Get Access Capabilities
You can get the current mapping of the k9 Access Capabilities for each supported service's permissions using the k9 API with:
AWS: GET /access-capabilities/aws (Try it!)
or
Azure: GET /access-capabilities/azure (Try it!)
This mapping is useful for showing people how k9 has classified each permission of an cloud service and answer questions like, "what does delete-data for RDS mean?"
k9 Security classifies AWS and Azure permissions to one of these six capabilities:
- administer-resource
- read-config
- use-resource
- read-data
- write-data
- delete-data
The response is a map of each supported service's permissions keyed by the service name:
{
"Athena": {
"administer-resource": [
"athena:CreateDataCatalog",
"athena:CreateWorkGroup",
"athena:DeleteDataCatalog",
"athena:StopQueryExecution",
"athena:UpdateDataCatalog",
"athena:UpdateWorkGroup"
],
"read-config": [
"..."
],
"read-data": [
"athena:GetQueryResults",
"athena:GetQueryResultsStream"
],
"write-data": [
"..."
],
"...": {},
"CAPABILITY_N": {}
},
"...": { },
"SERVICE_N": { }
}
Request Headers
Set the Content-Type header to application/json
Request Path Parameters
Not Applicable
Request Body
Not Applicable
Response
Success
When you successfully request an access capabilties map, the API will respond with:
Response Status Code: 200 (OK)
Response Body (Example): complete response json (Nov 14, 2022)