Now k9 Security resolves the account owners for external access from well-known accounts, providing greater clarity and context to your AWS resource access reports. This update simplifies how security teams identify and understand external access to their AWS resources.
Intelligent Account Owner Resolution
Previously, when k9 reported access to a resource by an external principal (account, role, user), the Principal Name column remained empty. Having only an account number in the Principal ARN presents a challenge for cloud security teams trying to quickly identify and understand who is accessing their resources.
k9 now resolves known AWS accounts to friendly owner names like Datadog, k9 Security, or AWS Support, dramatically improving the readability and actionability of your access reports.
This enhancement leverages our curated database of over 100 known organizations and more than 275 accounts to automatically identify external principals in your AWS environment.
Our database is derived from the community-built fwdcloudsec/known_aws_accounts repository, where we’ve contributed a verification script.
How External Principal Names Work
The general format of the principal name is:
external:{org_name}:{principal_specific_identifier}
When the organization name is unknown, the org_name field remains blank, maintaining consistency while highlighting unidentified external access. Note: k9 Security does not (yet) resolve access by other accounts in the k9 customer’s AWS organization to the owning organization name.
Key Use Cases and Formats
Here’s how the external principal names look for key use cases:
- Access by any principal:
- format:
external::* - example:
external::*
- format:
- Access by known account:
- format:
external:{org_name}:{account number} - example:
external:Datadog:464622532012
- format:
- Access by IAM role in known account:
- format:
external:{org_name}:{role_name} - example:
external:k9 Security:k9-backend-prod
- format:
- Access by unknown account:
- format: <same as for known account>
- example:
external::398997493752
- Access by IAM role in unknown account:
- format: <same as for known role>
- example:
external::ci
Advancing AWS Access Governance
This enhancement represents our continued commitment to providing cloud and security teams with actionable intelligence about their AWS environments. By reducing the cognitive load of interpreting access reports, cloud and security engineers can focus on what matters most: securing their infrastructure and responding to genuine threats.
Security Benefits and Impact
- Faster Incident Response: Quickly identify whether external access comes from legitimate vendors or unknown entities, reducing mean time to resolution for security incidents.
- Improved Access Reviews: Security teams can now efficiently review external access during regular audits, focusing attention on unrecognized accounts while fast-tracking known, approved services.
- Enhanced Threat Detection: Unknown external principals stand out clearly, making it easier to spot potential unauthorized access or compromised credentials.
- Streamlined Compliance: Demonstrate clear visibility into external access patterns for audit and compliance requirements with human-readable principal names.
Get Started Today
Ready to experience the clarity of resolved account owners in your AWS access reports? This enhancement is available immediately for all k9 Security customers.
New to k9 Security? Get started with k9 for free and see how we can help you gain complete visibility into your AWS resource access.
Existing customer? Your next report will automatically include resolved principal names. Have questions or want to discuss additional external principals for resolution? Reach out directly to [email protected]
Recent Comments