Releases: k9securityio/k9-cli
Analyze an AWS account on-demand
You can now analyze an AWS account on-demand with the k9 CLI's analyze account command.
The analyze account command is authorized by your own AWS identity and the principals you have configured to allow use of the k9 Security APIs. So obtain valid AWS credentials for a principal authorized to use the API.
Then, trigger an analysis by specifying the customer and account ids:
k9 analyze account --customer_id C123456 --account 123456789012
If all goes well, the command-line should respond with output like:
Starting analysis of C123456 account 123456789012 using api.k9security.io
Started analysis for C123456 account 123456789012 with execution ID: ondemand-C123456-123456789012-2022-09-28_B4QX
The execution ID uniquely identifies this analysis' execution.
v0.3.0 - k9 risks command for over-accessible-resources & over-permissioned-principals
This release of k9 CLI adds two new risks queries:
over-accessible-resourcesover-permissioned-principals
These similar commands process resource access summary reports and principal access summary reports respectively. Each uses three specialty flags:
- A list of strings called
services - An int
max-admin - Another int
max-rwd
These queries will filter and report resources or principals that match the service qualifier, and violate the specified admin or read-write-delete limit.
k9 query risks over-accessible-resources \
--customer_id C10001 \
--account 720226181253 \
--analysis-date 2022-06-14 \
--format json \
--service S3 \
--max-admin 1 \
| jq '.[].resource_arn'k9 query risks over-permissioned-principals \
--customer_id C10001 \
--account 720226181253 \
--analysis-date 2022-06-14 \
--format json \
--service S3 \
--max-admin 2 \
| jq '.[].principal_arn'v0.2.0 - k9 query command
The k9 CLI now supports the query command to query and filter:
- principals
- principal access summaries
- resources
- resource access summaries
These sub commands print the data from the eponymously named report view in either csv or json format. You can filter the data using the --names and --arns flags.
See example commands below:
# Query specific principals
k9 query principals \
--customer_id $K9_CUSTOMER_ID \
--account $K9_ACCOUNT_ID \
--analysis-date 2022-07-01 \
--arns arn:aws:iam::139710491120:role/k9-dev-appeng \
--names k9-auditor \
--format json | jq '.'
# Query principal access summaries for specific principals
k9 query principal-access \
--customer_id $K9_CUSTOMER_ID \
--account $K9_ACCOUNT_ID \
--analysis-date 2022-07-01 \
--arns arn:aws:iam::139710491120:role/k9-dev-appeng \
--names k9-auditor \
--format json | jq '.'
# Query specific resources
k9 query resources \
--customer_id $K9_CUSTOMER_ID \
--account $K9_ACCOUNT_ID \
--analysis-date 2022-07-01 \
--arns arn:aws:rds:us-east-1:139710491120:cluster:int-test-pg-01 \
--names qm-dev-k9-reports \
--format json | jq '.'
# Query resource access summaries for specific resources
k9 query resource-access \
--customer_id $K9_CUSTOMER_ID \
--account $K9_ACCOUNT_ID \
--analysis-date 2022-07-01 \
--arns arn:aws:rds:us-east-1:139710491120:cluster:int-test-pg-01 \
--names qm-dev-k9-reports \
--format json | jq '.'
v0.1.0 - k9-cli for early adopters
This is the first release of k9-cli for early adopters. The CLI:
- supports the
list,sync,diff, andquery risks iam-adminscommands described in Usage section of the README - is signed for distribution on OS X using K9 Security Inc Apple App Developer Id
- should accommodate upcoming k9 features such as 'latest' reports
k9 Security would love to help you use this CLI and answer any questions. Reach out to support@k9security.io with questions or for a 1:1 walkthrough.
Files for each OS:
- OS X:
k9-osx.zip - Linux:
k9-linux64 - Windows:
k9-windows64.exe
Phase 1: list, sync, diff, iam-admins
Implement phase 1 features of k9-cli:
- Model S3 and local database
- List and synchronize reports in an S3 bucket
- Extract iam-admin risks from a specified report
- Calculate the ARN-level diff between a historical principals or resources report and the latest such report