Get Access Capabilities
You can get the current mapping of the k9 Access Capabilities for each supported service's permissions using the k9 API with:
GET /access-capabilities
(Try it!)
This mapping is useful for showing people how k9 has classified each permission of an AWS service and answer questions like, "what does delete-data
for RDS mean?"
k9 Security classifies AWS IAM permissions to one of these six capabilities:
- administer-resource
- read-config
- use-resource
- read-data
- write-data
- delete-data
The response is a map of each supported AWS service's permissions keyed by the service:
{
"Athena": {
"administer-resource": [
"athena:CreateDataCatalog",
"athena:CreateWorkGroup",
"athena:DeleteDataCatalog",
"athena:StopQueryExecution",
"athena:UpdateDataCatalog",
"athena:UpdateWorkGroup"
],
"read-config": [
"..."
],
"read-data": [
"athena:GetQueryResults",
"athena:GetQueryResultsStream"
],
"write-data": [
"..."
],
"...": {},
"CAPABILITY_N": {}
},
"...": { },
"SERVICE_N": { }
}
Request Headers
Set the Content-Type
header to application/json
Request Path Parameters
Not Applicable
Request Body
Not Applicable
Response
Success
When you successfully request an access capabilties map, the API will respond with:
Response Status Code: 200 (OK)
Response Body (Example): complete response json (Nov 14, 2022)
Last update:
September 16, 2024