Find and fix excess AWS IAM privileges

Deliver your apps securely with usable automation and insightful audits. Today.

Continuous Security with k9
Understand the access apps & people have and what could be stolen or destroyed

Deploy secure IAM policies with your infrastructure code pipelines

Fix excess IAM permissions without overloading experts

The quality and depth of expertise demonstrated by K9 security is unparalleled in the industry.  K9 has helped advise our AWS IAM strategy and guide a successful implementation of secure identity management that eliminates excess IAM permissions.

Lucas LaFrance

VP of Security, PlanetArt

AWS Partner Network

Deliver security, simply

Simplify

Analyze your actual & desired IAM access in terms everyone can understand.

 

  • Reduce confusion within customer teams when discussing security controls and audit results
  • Declare desired access in the same terms access is audited
  • Accelerate path to secure deployments

Secure

Improve your security policies easily with usable infrastructure code libraries and expert support.

 

  • Review actual access, then improve
  • Declare intended access then generate robust security policies with Terraform & CDK
  • Access AWS IAM policy experts on-demand
N

Audit

Audit the effective access of each IAM principal whenever you want.

 

  • Operationalize IAM review
  • Comprehensive access report everyone understands, delivered daily
  • Reports formatted in JSON, CSV, and Excel formats integrate with existing tools and analysis processes

USABLE AWS SECURITY

Continuously review and improve your security policies — without overloading experts.

Operationalize AWS IAM security review and improvement with k9’s access monitoring service:

  1. Review access reports using the k9 Security Katas and identify issues
  2. Remediate access issues by cleaning up principals and using the k9 secure policy generators
  3. Repeat

Customers often find in their production accounts:

+5

Unexpected IAM admins

1/3

Unused IAM Principals

+100

Access gaps to critical data and keys

Then they secure IAM.

Simple Daily Reporting

k9 analyzes access granted by your AWS security policies nightly, then publishes an actionable report to your own S3 bucket.

Pivot, filter, slice, and dice with tools and data you already use.

Use the Excel format (sample) for quick, interactive analysis:

k9 Principals View showing whether an IAM principal is an admin and when it was last used.

Scale access monitoring with pre-built dashboards for Splunk & Datadog.

Use the certified 3rd party IAM access report to audit:

✅  IAM administrators

✅  Unused IAM users and roles

✅  Access to critical data sources, keys, and IAM roles

✅  IAM user passwords and API access keys

✅  Access to AWS service APIs

Supported Services: IAM, STS, KMS, S3, RDS, DynamoDB, Redshift, and more (1375+ AWS API Actions)

Secure Policy Automation

Secure your data with security policies generated by k9's usable infrastructure automation libraries.  Built for continuous delivery.  Specify your intended access  in simple language and let k9 generate a least privilege security policy.  See k9 Security's Terraform & CDK libraries on GitHub for S3 buckets and KMS encryption keys.

✅  Least privilege access policy

✅  Code review

Who has access to what data? Really. (sample)

k9 tells you exactly what AWS permissions allow today and every day.

k9 determines who has access with the AWS IAM simulation APIs. k9 summarizes that into actionable reports (details).  Analysis includes Service Control, IAM, and Resource policies.

This is not a static analysis of IAM policy or summary of yesterday's CloudTrail events. (k9 reports what IAM users and roles could do with AWS APIs and data.)

Now you can "unit test" all of your AWS security policies, even in production.

Start finding & fixing issues quickly (hours, not weeks)

 

Z

Subscribe

Subscribe to k9 Security inAWS Marketplace

configure access

Configure k9 access to your AWS accounts in less than 30 minutes with our simple automation.

Audit

Audit access assessments of your accounts delivered daily to your secure inbox (S3 bucket).

Improve Policies

Use k9 access reports,  automation libraries, and pro support to improve security.

Ready To Get Started?