Actually Secure AWS IAM

Deliver apps securely with usable automation and insightful audits. Today.

Continuous Security with k9

Finally understand the access apps & people have and what could be stolen or destroyed

Easily define & deploy secure IAM policies with your infrastructure code pipelines

Continuously monitor & improve access granted by AWS IAM without overloading experts

AWS Security is Too Difficult

Complex AWS Security Model

Nobody understands how all the security policies fit together.

Security policies are hard to get right and difficult to validate (details). Five kinds of policy, +6000 API actions, and frequent API additions.

Even experts make mistakes

Changing Application Architectures

Cloud applications are deployed differently

Applications restructure and each app component gets an identity. Access controls migrate from the network layer to the app identity.

+3x more identities

Increasing Rate Of Change

Applications and their infrastructure are changing faster than ever.

Continuous Delivery and Infrastructure as Code can deliver multiple security changes per week, day, or hour.

+3x more changes to review

Custom security policy creation & manual audit doesn’t scale. 

Deliver security, simply


Analyze identities actual and desired access in terms everyone can understand, k9 Access Capabilities (details).


  • Reduce confusion within customer teams when discussing security controls and audit results
  • Declare desired access in the same terms access is audited
  • Accelerate path to secure deployments


Improve security policies easily and scalably with infrastructure automation libraries and expert support.

  • Code the access you intend and generate robust security policies with Terraform & CDK
  • Improve security policies continuously with simple, periodic reviews of actual access and policy automation updates
  • Access AWS security policy engineering experts on-demand or extend your team


Audit and report the effective access of each IAM principal whenever you want.


  • Comprehensive access report everyone understands, delivered daily
  • Reports formatted in JSON, CSV, and Excel formats integrate with existing tools and analysis processes
  • Customer data encrypted with customer encryption key

Usable AWS Security

Continuously review and improve security policies — without overloading experts.
  1. Identify issues with k9 IAM access monitoring service
  2. Resolve issues with k9 secure policy generators
  3. Repeat

Robust Policy Automation

Improve your security policies by using k9's infrastructure automation libraries to specify your intended access clearly and let k9 take care of generating a least privilege security policy.  See k9 Security's Terraform libraries on GitHub.

Least privilege access policy? ✓ Done.

Code review? ✓ Done.

Simple Daily Reporting

k9 assesses access granted by your AWS security policies nightly, and publishes a report to your own secure inbox in S3. 

Pivot, filter, slice, and dice with tools and data you already use.

Load the CSV or JSON format into your SIEM for monitoring. Use the Excel format (sample) for quick, interactive analysis.

Certified 3rd party access audit? ✓ Done.

Audit IAM for unused principals: ✓ Done.

Supported Services: IAM, STS, KMS, S3, RDS, DynamoDB, Redshift, and more (1375 AWS API Actions)

Who has access to what data? Really.

k9 tells you exactly what AWS permissions allow today and every day.

k9 dynamically determines who has access using AWS IAM APIs. k9 summarizes that into actionable reports (details).  Analysis includes Service Control, IAM, and Resource policies.

This is not a static analysis of IAM policy or summary of yesterday's CloudTrail events.

Summarizing access so customers can focus on improvement

IAM users & roles

Buckets & Keys

Get Started

Our simple setup process will have you up and improving quickly (hours, not weeks).




Subscribe to k9 Security inAWS Marketplace

configure access

Configure k9 access to your AWS accounts in less than 30 minutes with our simple automation.


Daily assessments of your accounts are delivered to your secure inbox (S3 bucket).

Improve Policies

Use k9 access reports,  automation libraries, and pro support to improve security.

Ready To Get Started?