Cloud Architecture, Security, and Governance
- The k9 Access Capability Model
- Guide to Tagging Cloud Deployments
- How to Organize Cloud Accounts for AWS, GCP, and Azure
- Why good AWS security policies are so difficult
- Secure data in AWS with Key Management Service
- Send a message to encrypted SQS queue in another AWS account in same organizational unit
Infrastructure Code Libraries
The k9 Security infrastructure code libraries are open source and available in the k9securityio organization on GitHub. These libraries implement k9’s access capability and tagging models.
- tf_context – A Terraform module to capture the context your team needs to manage, operate, and secure resources on any Cloud.
- tf_s3_bucket – Provision AWS S3 buckets safely with least privilege access and comprehensive tagging using Terraform.
- tf_aws_kms_key – Provision AWS KMS keys safely with least privilege access and comprehensive tagging using Terraform.
AWS Cloud Development Kit (CDK)
The k9-cdk helps you provision best practice AWS security policies defined using the simplified k9 access capability model and safe defaults. In CDK terms, this library provides Curated (L2) constructs that wrap core CloudFormation resources (L1) to simplify security.
Currently the k9-cdk supports:
- AWS Resources: S3 Bucket Policies, (next) KMS Key Policies
- Languages: TypeScript, (next) Python
The k9-cdk is distributed on:
- NPM: @k9securityio/k9-cdk
Request a Feature or Open a Ticket
If you have an idea for a feature you would like to see included in our software, or if you need to file a support ticket, please get in touch with us!