09-0712.xlsx
Now find and open an Excel formatted report for today.
When you open the spreadsheet, you will start at the ‘Audit Summary’ worksheet, which reports audit context and summary statistics:

The Excel report contains the following worksheets:
- Audit Summary: reports aggregate statistics about IAM principals
- Principals: Reports details of each IAM principal, when it was last used, its credentials, and tags
- Principal Access Summary: Reports each principals access capabilities to supported AWS APIs and data resources
- Resources: Details about each supported data resource, S3 buckets & KMS encryption keys
- Resource Access Summaries: A resource-oriented view of what access each principal has to data resources
- k9 Access Capability Mapping: the mapping of AWS API actions to k9 Access Capabilities used to generate the report
k9 delivers each analysis in three forms: xslx, csv, and json. These formats enable use by: people, SIEMs, and custom analysis tools.
If you have any trouble opening your reports or other questions, please contact [email protected]. We are happy to help.
Recent Comments