k9 Security can now notify you when IAM administrators change in your AWS accounts. Understanding and tracking who has IAM administrator access is hard. IAM is extremely flexible and customers change their AWS deployments constantly. k9 Security makes it easier to stay on top of things.

When you enable change analysis, k9 compares the current set IAM administrators to the previous day’s report. k9 notifies you when AWS IAM administrators change by sending an email to the notifications email address you have configured.

This notification shows a new IAM role with IAM administration capabilities provisioned by AWS SSO:

An AWS IAM administrators change notification email containing:
* added and removed IAM admin principals
* recommendations
* resources
IAM administrator change notification email

The notification contains:

  • Change summary with list of added and removed IAM administrators
  • Recommendations for what the recipient should do, e.g. Security Operations Center
  • Links to additional resources such as the k9 Security Kata for reviewing IAM administrators
  • An offer to contact k9 Support with questions or help with recommendations

The email notification can be filtered and ingested automatically into issue tracking systems such as JIRA. Once in an issue tracking system, SOC or Cloud Security teams triage the administrator change and follow-up.

We hope k9’s new IAM administrator change analysis capabilities help you keep on top of who has control of your AWS accounts. To use this change notification capability, contact [email protected]. We’ll set you up and verify email delivery.