Cloud Architecture, Security, and Governance
- The k9 Access Capability Model
- How to Organize Cloud Accounts for AWS, GCP, and Azure
- Continuous security policy engineering
- Guide to Tagging Cloud Deployments
AWS Security Architecture and Engineering
- AWS Identity health checks
- Why good AWS security policies are so difficult
- How to create a secure S3 bucket policy
- Debugging AccessDenied in AWS IAM
- Test an S3 Bucket Policy using IAM Simulator
- Secure data in AWS with Key Management Service
- Send a message to encrypted SQS queue in another AWS account in same organizational unit
AWS Governance and Compliance
Infrastructure Code Libraries
The k9 Security infrastructure code libraries are open source and freely available in the k9securityio organization on GitHub. These libraries implement secure policies using k9’s access capability and tagging models. Professional support for these libraries and prioritized enhancement are included when you subscribe to the k9 access analysis service.
All k9 Security’s modules are available in the Terraform Registry.
- terraform-local-context – A Terraform module to capture the context your team needs to manage, operate, and secure resources on any Cloud.
- terraform-aws-s3-bucket – Provision AWS S3 buckets safely with least privilege access and comprehensive tagging using Terraform.
- terraform-aws-kms-key – Provision AWS KMS keys safely with least privilege access and comprehensive tagging using Terraform.
AWS Cloud Development Kit (CDK)
The k9-cdk helps you provision best practice AWS security policies defined using the simplified k9 access capability model and safe defaults. In CDK terms, this library provides Curated (L2) constructs that wrap core CloudFormation resources (L1) to simplify security.
Currently the k9-cdk supports:
- AWS Resources: S3 Bucket Policies, KMS Key Policies
- Languages: TypeScript, (next) Python
The k9-cdk is distributed on:
- NPM: @k9securityio/k9-cdk