Cloud teams struggle to secure data in AWS when they do not have simple infrastructure code libraries built for continuous delivery. So today we are releasing k9-cdk for CDKv2 which helps you provision best practice AWS security policies easily within your existing delivery pipeline. This release complements k9 Security’s existing commitment to k9-cdk for CDKv1.

k9 Security’s infrastructure code libraries make it easy for Cloud, Site Reliability, and Application Engineers to declare the access to data they intend, then the library takes care of the rest.

Engineers declare intended access for IAM principals using the simplified k9 access capability model instead of hundreds of API actions. The library generates strong resource policies for S3 buckets and KMS encryption keys. k9 resource policies implement least privilege and best practices like requiring encryption. So your data is secured on every deploy.

Cvent is an early adopter of CDK and constantly looking for ways to implement real least privilege access across our platform. k9-cdk has allowed Cvent to integrate an easy-to-understand CDK API into our internal delivery framework that the entire company can leverage and trust.

Brent Ryan, VP of Engineering, Cvent

The k9-cdk for CDKv2 release is available for TypeScript on:

Use the @k9securityio/k9-cdk package, version 2.0.4 or later.

The k9-cdk README and example app contain full examples of using the library.

Code sample showing usage of the library to secure an S3 bucket.

See README for full sample:
Secure S3 bucket policy with k9-cdk v2

We hope k9-cdk helps you secure data in AWS and help your team go fast, safely. If you have any questions about k9-cdk or AWS IAM, please reach out to [email protected].