k9 Security Pricing

Scale IAM without adding to your headcount

Save on hiring new security specialists or overloading your existing ones by enabling your entire team to understand and secure IAM quickly.

Monitor all your accounts in only 45 minutes!

View More Team Plan Features
  • Prove your cloud deployments are secure to Security & Compliance
  • Support on-boarding and analyzing IAM reports with the Katas
  • Secure 3 IAM identity, bucket, or key policies during on-boarding
  • Per-Account limits: 100 IAM users, 400 IAM roles, 100 S3 buckets, 35 KMS keys, 10 RDS clusters, 10 DynamoDB tables
  • Purchase in AWS Marketplace for easy billing thru AWS 
  • Deploy with CloudFormation in less than an hour
  • 🎉 Bonus: Pre-built k9 dashboards for Splunk & Datadog
  • 🎉 Bonus: Level-up your team with the Effective IAM book & masterclass
View More Enterprise Plan Features
  • Quarterly access review with your team
  • Enhancements to k9 infrastructure code libraries
  • Improve security policies rapidly with an AWS security policy overhaul (optional)
  • Purchase annually via PO with flexible invoicing

Trusted by people who know security.

IAM is hard. As a founder, k9 helps me to stick to the least privilege principle for my product and alerts me of any drift or overprivileged assets. As an AWS Security Consultant, it gives me deep insights into my customer environments and current IAM security posture. Try k9 and see how it can help your team scale IAM in your organization.

Victor Grenu

Senior AWS Architect & Security Specialist

Integrate security into delivery today and everyday.

Hiring more experts won’t automatically fix your IAM issues. In fact, you’ll just be adding more bodies to a broken system. With k9 as your security companion, your whole team will be empowered with the tools and information to understand and remediate effective access.

Save Time

Even if you hire a new expert, it will still take time to assess access and rewrite policies – policies that (probably) still permit unintended access. With our free trial, you will see the value of being able to get policies right the first time.

Save Money

For $3/day per AWS account you can have better security than if you spent $100,000+ hiring a new expert. And your whole team will have the knowledge and ability to find and fix excess permissions in your accounts. 

Scale Confidently

As production and delivery increase, rogue access to critical data opens the door for catastrophic events. With k9, you always know who has access to data and will be alerted of any changes. 

Still not sure if k9 is perfect for your cloud team?

See how k9 can help you simplify and scale security in a private demo

* If you use k9 and its processes for one month and aren’t able to find critical problems and craft a plan to fix them with our help, we’ll refund your money and donate $500 to the Electronic Frontier Foundation.

You will receive:

One hour of free Cloud Security advisory

Detailed IAM improvement plan outline

Free Copy of the Effective IAM for AWS ebook

Q: Where does my bill go?

… and other frequently asked questions

Is this just another pane of glass?

No, k9 is not just another pane of glass. k9 security makes your existing analysis and alerting systems better by telling you who has access to APIs and critical AWS data in a way that is simple for people to understand and designed to be joined to your existing data sources and analysis workflows (Splunk, Datadog, Athena / QuickSight, etc.)

What is a CIEM?

According to Gartner: “Cloud infrastructure entitlement management (CIEM) offerings are specialized identity-centric SaaS solutions focused on managing cloud access risk via administration-time controls for the governance of entitlements in hybrid and multi-cloud IaaS. They typically use analytics, machine learning (ML), and other methods to detect anomalies in account entitlements, like accumulation of privileges, dormant and unnecessary entitlements. CIEM ideally provides remediation and enforcement of least privilege approaches.”

The goal of our CIEM is to give customers better visibility of current policies, alert them when access has changed and provide engineers with the necessay resources to continuously deliver effective, least-privilege policies.

How does k9 differ from other CIEM solutions?
Many of the products sold by Security companies don’t work in practice because they don’t scale with modern delivery methods. K9 security was built specifically with Devops in mind. 
We help customers secure their AWS applications and data with security best practices delivered continuously with automation.  We help cloud teams create security operations processes that scale across the organization and its work management systems.
Simultaneously, we:
  • eliminate or greatly reduce load/reliance on Cloud Security specialists
  • reduce the cost of Security and risk of breaches
Are k9 Security's infrastructure code libraries free?

Yes. The k9 Security infrastructure code libraries are provided free of charge according to the Apache 2.0 license.  You may use them in accordance with that license.  If you have any questions or need to make another arrangement, please contact 

Does k9 Security help organizations without deep expertise in AWS security tools and services?

Yes! k9 Security is absolutely designed for organizations without deep expertise in AWS security and for organizations that need to simplify and scale out their security program.

How do I cancel monitoring for an account?

Customers can cancel monitoring of an AWS account at any time by removing the k9-auditor CloudFormation stack in that account.

Does k9 analyze access to IAM roles across accounts?

Yes. k9 analyzes and reports external access across accounts to IAM roles in your AWS account. AWS Access Analyzer must be enabled in the monitored account (free).

k9 also reports internal access to IAM roles by other IAM users and roles within the account.

Does k9 suggest improvements to existing policies? For example, AWS CloudTrail and AWS Access Analyzer helps organizations understand what AWS APIs principals are using.

k9 advocates application and cloud teams declaring a minimal set of intended access capabilities using the k9 infrastructure code libraries. Then the library can generate minimized policies for engineers.

Can we use k9’s infrastructure code libraries independently of the SaaS monitoring service?

Yes! The k9 Terraform and CDK infrastructure code libraries are free to use and licensed as Apache2. k9 assists customer adoption of our infra code libraries, and the benefit of many years of experience helping teams migrate to and operate in AWS securely, including major banking operations.

k9 analysis services are delivered as a SaaS and procured via AWS marketplace so that you can easily add monitoring for AWS accounts as you need it – one at a time or the entire org. Add Enterprise professional services to a SaaS subscription to accelerate security architecture, policy development, or overhauling the security policies for an entire account.

How does k9 help Enterprises using on-premise identities and security policies managed via SSO?

k9 helps Enterprises access review for identities managed outside of AWS by simplifying several common jobs:

  • Identify privileged principals easily for monitoring and alerting
  • Identify unused principals for cleanup by identifying when it was last used (across console, api key, assume role)
  • Report access in a form that can be joined with logs from your Identity Provider or Cloudtrail in your existing SIEM to show, e.g. what access ActiveDirectory users/groups have – happy to work with you on this.
  • Identify who has access to critical or confidential data

Ready To Take Control Of AWS IAM?

Stop settling for poor security posture. Join the forward-thinking cloud teams who are harnessing the power of AWS IAM at scale.