They say the only sure things in life are death and taxes. But I’ll add two more:
- AWS IAM is hard
- k9 Security is making AWS IAM usable (and it’s working!)
k9 Security grew a lot in 2021 to help its customers improve and operationalize AWS IAM security.
Customers successfully secured their AWS accounts by:
- removing unexpected IAM admins
- restricting access to sensitive data
- removing unused IAM users and roles
- right-sizing access to AWS APIs
Here are the highlights of how that happened:
Monitoring 10x more
k9 Security monitors 10x more resources in customer AWS accounts than a year ago:
- +20k IAM users & roles
- +5k S3 buckets, KMS keys, RDS databases
Guided by customer requests, we increased the breadth and depth of analyzed AWS services to 21 (service support matrix), thousands of principals in an account, and hundreds of specific S3, KMS, RDS, and DynamoDB resources.
Collaborating with customers
Collaborating with customers helped us optimize AWS IAM access review and monitoring with k9.
That produced many small access report UX improvements add up to a lot. For example, everyone wants to know who the IAM administrators are. So k9 now reports who the admins are directly and can alert you to changes via email.
We created simple processes, the k9 Security Katas, so that any cloud or security team member can review IAM quickly and accurately.
Customers asked for external access integrated into access assessments, so we integrated AWS access analyzer’s information and normalized it to the k9 access capability model. That provides consistent and simple reporting of both internal and external access.
Finally, we worked closely with customers to enhance k9’s infrastructure code automation libraries and support their needs. In particular, we created k9-cdk to help customers secure data in any CDK application. Then we helped them integrate k9-cdk into their delivery pipelines.
Educating how to secure IAM
To help Cloud engineers secure AWS IAM, k9 Security founder Stephen Kuenzli wrote Effective IAM for AWS. The book is available for free on the web. (Questions? We’re happy to discuss IAM with you any time.)
Customer teams are building their AWS IAM skills with Master AWS IAM workshops. In those workshop sessions, we discuss each chapter of Effective IAM and dig into questions engineers have about their own environment.
The plan for 2022
This year, k9 Security became a full AWS Partner, will expand access analysis capabilities, and build out infra code libraries.
We’d love to hear what AWS security problems you’re trying to solve and help out.
Contact us at [email protected] any time.