FAQ Template

CloudCheckr has re-imagined the user experience with its new product: CloudCheckr CMx.

By building a brand-new UI, we expand on everything that makes CloudCheckr great while delivering new experiences that appeal to a wider user base. This includes things like mobile support, better aesthetics, simpler navigation, improved API functionality and documentation, and more.

Review the Frequently Asked Questions (FAQs) to learn more about what CloudCheckr CMx will provide you.


A New CloudCheckr Experience

It’s easy: just log in to a CloudCheckr region using one of the following new URLs and type your current username and password:

Platform

Current URL

New URL

US Production

https://app.cloudcheckr.com

https://app-us.cloudcheckr.com

Europe

https://eu.cloudcheckr.com

https://app-eu.cloudcheckr.com

Australia

https://au.cloudcheckr.com

https://app-au.cloudcheckr.com

Gov

https://gov.cloudcheckr.com

https://app-gov.cloudcheckr.com

Only administrators will have access to CloudCheckr CMx. Administrators must provide access permissions to all other users before they can log in to CloudCheckr CMx.

Yes! This release doesn't replace your access to the current UI and API. You can switch back and forth between the two UIs and compare them side-by-side.

The biggest improvements for our customers include:

  • A platform built from the ground up to be scalable and performant
  • A modern design that is more visually appealing, which can scale across multiple device sizes
  • A dynamic account hierarchy that brings organization to your account list by allowing up to 11 layers of account groupings
  • An API-first model that ensures UI and API functionality remains consistent

The following are some enhancements you will see as part of CMx API:

  • A platform built from the ground up to be scalable and performant
  • A new and improved documentation system built on Swagger.io
  • A more intuitive user experience—including search parameters, filtering, and ordering—that leverages the OData standard
  • More consistent response formatting and pagination
  • A dynamic account hierarchy brings organization to your account list by allowing up to 11 layers of account groupings
  • An API-first model that ensures UI and API functionality remains consistent

The CMx UI includes these innovative features:

Feature

Highlights

Improved Navigation

  • Improved search functionality
  • Account Switcher makes jumping from one account to another quick and painless
  • Reorganized menu and layout

Account Hierarchy

  • Organize accounts into groups for streamlined account management and scalable permissions
  • Apply attributes across accounts for automatic categorization
  • Group accounts easily into multi-account views (MAVs)

Role Based Access Control

  • Create roles that define a set of users, permissions, and accounts
  • Establish permission sets that serve as reusable templates of permissions
  • Align roles to the account hierarchy for at-scale user and account management

Early Access | New Ingestion Engine + Cost Reporting

  • Ingests AWS Cost and Usage Report (CUR) data in a fraction of the amount of time
  • Offers robust, interactive cost reports and dashboards
  • Provides a Pivot Explorer feature, so you can create on-the-fly reporting and analysis

The topic, A New CloudCheckr Experience, gives an overview of all of the new features and provides links to the topics specific to these features.

Yes. Using CloudCheckr CMx doesn’t impact your access to the reports and functionality that you’re familiar with in the current CloudCheckr product.

You can switch back and forth between the new reports and the current reports in the CloudCheckr CMx environment by toggling the in the Left Navigation pane. For some of the existing CloudCheckr features, like Custom reports and dashboards, you will need to access them from the Search bar rather than from the left navigation pane.

This initial release provides the foundation for our future CloudCheckr CMx strategy. Some of the enhancements we are working on include the following:

  • Account Management UX improvements: Simplifying account creation—providing more contextual information and making it easier to manage accounts within the new hierarchy
  • Account Credentialing: Improving the onboarding workflow when credentialing a new account in CloudCheckr
  • Customer (Partner) Management: Rolling out a new user experience for creating and managing customers and plans
  • New dashboards and reporting

New Account Hierarchy

Our new account hierarchy introduces the concept of account groups that create a parent-child folder structure which allows you to organize your accounts as you see fit. This organization simplifies navigation and user permissions.

  • Accounts: No change to accounts as you know them. These are the various cloud provider accounts that you have added to CloudCheckr.
  • Account Groups: As mentioned earlier, account groups are like folders for your accounts. You can use them to organize your accounts in a hierarchy—up to 11 levels deep—and administer access management at the group or account level using roles.
    An account can only exist in one parent folder, but a folder can contain multiple accounts from different cloud providers.
  • Multi-Account Views (MAVs): No change to MAVs as you know them. MAVs allow you to look at all the resources in multiple accounts through a single lens. You can tag individual accounts and designate tags in the MAV to identify the accounts you want to combine. With MAVs, you can create complex views across large sets of accounts and slice and dice data across multiple tags.

Use cases for organizing accounts may include:

  • Match a complex organizational structure by creating groups for various divisions, business units, reporting lines, and other categories
  • Align your account hierarchy by region and provider
  • Enable accounts from multiple cloud providers to exist in the same account group

Account-related functionality includes:

  • Retrieve all accounts, account groups, and MAVs
  • Retrieve parents of accounts, account groups, and children of account groups
  • Update accounts and account groups
  • Create new account groups
  • Delete account groups
  • Move accounts and account groups throughout the hierarchy

The account hierarchy combines with the Role Based Access Control (RBAC) to streamline the administration of CloudCheckr CMx. After establishing a logical account hierarchy, you can apply user roles to accounts and account groups that exist at any level of the hierarchy.


New Role Based Access Control (RBAC)

RBAC is a method of managing user access based on the roles assigned to those users. This is a hub-and-spoke model, where the role object acts as the hub for all access management. Permissions, users, and accounts are all applied to the role, and the intersection of those objects determines who has access to what in the system.

To further simplify things, we have introduced the concept of permission sets to Cloudcheckr CMx access management. Permission sets are templates of permissions that you can apply as a group to roles instead of having to apply or remove individual permissions each time a role is created or modified.

  • Users: The actual end-users who received a username (email address) and password that allows them to log in to the application
  • Clients: Services that access the CloudCheckr CMx API to make a request and return a response or data based on that request
  • Roles: The collection of permissions that a user inherits which enable them to perform certain tasks or operations in the CloudCheckr CMx application
  • Permissions: The individual privileges in CloudCheckr CMx that allow any user with that permission to perform a function or task such as view cost alerts and manage account groups
  • Permission Sets: A collection of privileges that you can apply as a group to your CloudCheckr CMx roles. For example, you might have a View-Only permission set that includes all View-Only permissions

Roles allow you to organize your users based on similar access and job function. For example, all members of your finance team may exist in a singular role that grants each member access to cost and billing reports for all accounts. When a new team member joins, you can add them to the role so that they inherit the same entitlements as their peers.

RBAC allows you to organize your users and the account hierarchy allows you to organize your accounts. By marrying the two, you can broadly administer access management across your accounts and user base. While the goal is to standardize access management, you still can apply fine-grained entitlements when needed.

Access management-related functionality includes:

  • View all permissions
  • Create, update, or delete permission sets
  • Create, update, or delete roles (including account assignment)
  • Create update, or delete clients and access keys
  • Create, update, or delete users
  • Assign users to and remove users from roles

You don't need to recreate existing users or passwords. However, these users won't have access via the RBAC model until you assign them roles. Since this is a new permissions model, we recommend creating permission sets and roles that meet the access needs of your user base.

Our team is ready to help. If you’re not sure how best to define your user roles, please reach out to schedule a session to review.

Also, we won't migrate API access keys over from CloudCheckr since the client/secret key functionality in RBAC is more robust and secure.


How did we do?