Go Fast, Safely

Protect data in AWS, quickly and confidently.  Cloud teams improve security policies and accelerate delivery processes with our usable automation and audit tools.

Finally understand who has access to your data in AWS and what they could steal or destroy

Easily define and deploy secure policies through your infrastructure code pipelines


Good AWS Security is Too Difficult

Complex AWS Security Model

Nobody understands how all the security policies fit together.

AWS policy evaluation is very complex.  Five kinds of policy, +6000 API actions, and frequent changes with new services and actions launching daily.

Changing Application Architectures

Cloud applications are deployed differently.

Applications restructure when they move to the Cloud.  Each application component gets an identity. Access controls migrate from the network layer to the application identity.

Increasing Rate Of Change

Applications and their infrastructure are changing faster than ever. Continuous Delivery and Infrastructure as Code can deliver multiple security changes per week, day, or hour.

Security policies are hard to get right and difficult to validate (details). Traditional policy engineering and review processes overload Cloud security experts and delay projects.  Nevermind there are 10x more IAM principals and changes than a traditional datacenter.

Custom security policy creation doesn’t scale. 

Deliver security, simply


Use a simple language so everyone understands what each principal should and actually can do with data and APIs in AWS

The k9 Access Capability and Tagging models provide a cohesive foundation that spans your delivery process and:

  • Reduces confusion within customer teams when discussing security controls and audit results
  • Accelerates and derisks path to secure deployments


Improve security policies easily and scalably with infrastructure automation libraries and expert support.

  • Code the access you intend and generate robust security policies within Terraform delivery pipelines
  • Improve security policies continuously with simple, periodic reviews of actual access and policy automation updates
  • Access AWS security policy engineering experts on-demand or extend your team




Audit and report the effective access of each IAM principal whenever you want.

  • Comprehensive and correct access report that is simple for everyone to understand, delivered daily
  • Reports produced in JSON and Excel formats integrate with existing tools and analysis processes
  • Customer data encrypted with customer encryption key

Usable AWS Security

Continuously review and improve security policies — without overloading experts.

Robust Policy Automation

Improve your security policies by using k9's infrastructure automation libraries to specify your intended access clearly and let k9 take care of generating a least privilege security policy.  See k9 Security's Terraform libraries on GitHub.

Least privilege access policy? ✓ Done.

Code review? ✓ Done.

Simple Daily Reporting

k9 assesses access granted by your AWS security policies nightly, and publishes a report to your own secure inbox in S3. 

Pivot, filter, slice, and dice with tools and data you already use.

Load the JSON format into your SIEM for monitoring. Use the Excel format (sample) for quick, interactive analysis.

Certified 3rd party access audit? ✓ Done.

Audit IAM for unused principals: ✓ Done.

Supported Services: IAM, STS, KMS, S3, RDS, DynamoDB, Redshift, and more

Who has access to what data? Really.

k9 tells you exactly what AWS permissions allow today and every day.

k9 dynamically determines who has access using AWS IAM APIs and summarizes that into actionable information (details).  Analysis includes Service Control, IAM, and Resource policies.

This is not a static analysis of IAM policy or summary of yesterday's CloudTrail events.

Get Started

Our simple setup process will have you up and improving quickly (hours, not weeks).




Subscribe to k9 Security inAWS Marketplace

configure access

Configure k9 access to your AWS accounts quickly with our simple process.


Daily assessments of your accounts are delivered to your secure inbox (S3 bucket).

Improve Policies

Use k9 access reports,  automation libraries, and pro support to improve security.

Ready To Get Started?