Supported Services

k9 reports access to an ever-growing set of AWS security, data, and compute services. This document helps customers understand k9’s current and planned coverage for AWS services and resources.

AWS Service Support Matrix

This service support matrix describes which AWS services k9 supports and the current level of that support to help you determine how your use cases are covered:

Service Name API Name(s) Service Access Resource Access
Security Services
Account account N/A
CloudTrail cloudtrail N/A
Identity & Access Management (IAM) iam N/A
Security Token Service (STS) sts

Access to all IAM roles with a trust policy is reported, both internal and external access (cross-account).

Key Management Service (KMS) kms
Resource Access Manager ram N/A
Secrets Manager secretsmanager Possible
Management Services
Systems Management ssm Possible
Data Services
Athena athena Possible
Simple Storage Service (S3) s3
DynamoDB (DDB)
DynamoDB Accelerator
DynamoDB Streams
Elastic File System elasticfilesystem
Relational Database Service (RDS) rds
Redshift redshift Possible
Elastic Map Reduce (EMR) elasticmapreduce Possible
Simple Queue Service (SQS) sqs Possible
Kinesis Analytics
Elastic Container Registry (ECR) ecr Planned 2023
Compute Services
Elastic Compute Cloud (EC2) ec2 N/A
Elastic Container Service (ECS) ecs N/A
Elastic Kubernetes Service eks N/A
Lambda lambda Possible

k9 analyzes access of an IAM user or role (principal) at two levels.

First, k9 reports whether an IAM principal is allowed to invoke a service’s actions irrespective of a particular resource. This is called service access.  For example, an IAM role may have access to invoke S3 API write actions.

Second, k9 reports whether an IAM principal is allowed to invoke a service’s actions for a particular resource.  This is called resource access.  For example, an IAM role has access to invoke S3 write API actions on the sensitive-data bucket. When k9 reports resource level access, resource policies are included in the analysis of that access when the service supports resource policies (e.g. S3, KMS, SQS).


k9 expands AWS service coverage regularly and plans to support support the following services soon:

Service Name API Name(s) Service Access Resource Access


The k9 service coverage matrix and roadmap helps customers understand what k9 analyzes access to now and in the near future.

If a service that is important to you is not on our roadmap, please let us know. We’d love to understand your use cases and urgency so that we can prioritize coverage on the roadmap.

Contact Us

Please contact us with questions or comments. We’d love to discuss AWS security with you.