Sold by: Axon Tech Labs
Deployed on AWS
Automated AWS IAM security provisioning via CloudFormation. 5 IAM groups, core service roles, least-privilege policies, drift detection, and audit exports. Docker-based, config-driven.
Overview
SEC Provisioner by Axon Tech Labs is a Docker-based tool that automates AWS IAM security infrastructure provisioning via CloudFormation. It bridges the gap between data science agility and enterprise security requirements - creating IAM groups, service roles, and least-privilege policies from a single YAML configuration file. By shifting security left, teams can build compliant ML environments in minutes rather than weeks.
The Startup-5 tier is designed for small teams getting started with AWS security best practices. It includes 5 IAM groups, core service roles, and essential least-privilege policies.
Deploy across multiple AWS accounts, environments, and regions with consistent results. Every step - from configuration validation to deployment - produces auditable artifacts for compliance and team visibility.
Designed for DevOps engineers, MLOps engineers, security architects, and platform teams who need standardized, repeatable IAM infrastructure across ML projects, environments, and accounts.
Key Capabilities:
- Automated Least-Privilege Governance: Secure your environment from the start by automatically generating granular IAM policies and standalone service role documents. This ensures your ML infrastructure adheres to strict security best practices without the manual overhead of writing complex JSON policies.
- Safe Deployment Pipeline: Move confidently from configuration to production with a multi-stage validation workflow. Validate YAML schemas, perform structural CloudFormation checks, and utilize isolated test-deploy namespaces to verify permissions before touching live environments.
- Pre-Deployment Visibility: Eliminate surprises by generating detailed Change Sets to preview exactly how security modifications will impact your environment. This allows security teams to audit infrastructure updates before they are executed.
- Continuous Compliance and Auditability: Maintain a transparent security posture by exporting IAM roles and groups into individual JSON files for external auditing. Use built-in drift detection to identify unauthorized manual changes and ensure your live stack remains aligned with your defined security baseline.
- Streamlined Lifecycle Orchestration: Manage the entire security stack through a single interface - from synthesizing CloudFormation templates to executing full resource tear-downs.
12 Actions:
- validate-config - Validate configuration YAML template before deployment
- export-iam-policy - Generate a least-privilege IAM policy document for provisioning IAM security infrastructure
- export-service-policies - Generate standalone JSON policy documents for each AWS service role
- export-roles - Extract IAM role definitions into individual JSON files for auditing
- export-groups - Export IAM group definitions as individual JSON files
- create-prov-template - Synthesize the configuration into a CloudFormation template
- validate-prov-template - Perform structural and semantic validation on the generated template
- show-changes - Generate a Change Set to preview security infrastructure modifications
- check-drift - Detect configuration drift on deployed CloudFormation stack resources
- test-deploy - Deploy to an isolated namespace to verify permissions and resource creation
- deploy - Provision or update the AWS security infrastructure stack
- delete-stack - Tear down the CloudFormation stack and remove all associated security resources
How It Works:
- Configure: Define your IAM security infrastructure in a simple YAML file
- Execute: Run the Docker container with your config mounted
- Review: Generate CloudFormation templates, IAM policies, and service role documents, then validate before deploying
- Deploy: Deploy to AWS via CloudFormation for immediate, reliable resource creation
Technical Requirements:
- Docker 20.10 or later
- AWS account with IAM, CloudFormation, and S3 permissions
- AWS credentials (access key or IAM role)
- 512 MB RAM minimum
Highlights
- Automated IAM Security - 5 IAM groups, core service roles, and least-privilege policies deployed from a single YAML configuration. 12 actions cover the full lifecycle from policy generation and audit exports to drift detection and stack teardown.
- Audit-Ready Exports - Export IAM policies, service roles, and group definitions as individual JSON files for external security reviews. Built-in drift detection identifies unauthorized manual changes to your deployed infrastructure.
- Safe Deployment Pipeline - Multi-stage validation workflow with schema checks, CloudFormation template validation, and isolated test deployments. Preview security changes via Change Sets before touching live environments. Docker-based execution fits any CI/CD system.
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
SEC Provisioner Startup-5 Container Image
Latest version
Operating system
Linux
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
SEC Provisioner Startup-5 License | License for SEC Provisioner Startup-5 - 5 IAM groups, core service roles, essential policies | $349.00 |
Vendor refund policy
30-day money-back guarantee for monthly subscriptions. Pro-rated refunds for annual subscriptions within first 30 days.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
SEC Provisioner Startup-5 Container Image
Supported services: Learn more
- Amazon ECS
- Amazon EKS
- Amazon ECS Anywhere
- Amazon EKS Anywhere
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
Enhanced validation with AWS resource name length checks. Fixed missing ~/.aws credential mounts in documentation examples. Improved USER_GUIDE Docker command formatting across all provisioners. Bug fixes and stability improvements.
Additional details
Usage instructions
Quick start:
docker run --rm
-v ~/.aws:/home/secuser/.aws:ro
sec-provisioner:startup-5 --help
Full documentation: https://docs.axontechlabs.com/sec/USER_GUIDE.html Configuration guide: https://docs.axontechlabs.com/sec/CONFIGURATION.html
Resources
Vendor resources
Support
Vendor support
Email: support@axontechlabs.com Response Time: Within 24 hours (business days) Hours: Monday-Friday, 9 AM - 5 PM Pacific Time Includes: Technical questions, configuration assistance, troubleshooting Documentation:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Automate S3, VPC, and IAM infrastructure for ML workloads. 40 actions across storage, networking, and security. Config-driven, Docker-based. 15% bundle savings.
The SEC Filings Analyzer, powered by Amazon Bedrock, allows users to interrogate public company annual reports (10ks) that are available in the SEC EDGAR database. This powerful solution can accurately retrieve and analyze public company filings in seconds.
CrowdSec delivers real-time, crowd-powered threat intelligence, with exclusive data and automated integration, to preemptively block cyberattacks and reduce alert fatigue. Know which CVE is trendy, where, when and why in real time. Sort out noise for emergency using our API.
This course covers fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured. We will address your security responsibilities in the AWS cloud and provide a brief introduction to the different security-oriented AWS services available.
SMARTNet for PID CSR 1G SEC for the Public Cloud
CrowdSec delivers real-time, crowd-powered threat intelligence to preemptively block malicious IPs and reduce security alerts, enabling faster, more accurate cyber reponse, avoid fraud and identity abuses.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.