Actually Secure AWS IAM
Deliver apps securely with usable automation and insightful audits. Today.
Integrate security into continuous delivery with k9’s IAM access monitoring service and secure policy generators.
Finally understand the access apps & people have and what could be stolen or destroyed
Easily define & deploy secure IAM policies with your infrastructure code pipelines
Continuously monitor & improve access granted by AWS IAM without overloading experts
AWS Security is Too Difficult
Complex AWS Security Model
Nobody understands how all the security policies fit together.
Security policies are hard to get right and difficult to validate (details). Five kinds of policy, +6000 API actions, and frequent API additions.
Even experts make mistakes
Changing Application Architectures
Cloud applications are deployed differently
Applications restructure and each app component gets an identity. Access controls migrate from the network layer to the app identity.
+3x more identities
Increasing Rate Of Change
Applications and their infrastructure are changing faster than ever.
Continuous Delivery and Infrastructure as Code can deliver multiple security changes per week, day, or hour.
+3x more changes to review
Custom security policy creation & manual audit doesn’t scale.
Deliver security, simply
Analyze identities actual and desired access in terms everyone can understand, k9 Access Capabilities (details).
- Reduce confusion within customer teams when discussing security controls and audit results
- Declare desired access in the same terms access is audited
- Accelerate path to secure deployments
Improve security policies easily and scalably with infrastructure automation libraries and expert support.
- Code the access you intend and generate robust security policies with Terraform & CDK
- Improve security policies continuously with simple, periodic reviews of actual access and policy automation updates
- Access AWS security policy engineering experts on-demand or extend your team
Audit and report the effective access of each IAM principal whenever you want.
- Comprehensive access report everyone understands, delivered daily
- Reports formatted in JSON, CSV, and Excel formats integrate with existing tools and analysis processes
- Customer data encrypted with customer encryption key
Usable AWS Security
Robust Policy Automation
Improve your security policies by using k9's infrastructure automation libraries to specify your intended access clearly and let k9 take care of generating a least privilege security policy. See k9 Security's Terraform libraries on GitHub.
Least privilege access policy? ✓ Done.
Code review? ✓ Done.
Simple Daily Reporting
k9 assesses access granted by your AWS security policies nightly, and publishes a report to your own secure inbox in S3.
Pivot, filter, slice, and dice with tools and data you already use.
Load the CSV or JSON format into your SIEM for monitoring. Use the Excel format (sample) for quick, interactive analysis.
Certified 3rd party access audit? ✓ Done.
Audit IAM for unused principals: ✓ Done.
Supported Services: IAM, STS, KMS, S3, RDS, DynamoDB, Redshift, and more (1375 AWS API Actions)
k9 tells you exactly what AWS permissions allow today and every day.
k9 dynamically determines who has access using AWS IAM APIs. k9 summarizes that into actionable reports (details). Analysis includes Service Control, IAM, and Resource policies.
This is not a static analysis of IAM policy or summary of yesterday's CloudTrail events.
Summarizing access so customers can focus on improvement
IAM users & roles
Buckets & Keys
Our simple setup process will have you up and improving quickly (hours, not weeks).
Configure k9 access to your AWS accounts in less than 30 minutes with our simple automation.
Daily assessments of your accounts are delivered to your secure inbox (S3 bucket).
Use k9 access reports, automation libraries, and pro support to improve security.