CloudCheckr Updates 2017
- December 19, 2017
- December 11, 2017
- December 04, 2017
- November 20, 2017
- November 13, 2017
- November 06, 2017
- October 30, 2017
- October 23, 2017
- October 16, 2017
- October 09, 2017
- October 02, 2017
- September 25, 2017
- September 18, 2017
- September 11, 2017
- September 01, 2017
- August 25, 2017
- August 17, 2017
- August 11, 2017
- August 03, 2017
- July 27, 2017
- July 20, 2017
- July 14, 2017
- July 7, 2017
- June 29, 2017
- June 15, 2017
- June 08, 2017
- June 01, 2017
- May 26, 2017
- May 18, 2017
- May 12, 2017
- May 04, 2017
- April 27, 2017
- April 21, 2017
- April 13, 2017
- April 06, 2017
- March 30, 2017
- March 23, 2017
- March 17, 2017
- March 09, 2017
- March 03, 2017
- February 17, 2017
- February 10, 2017
- February 3, 2017
- January 26, 2017
- January 20, 2017
- January 13, 2017
- January 07, 2017
December 19, 2017
CloudCheckr will be performing a scheduled system update on Tuesday, December 19, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
The report navigation and user interface has been revamped
The new design takes a lot of cues from the mobile app world and frees up more of the screen’s real estate for CloudCheckr’s extensive reports. Previously, the side menu had a long list of text-based menu options. Now, the app shows icons for categories
like Cost, Best Practice Checks, Security, Utilization, and Automation. Once an icon is selected, the familiar text menu displays. Select a task and the menu goes away. The header also takes up less vertical space by using icons and a “hamburger” (three
horizontal lines, like a slice of meat between a bun) menu, similar to a mobile app.
Check out this walkthrough of the new user interface on YouTube: https://youtu.be/Irhg6mCde4I
Can now add a secondary custom logo for the app (versus emails and reports)
Because the new UI design will modify the space for the custom logo and its background color, you now have the ability to upload a logo solely for the header. If no header logo is specified, the default custom logo will be used for the application
header. Supported file types: jpg, png & gif. For best display we recommend an image with a height no larger than 26 pixels. Custom logos can be managed by Admin users by clicking on the Settings icon at the top of the app and selecting ‘Customization’
from the dropdown menu.
API UPDATES
get_best_practices_v2 will now include Azure Security Center checks
10 new API calls:
- get_resources_ec2_hosts
- get_resources_vpc_vpn_connections_details
- get_resources_route_tables
- get_resources_customer_gateways
- get_password_policy
- get_cloudtrail_trails
- get_resources_vpc_vpn_gateways
- get_vpc_subnets
- get_resources_aws_internet_gateways
- get_resources_ec2_network_interfaces
AWS UPDATES
2 New CIS Benchmarks:
- 1.17 Enable Detailed Billing
- 1.21 Ensure IAM Instance Roles are used for AWS resource access from Instances
Added text box to some CIS Benchmarks
Amortization now supported for Dedicated Host RIs
Performance improvements when loading the Best Practice report
CloudWatch VPC Flow Logs data collection speed improvements
Fix Now capabilities added to 3 Best Practice checks:
- S3 Buckets That Allow Authenticated Users To Access Billing Report Log Files
- S3 Buckets With Logging Not Enabled
- IAM Role Policies with Full Admin Privileges
4 New Best Practice checks
- Detailed Billing Enabled
- EC2 Instances Not using IAM Profile role
- SNS Topics that Allow ‘Everyone’ to Publish
- SNS Topics that Allow ‘Everyone’ to Subscribe
AZURE UPDATES
Added an Enterprise Agreement Cost Overage Alert
Improvements to the following CSV exports:
- Scale Sets Inventory Report
- Network Security Groups Inbound Rules with Potentially Dangerous Ports Exposed check
- Network Security Groups Outbound Rules with Dangerous Ports Exposed check
- Network Security Groups Outbound Rules with Potentially Dangerous Ports Exposed check
EA and CSP accounts will now receive one aggregated bill summary email per day (instead of one per subscription)
New price list comparison tool
Billing periods automatically lock when the period closes
Added the ability to manually lock/unlock billing periods
Added the ability to group by Instance Id in Advanced Grouping
New Best Practice Check:
- Blob Containers whose URLs are publicly accessible
December 11, 2017
CloudCheckr will be performing a scheduled system update on Monday, December 11, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
API UPDATES
12 New API calls for managing user groups:
- account.json/add_acls_per_account_per_group
- account.json/add_user_to_group
- account.json/clone_group
- account.json/create_group
- account.json/delete_acl_from_group
- account.json/delete_group
- account.json/get_access_control_list
- account.json/get_accounts_by_group
- account.json/get_acls_per_account_per_group
- account.json/get_groups_v2
- account.json/get_users_by_group
- account.json/remove_users_from_group
AWS UPDATES
Fix Now capabilities added to two best practice checks:
- SQS Queue With Permission Set To Everyone
- S3 Buckets With Any Permission Set To Everyone
Improved error messaging when entering account credentials
You will now see a better error response when failing to add/update credentials to an account.
Improvements to billing data collection for large datasets
If interrupted when processing a large Detailed Billing Report or Cost and Usage Report, CloudCheckr will now gracefully resume processing the file from where it stopped.
AZURE UPDATES
More intelligent cost data processing around reserved instance changes
Automatically set currency / region when creating new accounts
CloudCheckr will now try to automatically set the billing currency and/or region of an account. If it can’t, these values can be set within the Account Settings > Edit Billing Configuration menu.
New best practice check:
- Blob Containers whose URLs are publicly accessible
December 04, 2017
CloudCheckr will be performing a scheduled system update on Monday, December 04, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Custom Logos will now display properly in the Safari web browser.
API UPDATES
Added 4 new API calls:
- add fixed custom billing charges
- edit fixed custom billing charges
- configure custom cost
- delete custom billing charges
AWS UPDATES
Add support for X1e EC2 instances
Added Fix Now support to the following best practice checks:
- S3 Buckets That Allow Everyone Access to Billing Reports
- S3 Buckets That Allow Everyone Access to CloudFront Log Files
- S3 Buckets That Allow Authenticated Users Access to CloudFront Log Files
- S3 Buckets With Logging Not Enabled
- S3 Public Sensitive Objects Stored
- S3 Public Sensitive Objects Stored Permission Set To Authenticated Users
Descriptions for Fix Now actions more clearly written
When executing a Fix Now function within a best practice check, you will now see a list of the steps being taken to execute the request.
Amortization now supports RDS and EC2 Flex RIs
If amortization is enabled within your account (this can be configured within the Cost > AWS Partner Tools > Configure Custom Cost menu), RDS and EC2 Flex RIs will now be properly accounted for.
Removed Self-Healing ability for resizing EC2 instances
The ability to have EC2 instances automatically right-size has been removed to eliminate the possibility of critical instances being unexpectedly impacted.
CloudTrail Performance increases for retrieval of historical CloudTrail data
Improvements have been made to the CloudTrail historic data retrieval process, allowing the data to populate within the accounts much faster.
AZURE UPDATES
Added support for basic Reserved Instance Unsharing
CloudCheckr will ‘unshare’ your Azure RIs, meaning it will ensure that only the accounts that should be getting the reserved instance benefit will. Those that are receiving a benefit will have those discounted costs recalculated at the
proper rate.
Update CSV output of List of Resource Groups report
The CSV export now includes the tag names and values of the Resource Groups.
Added the ability to generate invoices with increased decimal precision
When generating invoices you now have have the ability to show precise values, which is controlled with a checkbox. Enabling precise values will display the line items out to the maximum number of decimals provided by Azure. The total will still be
rounded to two digits.
Improved the performance of the billing summary reports
The Cost > Summary Reports > Single Day, Single Month, and Historical Summary reports have been revamped, allowing them to load data much faster.
Added the VM Trending report to Multi-Account Views
Allow a user to not import certain subscriptions under an CSP or EA account
Within the Account Settings > Edit Billing Configuration menu you now have the ability to exclude costs from any subscription from being retrieved by CloudCheckr. When configuring this option be sure to enter only the Subscription GUID associated
with the subscription.
Added Virtual Network Detail report
New Dashboard Pane:
- VM CPU Utilization
New Best Practice Check:
- VM without Forced Tunnelling Enabled
November 20, 2017
CloudCheckr will be performing a scheduled system update on Monday, November 20, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
API UPDATES
New call to add accounts before they populate within AWS billing source data
New call to add Azure Monthly Percentage Custom Billing Charge
AWS UPDATES
Added support for C5 instance types
Fix Now capabilities added for SQS Queues with Permissions set to Everyone check
Added support for RDS Flexible Reserved DB Instances
New CIS Benchmark: “1.24 Ensure IAM Policies that allow full “:” admin privileges are not created”
Added Instances using RIs to the EC2 and RDS List of Reserved Instances exports
AZURE UPDATES
Added Subnet Summary Report
Added Subnet Detail Report
New Dashboard Pane: Azure VM Count
November 13, 2017
CloudCheckr will be performing a scheduled system update on Monday, November 13, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
API UPDATES
Added two new API Calls:
- billing/azure_add_custom_billing_charge_fixed
- best_practice/ignore_best_practice
AWS UPDATES
Historic DBRs will now lock automatically
When a historic billing month is processed, CloudCheckr will automatically lock that month. This will prevent any unanticipated reloading of data.
Removed the Best Practice Dashboard view
The Dashboard version of the Best Practice report has been removed.
Added pagination to Profit Analysis
The Profit Analysis report, found within the Cost > AWS Partner Tools > Report menu, now supports pagination making it easier to navigate against a large number of accounts.
Added spot savings to CSV export from the Cost Savings report
CSV exports from the Cost Savings report will now include the potential spot savings.
Improved large PDF export requests from List of VPCs report
When exporting more than 100 VPCs from the Security > Secure Configuration > VPC > List of VPCs report, CloudCheckr will deliver the PDF via email.
AZURE UPDATES
Custom charges can now display by description on invoices
A new checkbox has been added to the Cost > Azure Partner Tools > Generate Invoices screen, labeled, ‘Show custom charge descriptions’. When this checkbox is enabled, when you export an invoice any custom charges added to CloudCheckr will display
as their description (instead of displaying as coming from the ‘Custom’ service). This will be true for any invoice other than Summary by Region, or invoices based on Saved Filters (those will adhere to the saved filter formatting). This will make it
clear to the invoice recipient what the charges are for.
Advanced Grouping Emails Now Have Download Link for CSV
When the Advanced Grouping report is configured to send a CSV version of the report via email, those CSVs will now be delivered within a download link.
Security Group best practice checks now support augmented security rules
The Security best practice checks now correctly handle properties that allow multiple entries (i.e. source, destination, and port properties). This includes public access detection, ports exposes, etc.
See here for more information: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#augmented-security-rules
New Dashboard pane: Virtual Machines Pie Chart
Within the Dashboard you can now build a pane that visualizes your Virtual Machines within a pie chart.
November 06, 2017
CloudCheckr will be performing a scheduled system update on Monday, November 6, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Tiered customers can now inherit SSO Identity Provider from their parent
Child customers, in a tiered customer configuration, can now inherit the SAML SSO authentication option enabled within the parent customer.
AWS UPDATES
Fix Now checks will now display missing permissions
When attempting to set a best practice check to ‘Fix Now’, you will now be alerted to any missing permissions needed to execute the request.
Added Self-Healing capabilities to three checks
The following best practice checks now have self-healing capabilities, meaning they can be set to always fix when detected:
- EBS Volumes With No Recent Snapshots (30 days)
- EBS Volumes With No Recent Snapshots (7 days)
- EBS Volumes Without A Snapshot
AZURE UPDATES
Additional Operating System information added to List of VMs report
Now you will be able to see the exact operation system of your VMs within the Inventory > VM > List of VMs report.
New notification message when EA account has account-level access keys instead of enrollment
You will now be notified if the credentials added to your Enterprise Agreement account uses account-level access keys instead of enrollment access keys. Enrollment access keys are recommended as they provide additional data that’s not available
with account-level keys.
Added support for new Enterprise Billing APIs
With this behind-the-scenes update we now support the new Billing API.
Added Load Balancers to the Publicly Accessible Resources alert
When configuring the Publicly Accessible Resources alert within the Security > Alerts > Manager screen, you now have the option to also be alerted against publicly accessible Load Balancers.
New best practice check
- Blob Containers Set to Full Public Read Access
October 30, 2017
CloudCheckr will be performing a scheduled system update on Monday, October 30, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Add/Edit User Group Permissions are now alphabetically sorted
When Admin users are adding or editing users, the list of groups within the ‘Group Permissions’ dropdown will now be sorted alphabetically.
AWS UPDATES
List of IAM Users report added to Inventory Custom Report Builder
When creating custom reports within the Inventory > Custom Reports > Builder you will now have an option to build an ‘IAM Users’ report.
‘Fix Always’ option now restricted to only Admin users for Fix Now checks
When clicking on the Fix Now button within a best practice check only Admin users will see the ‘Fix Always’ option. Non-Admin users will only have the option to fix now.
Fix Now capability added to the EBS Volumes with Excessive Snapshots check
The EBS Volumes with Excessive Snapshots best practice check now supports Fix Now capabilities. When having CloudCheckr fix this check, the oldest snapshots beyond the ‘excessive’ threshold (which is configurable on the check) will be deleted.
NOTE: for CloudCheckr to fix this check the IAM user or role associated with the account must have ec2:DescribeSnapshots and ec2:DeleteSnapshot permissions.
AWS Account Id now included in payload of alerts delivered to SNS topics
The alerts sent through an SNS Topic will now include the AWS account Id.
Changes made to the Blocklisted IP lists are now saved to the Admin Audit Log
The Admin Audit Log, which is accessible through the Admin Functions on the list of accounts page, now will include changes made to the Blocklisted IP lists.
AWS Config Data Processing Improved
The speed of processing the data from AWS Config has been greatly improved.
Added Self-Healing support for three checks
Within the Automation > Setup menu you can now set the following checks to be ‘Self-Healing’, meaning that CloudCheckr will automatically fix these when any issues are detected:
- EBS Volumes With No Recent Snapshots (30 days)
- EBS Volumes With No Recent Snapshots (7 days)
- EBS Volumes Without A Snapshot
AZURE UPDATES
Publicly Accessible Resources alerts now support SQL Server
When creating Publicly Accessible Resources alerts within the Security > Alerts > Resources menu, you now have the option to alert against public SQL Servers.
Added support for App Service Plans tags to Inventory reports
Inventory reports will now include tags from App Service Plans where applicable.
Added monthly savings to the Right-Sizing reports
The summary table at the top of the Right-Sizing reports will include the estimated monthly savings achieved by acting on the recommendations.
Two new best practice checks:
- App Service Plan with Exired SSL Certificate
- App Service Plan with Expiring SSL Certificate
October 23, 2017
CloudCheckr will be performing a scheduled system update on Monday, October 23, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
API UPDATES
Added additional output to the get_resources_virtual_machine_details call
Several fields have been added to the ouput of the get_resources_virtual_machine_details API call for Azure, providing greater insight into the VM inventory.
Added API Keys for multi-account views
You can now create dedicated API keys for multi-account views. These can be created and managed by loading a multi-account view and navigating to the Account Settings > API Access Keys menu.
AWS UPDATES
Blocklisted IP Address best practice check configuration popup improved
When configuring the Blocklisted IP Address Making API Calls best practice check, the screen where you choose the IP lists has been enhanced, allowing you to search and filter.
Supporting All Upfront RIs within the Cost and Usage report
CloudCheckr can now retrieve the All Upfront EC2 Reserved Instance inventory from the Cost and Usage report to be used for List Cost RI unsharing.
Added ability to filter S3 Buckets Not Enforcing Server-Side Encryption With A Bucket Policy check by tag
The S3 Buckets Not Enforcing Server-Side Encryption With A Bucket Policy best practice check can now be filtered by tag.
Added filtering capabilities to the IoT Inventory report
You can now filter the Inventory > IoT > List of Things report by Name and Attribute.
Added support for Elastic File Store in Change Monitoring
The Security > Activity Monitoring > Change Monitoring report will include changes found within the Elastic File Store service.
Added ability to manage blocklists in the Blocklisted IP address making API calls CloudTrail alert
When creating a copy of the Blocklisted IP address making API calls CloudTrail alert you now have the ability to choose the blocklists that the alert utilizes.
Add/Edit Credentials page instructions improved
The page where AWS Credentials are added/edited has been updated to match recent changes made to the AWS Console.
Added currently running instances to the RI Purchase Recommendations CSV export
A “Currently Running Instances” column has been added to the CSV export of the EC2 RI Purchase Recommendation report.
New Best Practice Check:
- IAM User Policies with full admin privileges
AZURE UPDATES
Added ability to edit best practice checks
CloudCheckr Admin users will now have the ability to edit the severity level of best practice checks, as well as disable/enable any check. The Best Practice Editor can be accessed within the Admin Functions dropdown on the main list of accounts. Be
sure to choose Azure from the cloud provider dropdown to manage Azure-specific checks.
Added Chart to the EA Usage Summary report
A summary chart has been added to the EA Usage Summary report, which is available within the Cost > Summary Reports menu.
Added exports to the EA Usage Summary report
You can now also export the data from the EA Usage Summary report.
Added Spend Analysis report to multi-account views
The Spend Analysis report has been added to multi-account views. It can be accessed within the Cost > Spend Analysis menu.
Added support for Virtual Networks to change monitoring
The Security > Activity Monitoring > Change Monitoring report will include changes being made to Virtual Networks.
Added support for Subnets to change monitoring
The Security > Activity Monitoring > Change Monitoring report will include changes being made to Virtual Network Subnets.
Reporting on certificate information in App Service Plan reports
The details found within the Inventory > App Service Plan > List of App Service Plans will now include SSL Certificates. These can be found within the Web Apps section of the report.
Added Redis Cache right-sizing report
The Utilization menu now includes a Right-Sizing report for Redis Cache.
GOOGLE UPDATES
New Best Practice Check:
- Publicly Accessible Cloud Storage Buckets
October 16, 2017
CloudCheckr will be performing a scheduled system update on Monday, October 16, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
API UPDATES
get_best_practices_v2 API call now supports Azure
get_detailed_billing_with_groupingv2 call now supports multi-account views
AWS UPDATES
CloudFormation Template will now read as ‘CC’ instead of ‘CloudCheckr’
When using the CloudFormation (instead of Manual) option when configuring accounts, the template URL will read ‘CC’ instead of ‘CloudCheckr’.
Fix Now capabilities will now only display on most recent Best Practice Report
When viewing the Best Practice report you will only be able to utilize the ‘Fix Now’ capabilities in the most recent version of the report. Looking at historical reports will disable this functionality.
Performance Improvements to Advanced Grouping saved filter generation
The back-end process to build that data for saved filters for the Advanced Grouping report has been improved, allowing for much faster build times.
Added Fix Now capabiliies for the IAM Password Policy Not Enabled check
The IAM Password Policy Not Enabled best practice check now offers ‘Fix Now’ functionality that will enable an IAM policy automatically.
Lambda added to the Untagged Resources report
The Inventory > Tagged and Inventory > Untagged Resources reports will now both report against Lambda.
New CIS Benchmark: 1.18 Enable Ensure IAM Master and IAM Manager Roles are Active
Two new best practice checks:
- IAM Role Policies with full admin privileges
- Default Security Groups Allowing Traffic
AZURE UPDATES
Added EA Usage Summary Report
The EA Usage Summary report, available within the Cost > Summary Reports menu, will show details including Balance, Commitment, and Overages, for the agreement.
Added Service Requests Inventory reports for CSP
CSP accounts will now have an Inventory > Service Request menu where details about services requests can be reviewed.
Custom Charges now support an end date
When creating and editing custom charged within the Cost > Azure Partner Tools > Custom Charges screen, you can now apply an end date to the custom charges.
Added three services to change monitoring:
- App Service Plans
- Load Balancers
- Application Gateways
October 09, 2017
CloudCheckr will be performing a scheduled system update on Monday, October 09, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added rounding notification to Monthly Billing Summary report
The Cost > AWS Billing > Summary Reports > Monthly report now includes help text at the top explaining how rounding large decimals can impact the costs displayed within CloudCheckr.
Added instance name and average metrics to Heatmap exports
When exporting Heatmaps to PDF from the Utilization menu, you will now see a second page showing the instance name and instance-specific metrics.
Added the ability to configure the IP list in the Blocklisted IP Address Making API Calls check
You now have the ability to configure the IP lists for the Blocklisted IP Address Making API Calls best practice check. To update the check configuration click on the gear icon to the right of that check, which can be found on the Security tab.
NOTE: The IP lists can be created and managed within the Admin Functions list on the main list of accounts page.
AZURE UPDATES
Added a tool to find Blob Containers that can be accessed by the public
CloudCheckr now offers a quick tool that allows you to enter the URL of your Blob Container to see if that Container is publicly accessible. You can access this tool at http://blobcheckr.com
Added List of Application Gateways Inventory report
There is new List of Application Gateways report. This report can be accessed within the Inventory > Networking menu.
Added Subscription to List of VMs report in Multi-Account Views
When viewing the List of Virtual Machines report within multi-account views, the Subscription where the VM resides will now display.
Reorganized Azure Network Security Group check into ‘with’ and ‘without’ resources
The Network Security Group best practice checks have been redone. Now there ware two checks for each: one for those groups WITH resources, and one for those WITHOUT.
These are the checks that have been updated:
- Network Security Groups Outbound Rules Set To All Ports
- Network Security Groups Inbound Rules with Potentially Dangerous Ports Exposed
- Network Security Groups Inbound Rules with Specific Ports Exposed
- Network Security Groups Outbound Rules with Dangerous Ports Exposed
- Network Security Groups Outbound Rules with Potentially Dangerous Ports Exposed
- Network Security Groups Inbound Rules Set to All IPs and All Ports
- Network Security Groups Outbound Rules Set to All IPs and All Ports
Added Azure Container Service Inventory Reports
A new Summary and Detailed report has been added to the Inventory > Container Services menu.
Added an Improperly Tagged Resources daily email
You can now have the output of the Improperly Tagged Resources report emailed on a daily basis. This email can be enabled and configured within the Account Settings > Email Settings menu. NOTE: you must first create tag rules within the Cost >
Tagging > Tagging Rules menu.
Improved the format of the Improperly Tagged Resources CSV export
Added cost to the details of the App Service Plans with No Apps check
The App Service Plans with No Apps best practice check has been updated to show the cost of the App Service Plan(s) being flagged by the check.
New Best Practice Check
- Managed Disk without Backup Protection
GOOGLE UPDATES
New Best Practice Check
- Large Objects Being Stored in Cloud Storage
October 02, 2017
CloudCheckr will be performing a scheduled system update on Monday, October 02, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
API UPDATES
New Admin Call
- account/get_accounts_v4
New Azure Call
- inventory/get_resources_virtual_machine_details
AWS UPDATES
Added PDF Export to RI Purchase Recommendation Reports
- EC2 by Instance
- EC2 by Frequency
- RDS
Workflows broken into tabs
The Automation > Workflows page has been reorganized into multiple tabs. Non-workflow admin users will see tabs for their open and closed workflows. Workflow admins will see their open and closed workflows, as well as all open and closed admin workflows.
More information added to SNS Alert Notifications
Alerts delivered via SNS will now include details for the alert that was triggered. Previously, the SNS message only stated that an alert was triggered with no other information. Please note that the next update will expand upon the amount of detail
being delivered within the SNS alert.
CSV export added to Certificate Manager
AZURE UPDATES
Performance improvement to the Billing Dashboard
The Cost > Azure Billing > Dashboard report has been revamped, making it load and retrieve data much faster.
Redis Cache added to Change Monitoring
The Security > Activity Monitoring > Change Monitor report now reports against changes made to Redis Cache.
New Best Practice Check
- Application Gateway with Web Application Firewall (WAF) Disabled
September 25, 2017
CloudCheckr will be performing a scheduled system update on Monday, September 25, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATE
Showing/hiding columns on the list of accounts page
The list of accounts page now gives you the option to choose which columns to show or hide.
AWS UPDATES
Added the ability to include credits in Advance Grouping report
The Advanced Grouping report will now include credits by default. There is a checkbox added to the report that allows you to hide these credits if you would like a cost-only report. Note that historic months will need to be reloaded to see credits
in this report.
Added the ability to include account families in advance grouping report
When filtering by accounts within the Advanced Grouping report you now can choose to filter by AWS account, or by Account Family.
Added Elastic File System summary report
There is now an Elastic File System summary report within the Inventory menu.
Enable custom charges by a group of accounts
When adding custom charge tiers you now have the option to either sum all accounts and pass those through the custom tiers, or to pass each individual account through the tiers. This provides greater control and flexibility when establishing custom
charges.
AZURE UPDATES
Added a Right-Sizing report for Azure SQL
The Utilization menu now includes a Right-Sizing report for Azure SQL.
Additional data displayed for Redis Cache inventory
Improvements to the Historical Month Billing Summary CSV Export
Added 5 new BPC’s
- App Services with Unknown resource health
- App Service Plan without AutoHeal Enabled
- App Service Plan with under utilized memory
- App Service Plan with over utilized memory
- Managed Disk without delete lock
GOOGLE UPDATES
Two new Inventory reports:
- Topics and Subscriptions Detail
- Topics and Subscriptions Summary Report
September 18, 2017
CloudCheckr will be performing a scheduled system update on Monday, September 18, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Updated Forgot Password screens and workflow
In addtion to an improved look and feel, when using the forgot password function, CloudCheckr will email you a link to the rest password page, and a key you must enter into a form on that page.
AWS UPDATES
Added ability to view more than 20 connections in VPC Flow Logs
Pagination capabilities have been added to the VPC Flow Logs report, allowing users to view more than the top 20 connections.
Added List of Elastic File Systems Inventory report
A List of Elastic File Systems report has been added to the Inventory > EFS menu.
Automation Workflows screen reorganized to display newest items first
Workflows now default to showing the newest items first, making it easier to identify the most recently executed tasks.
Updates to CIS Benchmark:
- 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
New CIS Benchmarks:
- Ensure rotation for customer created CMKs is enabled
- Ensure appropriate subscribers to each SNS topic
- Ensure no security groups allow ingress from 0.0.0.0/0 to port 338
- Do not setup access keys during initial user setup for all IAM users that have a console password
- Ensure The Default Security Group of Every VPC Restricts All Traffic
New Best Practice Checks:
- IAM Users with Console Access Should Not Have Access Keys That Were Created at Initial User Setup
- Default Security Groups Should Not Allow Any Traffic
- Lambda functions with Admin privileges
AZURE UPDATES
Added App Service Plan Right Sizing report
A new right sizing report, specific to App Service Plan, has been added to the Utilization menu.
Improvements to the Single Day and Single Month Billing Summary CSV Exports
VM Right Sizing updated with information on enabling memory metrics for your VMs
If no memory metrics are available for your virtual machines, the right sizing report will notify you and offer information on how to populate that data.
New Best Practice Checks:
- Network Security Groups Outbound Rules With Potentially Dangerous Ports Exposed
- App Service Plan is Unavailable
- App Service Plan Has Exceeded Usage Quota
- App Service Plan CPU Under / Over Utilized
- App Service without Backup Scheduling Enabled
- App Service with SSL Disabled
- App Service with Critical Recommendations
September 11, 2017
CloudCheckr will be performing a scheduled system update on Monday, September 11, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Re-implemented two Admin functions on List of Accounts page:
- CSV Account Upload – allows you to upload a CSV for bulk account creation.
- Save List of Accounts to CSV – allows you to export a list of your accounts to a CSV file.
AWS UPDATES
Usability improvements to Inbound Rules Fix Now capability
The interface and workflow for configuring the Fix Now options for the inbound rules best practice checks has been improved.
Updated RDS List of Instances CSV export
The CSV export from the Inventory > RDS > List of DB Instances has been updated to more closely match the format from the List of EC2 Instances export.
Custom Charges display by description in invoices
A new checkbox has been added to the Cost > AWS Partner Tools > Report > Generate Invoices screen, labeled, ‘Show custom charge descriptions’. When this checkbox is enabled, when you export an invoice any custom charges added to
CloudCheckr will display as their description (instead of displaying as coming from the ‘Custom’ service). This will be true for any invoice other than Summary by Region, or invoices based on Saved Filters (those will adhere to the saved
filter formatting). This will make it clear to the invoice recipient what the charges are for.
Can now add List of S3 buckets directly to custom reports
You can now save your List of S3 Buckets reports directly to custom reports from the Inventory > S3 > List of Buckets report. Previously you had to use the Create Custom Report functionality to save S3 reports.
Added KMS Key Id to List of Trails report
The Security > Activity Monitoring > AWS API (CloudTrail) > List of Trails report will now display the KMS key Id, if applicable.
New Best Practice check
- CloudTrail Logs Not Encrypted at Rest Using KMS CMK
New CIS Benchmark
- Ensure VPC flow logging is enabled in all VPCs
Added inventory tag support for:
- Glacier
- DynamoDB
- Elasticache
- Lambda
- KMS
- EFS
AZURE UPDATES
Collecting SQL DTU metrics
SQL DTU (database transaction units) are now being collected for the SQL databases.
Added Profit Analysis report
The Profit Analysis report has been added to the Partner Tools menu.
Added SQL DB Advisor recommendations to Best Practice Report
The Azure Advisor tab in the Best Practice report will now also include SQL DB Advisor recommendations.
Added configuration options to Idle SQL Database Instances check
You can now configure the parameters of the Idle SQL Database Instances best practice check, dictating the idle percentage as well as the number of days to check against.
Added support for South Africa’s North and West locations
September 01, 2017
CloudCheckr will be performing a scheduled system update on Friday, September 01, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Ability to filter Network Usage alerts by Account
When creating Network Usage alerts within the Cost > Alerts > Manager menu, you now have the ability to filter these alerts by AWS account.
Re-implemented Find AWS Resource functionality to list of accounts page
The main list of accounts page offers the ‘Find AWS Resource’ button and functionality once again. This button allows you to find which account owns specific AWS resources.
Updates to AWS Partner Tools being logged in Audit Log
Any changes being made against the following features within the Cost > AWS Partner Tools menu will be captured by the Admin Audit log.
- Custom Billing Charges
- Configure Custom Cost
- Payee Support Charges
- Custom Usage Rates
Added Fix Now capability for CloudTrail Unauthorized Access Attempts
The CloudTrail Unauthorized Access Attempts best practice check now offers ‘Fix Now’ functionality that will remove the IAM user where the unauthorized attempts are originating from.
Added Fix Now capability for EBS Volumes without Recent Snapshot
This new Fix Now function creates a snapshot of an EBS volume if that volume is attached to an instance and the instance is found to be in a running state.
Tag Mapping now supports Tag AND Property mapping in same rule
When setting up tag mappings previously they could only be setup to map a tag or a property. Not both. Now, you can map both a tag and a property in the same mapping. These are configured within the Cost > Tags > Tag Mapping report.
Stale IAM Users check now shows user and password creation date
The data displayed within the Stale IAM Users best practice check has been updated to include the user and password creation date.
5 New CIS Benchmarks:
- 1.19 Maintain current contact details
- 1.2 Ensure CloudTrail log file validation is enabled
- 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
- 3.15 – Ensure appropriate subscribers to each SNS topic
- 4.1 – Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
4 New Best Practice Checks:
- No support role has been created to manage incidents with AWS Support
- Rotation not enabled for customer created CMKs for KMS encryption
- Cloudtrail Bucket(s) Without Access Logging Enabled
- EC2-Classic Security Groups Inbound Rules With Potentially Dangerous Port 22 Exposed
AZURE UPDATES
Added charts to VM Scale Set Summary
The VM Scale Set Summary report within the Inventory menu now has additional pie charts.
Added Untagged Resources Report
An Untagged Resources report has been added to the Inventory module. This report allows you to see which resources are missing tags, or are missing specific tags.
Added Snapshots to Managed Disk inventory reports
A new report for Snapshots has been added to the Managed Disk inventory.
Can now specify currency and region for billing collection
You can now specify the currency and region for an Azure Inventory account that has billing data collection enabled. This is managed within the Billing Settings menu.
1 New Best Practice Check:
- Idle SQL Server Database Instance
6 New API calls:
- add_azure_csp_account
- add_azure_ea_account
- add_azure_inventory_account
- edit_azure_csp_credential
- edit_azure_ea_credential
- edit_azure_inventory_credential
GOOGLE UPDATES
Added Buckets to Change Monitoring
The Change Monitoring report now reports against changes being made to storage Buckets.
VMWARE UPDATES
CSV export added to Cost Calculator
You can now export the results from the VMware cost calculator to CSV.
Cluster Overview now shows current and max metrics
The VMware Cluster Overview now shows the current and max metrics for the cluster.
August 25, 2017
CloudCheckr will be performing a scheduled system update on Friday, August 25, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Updated CIS Benchmarks to properly reflect Scored vs Not Scored
The CIS Benchmark report has been updated to properly reflect Scored vs Not Scored controls.
Saved Filter updates added to audit log
Changes being made to saved filters within the Advanced Grouping report are now being included within the Admin Audit Log. This allows you to see who is making changes to saved filters within your account.
New CIS Benchmark added:
- Ensure security contact information is registered
Improved tagged resource processing in billing data collection
CloudCheckr continues to make speed and performance improvements to the billing collection process. With this improvement tagged resources are now being processed at a much faster rate.
Improved performance of report updates
In addition to improving the speed and performance of the billing data collection, improvements are also being made to the report updates.
AZURE UPDATES
Added Best Practice Report to multi-account views
Azure multi-account views will now build and display the Best Practice Report. This report will consolidated and display the Best Practice report across all accounts linked to the multi-account view.
Added unused resources to Cost Savings report
The Cost Savings report will now reflect your unused resources.
New Best Practice Check:
- SQL Server without Failover Group
August 17, 2017
CloudCheckr will be performing a scheduled system update on Thursday, August 17, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Redesigned the list of accounts page
The list of accounts page has been redesigned, improving the look and feel.
AWS UPDATES
Improved S3 List of Buckets CSV export
Improvements to Regions without AWS Config Enabled Fix Now
Added Fix Now capabilities to CloudTrail Unauthorized Access Attempts
AZURE UPDATES
New Cost Changes Report
New Cost Savings Report
Improved VM Right-Sizing for RDMA and Dedicated Hardware
Added Custom Report functionality to various reports
Fixed Custom Report functionality on multiple reports
Added OS Type to VM Summary report
Added new Inventory reports:
- Service Bus Summary Report
- List of Service Buses Report
Three New Best Practice Checks:
- Network Security Groups Outbound Rules With Dangerous Ports Exposed
- Application Gateways With Fewer Than Two Healthy Machines
- Network Security Groups Outbound Rules Set To All Ports
August 11, 2017
CloudCheckr will be performing a scheduled system update on Friday, August 11, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added contract budget tracking alert
A new cost alert has been added to the Cost > Alert > Manager menu. The contract budget alert allows you to track not only the spend against a user-defined budget, but also the amount of waste. This alert also integrates with saved filters from
the Advanced Grouping report.
Improvements to two columns in EC2 List of Instances report
Clarity has been added to the following two columns within the EC2 List of Instances report:
- Role
- Volume Missing Tags
Updates to the CIS Benchmark report
The CIS Benchmark report has been updated to reflect scoring changes introduced by CIS.
Improvements to the ‘Is bucket public’ page
The webpage that allows you to enter the name of your S3 buckets to validate whether they are public or not has been improved, making it easier to identify private, public, or invalid buckets.
Further billing collection performance improvements
CloudCheckr continues to make speed and performance improvements to the billing collection process.
AZURE UPDATES
Added Retail Cost as option to cost reports
All Cost reports will now allow users to select ‘Retail Cost’ as the cost type.
Added Consumed Service Spend Analysis report
A Consumed Service Spend Analysis report has been added to the Cost menu. This report allows you to see a user-friendly, high-level breakdown of the costs for any consumed service. For example, you can filter on Compute and see a cost breakdown by
VM, Storage, Networking, and Data Management. Each of those can be further broken down by sub-categories.
Retrieving Azure Marketplace cost data
Cost usage data from the Azure Marketplace will now be retrieved, and accessible within the Cost reports.
Added 14 additional Azure Security Center checks
The Azure Security Center tab within the Best Practice report now displays 14 additional checks.
Two New Best Practice Checks:
- SQL Server Database Less than 10% of Free Storage
- Premium Redis Cache Instance With No Firewall Rules
August 03, 2017
CloudCheckr will be performing a scheduled system update on Thursday, August 03, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Further billing collection performance improvements
CloudCheckr continues to make speed and performance improvements to the billing collection process.
Improperly Tagged detection improvements
As part of the billing improvements, the process that detects improperly tagged resources has been isolated ensure that it will execute on time, even within accounts with very large billing datasets.
Added Billing credit pass through for tiered resellers
Tiered resellers that apply credits to subaccounts will now have those credits properly pass down to those separate customer accounts.
Improvements to the List Cost Analysis CSV export
Additional datapoints that were previously added to the List Cost Analysis report are now included in the CSV export.
Added support for Blended/Unblended and List to DBR Summarization
When creating a summarized version of the DBR you now have the ability to use Blended/Unblended or List Cost. NOTE: When using List Cost you are limited to a subset of the columns. This report is available within the Cost > AWS Partner Tools >
DBR menu.
Added 11 Fix Now functions to the best practice report:
- EC2-VPC Security Groups Inbound Rules Set To All Ports (needs input)
- EC2-VPC Security Groups Inbound Rules Set To All Ports (No Resources) (needs input)
- EC2-Classic Security Groups Inbound Rules With Dangerous Ports Exposed (With Resources)
- EC2-Classic Security Groups Inbound Rules With Potentially Dangerous Ports Exposed (With Resources)
- EC2-VPC Security Groups Inbound Rules With Dangerous Ports Exposed
- EC2-VPC Security Groups Inbound Rules With Potentially Dangerous Ports Exposed
- EC2-VPC Security Groups Inbound Rules With Dangerous Ports Exposed (No Resources)
- EC2-VPC Security Groups Inbound Rules With Potentially Dangerous Ports Exposed (No Resources)
- EC2-Classic Security Groups Inbound Rules Set To All Ports (No Resources)
- EC2-Classic Security Groups Inbound Rules With Dangerous Ports Exposed (No Resources)
- EC2-Classic Security Groups Inbound Rules With Potentially Dangerous Ports Exposed (No Resources)
AZURE UPDATES
Support new Meter naming conventions
Microsoft has improved standardized names for Azure meter attributes. CloudCheckr has been updated to support these changes. For more information please see: https://azure.microsoft.com/en-us/support/meter-rename/update-reports/
Can now control List Cost to be based off Pay-As-You-Go
A new option has been added to the Account Settings > Edit Billing Configuration menu that allows you to control whether or not List Cost will intially be based on Pay-As-You-Go pricing. This will be disabled by default and must be manually enabled.
Added Azure Security Center
Azure Security Center has been added to the Best Practice Report.
Improved Consumed Service consistency for mixed MAVs
Mixed multi-account views have been updated to better report against consumed services spanning the different billing sources (CSP, Enterprise Agreement, etc.).
Added Resource Group Filtering to Inventory reports
Azure inventory reports now support filtering by Resource Groups.
Added Cost Source filtering to the CSP Advanced Grouping report
An additional filter has been added to the Advanced Grouping report within CSP account, allowing you to filter by the cost source.
Added additional data to the List of Storage Accounts reports
Additional data has been added to the Inventory > List of Storage Accounts report, including Subscription ID, Location ID, Resource Group, etc.
Currency Code and Billing Region options added to Partner Tools
Two new options have been added to the Account Settings > Edit Billing Configuration menu that allow you to set both the default currency and billing region of your cost data. NOTE: The billing region cannot be changed once it is configured.
Two New Best Practice Checks:
- Unattached Managed Disks
- App Service Plan with no Apps
GOOGLE UPDATES
Virtual Machine added to Change Monitoring
The Change Monitoring report now reports against changes made against your Virtual Machines.
July 27, 2017
CloudCheckr will be performing a scheduled system update on Thursday, July 27, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Further billing collection performance improvements
CloudCheckr continues to make speed and performance improvements to the billing collection process.
Improvements to Virtual RIs
Virtual RIs now support regional scope RIs.
Improvements to saved filter creation notification
When saving a filter within the Advanced Grouping report, you can have CloudCheckr deliver an email notification once the save request is complete. This email can now be configured on a per-saved filter basis (previously there was one option per account).
Improvements to the user experience for Self-Healing checks
The user experience for Self-Healing best practice checks have been improved for checks that require user input (such as modifying security groups).
Updates to the CIS Benchmark report
The CIS Benchmark report has been updated to reflect scoring changes introduced by CIS.
AZURE UPDATES
Improved custom charge handling in Invoice Generator
It is now easier to identify the custom charges when exporting the data through the Invoice Generator.
New Budget vs Spend report for CSP
Within the Azure Partner Tools menu, CPS accounts now have a report that will track their budget versus their actual spend.
Displaying additional datapoints for App Service Plans
Several additional datapoints have been added to the Inventory > App Service Plans reports.
Added saved filter emails to Advanced Grouping
When creating a saved filter within the Cost > Azure Billing > Custom Reports > Advanced Grouping report, you can now configure those filters to be emailed on a daily, weekly, and/or monthly basis.
Added currency support to invoices
The Azure Invoice Generator now supports multiple currencies. This report can be accesse within the Cost > Azure Partner Tools menu.
New BPC:
- SQL Server Database with Transparent Data Encryption Disabled
GOOGLE UPDATES
Added additional data for Bucket reporting
Several additional datapoints have been added to the Inventory > Bucket reports, providing deeper insight into the storage within your buckets.
July 20, 2017
CloudCheckr will be performing a scheduled system update on Thursday, July 20, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added EC2 System Manager Inventory reports
You can now view your EC2 Systems Manager information within the Inventory > EC2 menu.
Tag Filtering added to MAV EC2 Instance History by Time report
The EC2 Instance History by Time report, within Multi-Account Views, now includes tag filtering. You can access this report by logging into an AWS Multi-Account View, and navigating to Inventory > Trending > EC2.
Further billing collection performance improvements
CloudCheckr continues to make speed and performance improvements to the billing collection process.
Updates to the CIS Benchmark report
The CIS Benchmark report now reflects updates to the benchmarks made my CIS.
Added ability to export Savings report as a Summary
You can now export a pdf summary of the Savings report that excludes all of the resource items.
Improvements to the user experience for Self-Healing checks
The user experience for Self-Healing best practice checks have been improved for checks that require user input (such as modifying security groups).
Fix Now requests updated to run on an every-15 minute schedule
Better handling of international dates and currency
Reports and functionality that had been mishandling internaltional (non-US) dates and currency have been updated.
AZURE UPDATES
Improved Load Balancer Inventory Reporting
Probes are now properly handled within the Load Balancer reports
Added Tag Mapping – Splitting
This new report allows you to split your costs across multiple tags. This report can be found under Cost > Tags.
New BPCs:
- Network Security Groups Inbound Rules With Specific Ports Exposed From Any IP Address
- Network Security Groups Outbound Rules Set To All IPs and All Ports
- Load Balancers With Fewer Than Two Healthy Machines
- Idle Redis Caches
GOOGLE UPDATES
Added VPC Network Inventory reporting
- Summary report
- List of VPCs report
July 14, 2017
CloudCheckr will be performing a scheduled system update on Thursday, July 14, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Email summary report of self-healing checks
If you have CloudCheckr configured to ‘self-heal’ (automatically fix issues detected within the Best Practice report), you will receive an email summary of those actions taken on your behalf.
Improvements to the ‘Is bucket public’ page
The webpage that allows you to enter the name of your S3 buckets to validate whether they are public or not has been improved for usability.
Performance improvements for billing data collection
Improvments have been made to the billing collection process to speed up the amount of time it takes to process updates.
Added tag column and filtering to EC2 Right-Sizing report
You can now filter the EC2 Right-Sizing report by tag, as well as add a column to display tags within the report. This report can be found within the Utilization menu.
Added additional charts to the Lambda Summary Inventory report
Additional summary charts were added to the Inventory > Lambda > Summary report:
- Function Names by Region
- Code Sizes by Region
- Memory Sizes by Region
Fix-Now capability for Over-Utilized EC2 Instances
Fix now capabilities have been added to the Over-Utilized EC2 Instances best practice check.
AZURE UPDATES
Ability to generate invoices based on subscription families
You know have the ability to generate invoices based on the Subscription families created within the Cost > Azure Partner Tools menu.
Ability to auto-create CSP customer accounts
Azure CSP accounts have a new menu added within the Account Settings named ‘Edit Billing Configuration’. Within this menu you can enable a feature that will automatically create an account for each customer subscription found during billing
collection, if the account has not been created previously. These accounts will
Added the ability to schedule automated invoices
Within the invoice generator you now have the ability to configure invoices to be emailed automatically on specific days of the month. To schedule the invoice simply select the subscription family you would like to schedule the invoice for, and click
the ‘Schedule’ button.
Added Inventory reporting for CSP service requests
Within the Inventory module you can now view your Service Requests with the Azure support team. These reports allow you to see the status, severity, creation date, last update, and other key datapoints for your requests.
4 new Best Practice Checks:
- Network Security Groups Inbound Rules With Potentially Dangerous Ports Exposed
- Publicly Accessible SQL Server
- Blocklisted Public IP Addresses
- Redis Cache Firewall Allows Broad Range of IPs
GOOGLE UPDATES
Inventory reports have been added for:
- Snapshots
- SSL Certificates
- Organization Policies
- Project Policies
- Images
July 7, 2017
CloudCheckr will be performing a scheduled system update on Thursday, July 7, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added support for the new GovCloud region
GovCloud accounts in CloudCheckr will now be able to build inventory reporting for resources that reside in the new GovCloud region.
Added tag filtering to MAV EC2 Right-Sizing report
You can now filter the EC2 Right-Sizing report, by resource tags, when using the report within multi-account views.
Added two Fix Now buttons to the best practice report:
- S3 Buckets That Allow Authenticated Users To Access S3 Log Files
- EC2 – VPC Security Groups Inbound Rules allowing Broad IP Range
AZURE UPDATES
New best practice check:
- Virtual Machines Running as Dedicated
GOOGLE UPDATES
Added notification messages for disabled services
CloudCheckr will now notify you if it is trying to retrieve inventory data against a disabled service within your Google account. You do not need to take action against this notification, or enable any service you do not wish to utilize.
UI UPDATES
RI Upfront Cost Amoritization report moved in report navigation
The RI Upfront Cost Amortization report can now be accessed by navigating to Cost > Reserved Usage > Amortizatoin within the report navigation.
Various style updates to increase intuitive interaction
CloudCheckr continues to make updates to its interface, making the report easier to navigate and use.
Additional color settings added to the customization settings
Within the Settings > Customization menu, there are now three options to control colors
- Set your primary color – this controls the color bar spanning the app
- Set your secondary color – this controls the color of the report navigation
- Set your text color – this will set the text of the report navigation to white or black
June 29, 2017
AWS UPDATES
- Ability to clone custom charges
- IAM Summary reports updated with new information
- Self-Healing BPCs switched to an ignore list will be excluded from scans
- Self-Healing BPCs send email alerts upon scan and fix completion
- Provides links directly to the workflow used for the fix
- New Fix Now functionality for “EC2-VPC Security Groups Inbound Rules allowing Broad IP Range”
AZURE UPDATES
- Changes to EA for Group by Day and Group by Year
- Managed Disks added to the Inventory Summary Report
GOOGLE UPDATES
- Change Monitoring functionality added for SQL Databases
GENERAL UPDATES
- Server load balancing upgrades to improve stability and performance for our concurrent customers
API UPDATES
-
get_history
API method updated to include optionalresource_id
parameter
UI UPDATES
- Added enable/disable “View Dashboard” checkbox in Plan Settings
June 15, 2017
AWS UPDATES
- New Workflow + BPC Fix Now button for EC2-VPC Security Groups Inbound Rules allowing IP Range
- CloudTrail performance improvements
AZURE UPDATES
- BPC added Unhealthy Virtual Machines Attached to Load Balancers
- Redis Cache 7 Day Used Memory and Server Load charts added
- Added Support for Tiered Custom Billing Charges
UI UPDATES
- Font improvements
- Forgot Password Page UI update
June 08, 2017
GENERAL UPDATE
- Implemented new layout for landing page on white labeled accounts
AWS UPDATES
- Added support for the AWS Cost and Usage report
- Added Fix-Now Button for Under-Utilized EC2 Instances Best Practice Check
- EC2 Right-Sizing report now ingests custom memory metrics
- Added Saved Filters to the EC2 Right-Sizing report
- Added self-healing functionality to the Best Practice report
AZURE UPDATES
- Added Meter Details report, showing updates to Azure price lists
- Added an Improperly Tagged Resources report for Tag Rules
- Added new API call: get_detailed_billing_with_grouping_by_currency
GOOGLE CLOUD UPDATES
- Added an Inventory Summary report
June 01, 2017
CloudCheckr will be performing a scheduled system update on Thursday, June 01, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
- Updated the look and feel of the report navigation
- “Integrations” have been re-named as “Add-Ons”
AWS UPDATES
Improvements to List Cost Analysis
List Cost Analysis now has a filter for AWS Service, and also gives users the ability to include Usage Quantity in the returned data.
Added support for tiered resellers with multiple payer accounts
CloudCheckr can now support tiered reseller configurations when the top-tier reseller has multiple payer accounts.
Added direct link from custom billing charges to List Cost Analysis
An info icon has been added to Custom Billing charges. When clicking this icon you will be redirected to the List Cost Analysis report, showing you the months that this custom charge has been active, and its impact.
Added error type filtering to CloudTrail Events report
When using the CloudTrail Events report within the Security > Activity Monitoring > CloudTrail menu, you can now filter the events based on Error response. This allows you to easily identify all the events that failed for specific reasons.
Added ability to apply all tags to EBS Volumes Without a Snapshot best practice check
When using the tag filter option within the EBS Volumes Without a Snapshot best practice check, you now have the option to Select All tags. Also, when saving this option within multi-account views, the pop-up won’t automatically close, making
it easier to configure tags against multiple accounts.
New API Call
- add_custom_billing_charge_monthly_premium
AZURE UPDATES
Support for multiple currencies has been added to 3 cost reports
If your Azure cost reports contain multiple currencies, you can now view each of those independently within the following cost reports:
- Single Day Summary
- Historical Monthly Summary
- Advanced Grouping
Collecting Azure SQL firewall rule info
SQL Server firewall rules are now displayed within the Inventory > SQL Server > List of SQL Servers report.
Detecting Azure SQL firewall changes via Change Monitor
Changes made to SQL firewalls will be reported within the Security > Activity Monitoring > Change Monitoring report.
Collecting Azure App Services info
CloudCheckr has added two inventory reports for Azure App Services.
Partner Center / CSP invoice import compares invoices vs current rates
8 New Best Practice Checks
- Unhealthy Virtual Machines
- Virtual Machines with Unknown Health Status
- Azure SQL Server Firewall Allows Broad Range of IPs
- Azure SQL Server With No Databases
- Application Gateways With Empty Backend Address Pools
- Load Balancers With No Rules
- Load Balancers with All Backend Address Pools Containing No Network Interfaces
- Unused Network Interfaces
GOOGLE CLOUD UPDATES
You can now add your Google Cloud accounts to CloudCheckr
May 26, 2017
CloudCheckr will be performing a scheduled system update on Friday, May 26, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Updates have been made to the look and feel of the CloudCheckr application:
- Updated the fonts throughout CloudCheckr
- Updated the default logo and color scheme
- Updated the look and feel of the buttons within CloudCheckr
AWS UPDATES
Reorganized the Automation report menu
The Automation menu has been organized by AWS Service.
Added the number of resources within each VPC to the List of VPCs report
A column has been added to the List of VPCs report, showing the number of resources within that VPC. When expanding on any VPC you can also see the total for each resource type, as well as the list of resources within the VPC.
Updated the Spot Management workflow to make it easier to enable on accounts
Enabling and configuring Spot Management has been streamlined. In addition to making it easier to enable the Spotinst add-on, you can also configure CloudCheckr to automatically enable Spot Management on all new accounts created moving forward.
Ability to recalculate Support Charges by Account Family or Manage by AWS Account
A new option, to recalculate support charges by AWS account, has been added to configuring Payee Support Charges within the AWS Partner Tools menu. If this option is selected the payee support charges will be calculated per account, by account. The
other option is to calculate the charges against the sum of the account family’s usage.
Added two enhancements to the List Cost Analysis screen:
- Ability to filter by Custom Charges
- Ability to view multiple periods
AZURE UPDATES
Improvements to building Multi-Account Views
-
Billing System Selector
You now have the option to build Mixed, Enterprise Agreement, or CSP multi-account views. Because the data structure for the different types of accounts varies, thiw will allow CloudCheckr to display the most appropriate data when building the reports within the Multi-Account views. -
Advanced Grouping Improvements
Based on the billing system selector, the Advanced Grouping report will display the appropriate grouping and filter selection options within the multi-account views.
May 18, 2017
CloudCheckr will be performing a scheduled system update on Thursday, May 18, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added account friendly name to CloudTrail “List of Trails” report
The CloudTrail List of Trails report within Multi-Account Views will now also display the account’s friendly name where the trail resides within the report itself.
Added clarity around CloudWatch and List metrics for S3 summary reports
A warning has been added to the S3 Inventory Summary report, explaining which methods CloudCheckr uses to obtain and report against S3.
AZURE UPDATES
Single month summary now supports multiple currencies
If your Azure cost reports contain multiple currencies, you can now view each of those independently within the Cost > Azure Billing > Summary Reports > Single Month Summary report.
Custom Charges now supports Retail Cost option
When configuring custom billing charges within the Cost > Azure Partner Tools menu, you can now have those custom charges applied to the Azure Retail rate. Using this option will calculate the custom charge from the Azure retail cost, which is based
on the rates from Azure Pay As You Go.
Two new Best Practice Checks:
- Application Gateway using unsecured backend protocol
- Application Gateway using unsecured protocol
May 12, 2017
CloudCheckr will be performing a scheduled system update on Friday, May 12, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added End Dates to Custom Billing Charges
When configuring Custom Billing Charges, in addition to a Start date, you can now apply an End date. Custom Charges can be configured within the Cost > AWS Partner Tools > Configure menu.
Added combined S3 bucket storage totals to the CloudWatch Historical Export report
Previously you could only obtain the storage per bucket by storage type (Standard, Reduced Redundancy, etc.). Now you retrieve the total storage amount across all types within the Utilization > CloudWatch Historical Export report.
Added support for No Upfront 3 year standard EC2 RIs
Recently AWS announced that its users could purchase No Upfront 3 year standard EC2 reserved instances. Support for those types is now included within CloudCheckr.
Added Last Attached and Created Date to Unattached EBS Volumes BPC
The Unattached EBS Volumes best practice check will now also include the date the volume was last attached as well as its created date. These will help you make more informed decisions on how to proceed with these volumes.
Added friendly account name to the CloudTrail List of Trails report CSV export
The CloudTrail List of Trails report within Multi-Account Views will now also display the account’s friendly name where the trail resides when exporting the data via CSV.
New Best Practice Check:
- EBS Volumes Attached to Stopped EC2 Instances
AZURE UPDATES
New resource tags tracking reports
There are two new reports to help you monitor and manage your cost tags within Azure.
- Lookup Resources – This feature allows you to search and view all tags associated with any resource.
- Tagging Rules – This feature allows you to create rules that will flag resources that do not meet your user-defined tagging requirements.
NOTE: Both can be found under Cost > Tagging within the report navigation. Also, the Improperly Tagged Resources report, where you can see the output of the tag rules, will be available soon.
List Cost Analysis for CSP now groups by Customer
The Azure List Cost Analysis has been reorganized for CSP accounts, grouping by Customer first.
Office 365 subscription information added to billing structure
Drilldown capabilities have been added to the Best Practice report
Azure best practice checks will now have drilldown capabilities, allowing you to get more details about the resources being flagged within each check.
Two new Best Practice Checks:
- Virtual Machine in a “Deallocated” State
- Virtual Machines in a “Stopped” state
May 04, 2017
CloudCheckr will be performing a scheduled system update on Thursday, May 04, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Added Aventra IRON to integrations
Aventra™ IRON is a next-gen workload optimization solution that delivers the CloudCheckr promise for improving cloud cost management and asset utilization. You can access Aventra™ IRON through the Integrations menu at the top of the app.
AWS UPDATES
Added Amortization option to cap instance costs at their On-Demand price
You can now configure CloudCheckr to cap the amortization amount, per instance, at its on-demand price. How this feature works is that Amortization is added to each usage row up untill the on-demand cost of the running instance. Any remaining amortization
is charged back to the account that purchased the reserved instance.
This third amortization option can be enabled within the AWS Partner Tools > Configure > Configure Custom Cost screen.
Added two new Inventory reports
- IoT Summary
- IoT List of Things
Reworked Automation Workflow screen
The Automation Workflow screen has been reworked to make it easier to manage open workflow tasks and review workflow history.
Added Fix Now capabilities to several Best Practice Checks:
- S3 Buckets with Edit Permissions set to Everyone
- S3 Buckets with Upload/Delete Permissions for Authenticated Users
- S3 Buckets with Upload/Delete set to Everyone
- S3 Buckets with Edit Permissions set to Authenticated Users
- S3 Buckets With Any Permission Set To Authenticated Users
- S3 Buckets With ‘List’ Permission Set To Authenticated Users
- S3 Buckets With ‘List’ Permission Set To Everyone
- S3 Buckets With ‘View Permissions’ Permission Set To Everyone
- Publicly Accessible RDS DB Instances
- SNS Topics with Permission set to Everyone
- New Best Practice Check: CloudTrail integrated with CloudWatch Logs
AZURE UPDATES
Added Search Tags report
Azure accounts can now view and filter their tag inventory within the Cost > Tagging menu.
Added Budget Alerts by Saved Filters
When configuring budget alerts within the Cost > Alerts menu, you can now base the budget on saved filters.
Added Cost Alerts by comparative fluctuations
Within the Cost > Alerts > Manage menu, there is now the ability to create a cost alert based on cost fluctuations, instead of by budget. This alert will look at the cost over a user-defined period of time and compares that against the average
costs over a previous period of time to find fluctuations. The alert can be triggered based on cost or percentage fluctuations.
Collecting Resource Group with billing data
CloudCheckr will now ingest the Resource Group from the Azure usage reports. You will be able to group by, and filter by, these groups within the Advanced Grouping report.
Collecting Blob Storage monitoring metrics
CloudCheckr will now ingest Blog Storage metrics which can be viewed within the Inventory > Storage Accounts reports.
April 27, 2017
CloudCheckr will be performing a scheduled system update on Thursday, April 27, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Ability to whitelabel activation emails
CloudCheckr MSP partners utilizing a whitelabel now have the ability to have their new user activation emails customized. If you would like to customize this email, please contact support@cloudcheckr.com.
AWS UPDATES
New Monthly CPU Utilization report
This new report, within the Utilization > EC2 menu, will provide high-level metrics for the average CPU used across all EC2 instances during each month.
Improvements for EC2 RI Recommendations around flex RIs
We’ve updated the EC2 RI Purchase Recommendation reports to better reflect how they account for flex RI matching.
Amortization will now be calculated during the month
For accounts that have amortizatoin enabled, you can now see the amortization calculated during the month. Previously this was only calculated once the month was finalized.
Added S3 storage metric to CloudWatch Historical Export
You can now see the total S3 storage, by bucket, within the CloudWatch Historical Export report. Previously this was only available for the different storage types.
Security Group alert email improvements
The security group alert emails will now group all changes for each security group together. Previously each change was separate within the email.
Two New API Calls
- get_custom_charges
- get_resources_ec2_details_v4
AZURE UPDATES
Added Network Security Group alerts
You can now configure and receive alerts around your Network Security Groups. These can be created and managed within the Security > Alerts menu.
Added location to Change Monitoring
The Azure Change Monitoring report will now include the Location of the resources. This report can be found within the Security > Activity Monitoring menu.
Improvements to the List Cost Analysis report
Drilldowns on each change row have been added to the List Cost Analysis report. This allows users to better understand what was modified by CloudCheckr’s List Cost calculations. The List Cost Analysis report can be found within the Cost >
Azure Partner Tools menu within EA and CSP accounts.
Added application gateways to the VM Scale Sets report
A table showing the application gateways has been added to the List of Virtual Machines report found within the Inventory module.
Unified the service names within billing reports
CloudCheckr has unified the service names for billing reports, making it easier to filter and identify Azure costs.
Historical Billing Summary CSV improvements
The subscription Id has been added to the Azure Historical Billing Summary CSV export.
April 21, 2017
CloudCheckr will be performing a scheduled system update on Friday, April 21, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added CloudFormation option for creating new accounts
You can now create accounts in CloudCheckr using IAM roles with CloudFormation. This process allows you to bypass creating and applying an IAM policy to the role. Accounts added through this method will automatically receive the CloudCheckr recommended
IAM policy, and won’t have to worry about updating that policy as new features and services are supported within CloudCheckr.
Improved RI Purchase Recommendation check drilldowns
The RI Purchase Recommendation best practice checks will now filter down to the exact recommendation instead of the general report.
Added clarity for IAM Admin best practice checks
The IAM Admin best practice checks have been updated to include information as to what parameters CloudCheckr utilizes to categorize an IAM user as an admin.
New Best Practice Check
- Multi-Region CloudTrail Enabled
AZURE UPDATES
Added utilization charts to the VM Right-Sizing report
The VM Right-Sizing report now includes utilization charts, graphing the memory and CPU usage for the VM over the past 30 days.
Improved Azure Advisor Check display
The Azure Advisor checks have been reorganized, making it easier to read and locate checks.
April 13, 2017
CloudCheckr will be performing a scheduled system update on Thursday, April 13, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Redesigned Login page
The CloudCheckr login page has been completely redesigned.
Added Support help button into the app
A Support help button has been added to the bottom-right of the app. Clicking the button will redirect the user to the CloudCheckr service desk page, where support tickets can be created.
AWS UPDATES
Added extra encryption to invoices and DBR copies uploaded into S3
CloudCheckr has implemented an extra layer of encryption for objects its uploading into customer S3 buckets. This impacts both invoices being saved to S3 as well as accounts utilizing the Copy DBR function.
Email notification when Advanced Grouping saved filters are built
CloudCheckr can now deliver an email message alerting a user that a newly created saved filter has been fully built. This is managed within the Advanced Grouping report.
Added several additional CIS Benchmarks
The Security > Secure Configuration > CIS Benchmark report has been updated to include several additional benchmarks.
Added filtering options to Automation tasks
Filtering capabilities have been added to the Automation tasks, making it easy to narrow the list of resources to those you’d like to take action against. The Automation tasks can be accessed within the Automation menu.
Added Host to EC2 List of Instances report
The List of EC2 instances report has been updated to include the instance host (if applicable).
AZURE UPDATES
Added List Cost Analysis report
A List Cost Analysis report has been added to the Azure Partner tools menu. This report is designed to show users each cost that was changed by CloudCheckr when calculating List Cost.
Email notification when Advanced Grouping saved filters are built
CloudCheckr can now deliver an email message alerting a user that a newly created saved filter has been fully built. This is managed within the Advanced Grouping report.
Added two new Inventory reports for Virtual Machine Images
- Virtual Machine Images Summary report
- List of Virtual Machine Images report
New Azure Advisor check:
- Use a cost effective solution to manage the performance goals of multiple SQL databases
Added new Best Practice Check:
- Unused VM images
April 06, 2017
CloudCheckr will be performing a scheduled system update on Thursday, April 06, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Added Dashboard link within accounts
You can now access your Dashboards from within any account in CloudCheckr by clicking on the Dashboard link to the right of the account dropdown. Previously Dashboards could only be accessed from the main list of accounts.
AWS UPDATES
Updated service limits will now be retrieved from Trusted Advisor
CloudCheckr will now leverage Trusted Advisor to obtain the actual service limits for the AWS accounts. These will be updated automatically within CloudCheckr’s best practices report. Previously, users had to manually enter any modified limits
beyond the default AWS limits.
EC2 List of Reserved Instances CSV Export improvements
The CSV export from the EC2 List of Reserved Instances report has been updated, breaking apart the Upfront Fee and Upfront Fee Per Instance into their own columns.
Made improvements to CloudTrail Alert Ignores
The CloudTrail alert ignores have been alphabetized, making them easier to modify and manage.
Added configuration options to Stale IAM Users best practice check
A configuration option has been added the Stale IAM Users best practice check, allowing users to determine the time frame before an IAM user is considered “stale”.
AZURE UPDATES
Added Historic Monthly Cost Summary to MAV
The Historic Monthly Summary has been added to the Cost navigation for Azure multi-account views.
Added Daily and Monthly Consolidated Billing Summary email
Within Azure Enterpise Agreement and CSP accounts, a daily and/or monthly consolidated billing summary email can be enabled. This setting is controled within the Account Settings > Email Settings menu.
Added Azure Advisor to best practices report
You can now view the results of your Azure Advisor checks within your CloudCheckr best practice report.
Added networking information to the Virtual Machine Scale Set report
Networking information has been added to the Inventory > Virtual Machine Scale Set report.
Improvements to VM Right-Sizing
The Virtual Machine Right-Sizing report has been enhanced. In addition to displaying cost data, the recommendations will now span VM sizing families.
New best practice check
- Load Balancers Configured to Use Non-SSL Ports
March 30, 2017
CloudCheckr will be performing a scheduled system update on Thursday, March 30, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Improvements to the Edit Users screen
The Edit Users screen has been updated, including adding a button to show/hide account grid.
AWS UPDATES
Added Allgress Integration
Allgress helps customers map controls to compliance standards like HIPAA and FedRAMP.
Saved Filter invoices can now include additional info in the invoice details
This option, which is controlled by a checkbox, allows customers to have the additional info, populated within Account Families, display next to each account when generating an invoice that is grouped by Account.
Note: This only supports invoices using the Saved Filter report format that are exported to CSV.
Improved Best Practice Check Fix Now capabilities
The Fix Now capabilities within the best practice checks will now show the permissions needed to execute the request and explain what actions CloudCheckr will take.
List Cost Analysis text improvements
The descriptive text within the List Cost Analysis report has been improved for clarity.
AZURE UPDATES
Added Virtual Machine Right-Sizing Report
This new report will look at all available Virtual Machine utilization metrics and make re-sizing recommendations based on usage. Each VM will be given a score based its metrics. Low scores indicate that a VM is under-utilized, while high scores indicate
that a VM is over-utilized. This report can be found under the Utilization menu.
Added two new inventory reports for Virtual Machine Scale Sets
- Virtual Machine Scale Set Summary
- List of Virtual Machine Scale Sets
Added 4 Best Practice Checks
- Storage Accounts Without Secondary Locations
- Idle Virtual Machines
- Over-Utilized Virtual Machines
- Redis Caches with non-SSL Port Enabled
March 23, 2017
CloudCheckr will be performing a scheduled system update on Thursday, March 23, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added CIS Benchmark Report
This new report will have CloudCheck compare your AWS account against the Center for Internet Security’s cloud best practices. This report can be found within the Security > Secure Configuration menu.
Reworked report navigation for Reserved Usage
The report menu under Cost > Reserved Usage has been reworked to make it easier to find Invetory reports versus Recommendations.
Added Support for AWS Config Rules in Best Practice Report
An additional tab has been added the Best Practices report showing your AWS Config rules.
Admin Workflow (approval requirement) for Automation tasks can be enabled/disabled
Witin the Automation > Setup menu, you now have the ability to enabled or disable Workflows on your automation tasks and ‘Fix Now’ functions. When enabled, requests must be approved by Workflow Admins. When disabled, the buttons will
act as ‘Fix Now’ with CloudCheckr immediately carrying out any automation or fix requests.
Publicly Accessible ELBs added to Perimeter Assessment Report
The Perimeter Assessment report, found under Security > Secure Configuration, now includes publicly accessible Elastic Load Balancers.
Single Month Summary report CSV export has separate columns for AWS Account Id and Friendly Name
Added Fix Now capabilities to Best Practice Report
CloudCheckr now gives you the ability to act on its Best Practice findings and recommendations directly from the report. To use this capability, expand on the check and click the ‘Fix Now’ button to the right of the item you would like
CloudCheckr to address. The credentials added to CloudCheckr must have the appropriate permissions to carry out the request.
This functionality is currently supported for the following checks:
- IAM Password Policy Does Not Require Lowercase Letter
- IAM Password Policy Does Not Require Non-Alphanumeric Character
- IAM Password Policy Does Not Require Number
- IAM Password Policy Does Not Require Uppercase Letter
- IAM Password Policy Minimum Length Too Short
- Passwords Not Reset For > 180 Days
- IAM Password Policy Does Not Have Password Expiration
- IAM Password Policy Does Not Prevent Password Reuse
AZURE UPDATES
Azure EA billing import now supports API keys created by an Account admin
The Azure Enterprise portal supports creating API keys as an Enterprise Agreement Admin, or as an Account Admin. CloudCheckr now supports both types of key.
Reworked report navigation for Cost
The Cost report navigation has been reworked to provide clarity around the types of reports and functions available.
Added two new inventory reports for Redis Cache
Redis Cache Summary Report
Redis Cache Details Report
Average Memory Percentage For Last 30 Days added to List of Virtual Machines report
The List of Virtual Machines report will now include the Average Memory percentage, over the last 30 days, for the VMs.
New Best Practice Check
- Storage Account Blob Services without encryption enabled
March 17, 2017
CloudCheckr will be performing a scheduled system update on Friday, March 17, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Advanced Grouping saved filters now build independent of billing updates
When creating or updating saved filters build in the Advanced Grouping report, the data for the saved filters will be build within its own process. Previously it was part of the general billing update. Separating this will improve the speed of processing
billing updates and reloads.
Best Practice Check updated
Renamed “Permissions Granted To IAM Users” best practice check to “IAM Policies Granted To IAM Users”.
AZURE UPDATES
CSP accounts will now report on current month costs
CSP accounts can now report on cost data during each month. Previously it only provided data once a month was closed, through the invoice.
IMPORTANT: To accommodate this change, you need to update the permissions of the CSP user account used by CloudCheckr. This must be changed within the CSP portal. The new permission is the “Admin agent” permission. CSP billing imports
(including previous months) will not function until this permission is added.
Added CSV export option to the Advanced Grouping drilldown
Within the Advanced Grouping report, if you click on the chart CloudCheckr will display a drilldown menu allowing you to further filter the report. That menu now includes CSV export capabilities.
Improved the Network Security Group CSV export from multi-account views
When exporting the Network Security Group report to CSV, the export will now contain all available data.
Added support for Subscription Families
You can now create and manage Subscription Families. This allows you to invoice and report on multiple subscriptions for a single customer.
New List of Load Balancers report
Added a List of Load Balancers report to the Inventory > Networking menu.
New Best Practice Check
New Best Practice Check Virtual Machines with Unencrypted Disks.
March 09, 2017
CloudCheckr will be performing a scheduled system update on Thursday, March 09, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
New Summary-Only Option for Best Practice Email
The Best Practices email can now be configured to only send the summary information (name of check and number of issues discovered) leaving out the list of resources.
Automation Task UI Improvements
The look and feel of the Automation tasks have been improved, making them uniform and easier to interact with.
Added AWS Account Id to EC2 Right-Sizing In Multi-Account Views
The EC2 Right-Sizing report within multi-account views now have an AWS account column, showing the account that owns the instance.
Updated Best Practice Check
Enforce SSL connections best practice check has been updated for clarity, and renamed to “RDS DB Instances Not Enforcing SSL Connections”.
AZURE UPDATES
Added Drilldowns to Consolidated Billing Summary
The Consolidated Billing Summary report has been updated to include drilldowns for the subscriptions.
Added Subscription Filter to Single Day Summary Report
The Single Day Summary report has been updated to include a subscription filter.
Redesigned the Configure Azure Account Screen
The configure account screen has been reworked, making it easier to choose the type of Azure account to create within CloudCheckr.
New List of Subnets Report
Added List of Subnets report to the Inventory module, under Networking.
March 03, 2017
CloudCheckr will be performing a scheduled system update on Friday, March 03, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
GENERAL UPDATES
Improvements to User Management
The screens for both creating and editing users now has the AWS accounts and Azure accounts separated by tab. This makes it much easier to find the accounts you’re looking for from the different cloud providers.
AWS UPDATES
EC2 Right-Sizing report added to MAVs
The EC2 Right-Sizing report has been added to multi-account views, allowing you to see all of your right-sizing recommendations in one central location. This report can be found within the Utilization module.
Improvements to the Best Practice Check Editor
The Best Practice Check Editor has been updated. You now have the ability to create multiple policies and choose which accounts adhere to which policy. This editor is accessible only by Admin users, and can be found within the Admin Functions on the
main list of accounts.
AZURE UPDATES
Four new reports have been added to multi-account views:
- Security Module:
- Perimeter Assessment Report
- Network Security Group Detail Report
- Change Monitoring Report
- Cost Module:
- Single Day Cost Summary
Added a Consolidated Billing Summary report
The Consolidated Billing Summary Report has been added to Azure Enterprise Agreement accounts. This allows you to see the total cost, across all subscriptions, and by subscription, in a single report.
February 17, 2017
CloudCheckr will be performing a scheduled system update on Friday, February 17, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS UPDATES
Added pricing type trend chart to RDS Summary report
A pricing type usage trend graph has been added to the Spend Analysis > RDS Summary report. This chart will show you the number of On-Demand versus Reserved hours used across RDS over a user-defined time period.
Added a new API call: get_ec2_reserved_instance_rebalancer_ec2_instances_v2
This improves on the get_ec2_reserved_instance_rebalancer_ec2_instances call by adding additional properties to the output:
Public IP Address
Private IP Address
Public DNS Name
Private DNS Name
Status
AZURE UPDATES
Added support for Multi-Account Views for Azure accounts
Multi-Account Views allow you to leverage CloudCheckr to build reports that looks across all, or a subset, of your Azure accounts. Multi-Account Views are created by using Account-Level Tags. To tag an account, load the Account and go to Account Settings
> Account Tags. You can assign multiple tags per Account. When creating your Multi-View Account you will select these tags. Alternatively, you can create the Multi-Account View and choose the accounts to build reports.
The first iteration of Azure Multi-Account Views support the Azure Inventory reports.
Added support for importing invoice billing data from the Cloud Solution Provider (CSP) portal
You can now add your Cloud Solution Provider (CSP) accounts to CloudCheckr to manage your costs.
Added the Billing Dashboard
This new report has been added to the Cost module, providing a high-level summary of the monthly Azure costs.
Added a new API call: billing/get_detailed_billing_with_grouping_v2
You can use this new call to query the cost data from your saved filters built within the Advanced Grouping report.
February 10, 2017
CloudCheckr will be performing a scheduled system update on Friday, February 10, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
Basic Users can be given access to Email Settings
You can now give your Basic Users access to the Email Settings page. This can be accomplished by leveraging User Groups. When configuring the user group, you can enable the Email Settings option within the Settings tab to let the members of the user
group view the Email Settings. To also give them the ability to modify Email Settings you will want to select the Edit Emails checkbox within the Generic tab. Add the Basic Users you would like to have these capabilities to the User Group.
Added the ability to save custom favicons
Admin users can upload their own favicon to the Settings > Customization menu.
Note that the favicon must be an .ico file.
AWS UPDATES
Added daily emails from multi-account view Advanced Grouping report
You can now configure your saved filters from a multi-account view Advanced Grouping report to send daily via email.
Kinesis has been added to Custom Reports
Within the Inventory module you can now create and save the Kinesis List of Streams report to Custom Reports.
AZURE UPDATES
Saved Filters added to the Advanced Grouping report
You can now create Saved Filters, including the performance benefit, within the Azure Advanced Grouping report.
February 3, 2017
CloudCheckr will be performing a scheduled system update on Friday, February 3, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS FEATURES
Spotinst Integration
Spotinst is a cloud-cost management platform that helps AWS customers reduce spend while ensuring high availability and performance, by leveraging cloud providers’ excess capacity. This integration allows you to enable and login to Spotinst directly
from CloudCheckr.
AZURE FEATURES
Ability to force Azure billing collection
When setting a month to reload within the Reload Usage Report, you can now have CloudCheckr force the billing update to run, ensuring you get your billing updates immediately.
Added last processed data to the Reload Usage Reports screen
You can now see the last time that CloudCheckr processed any historic billing month from the Reload Usage Reports screen.
Added the ability to report on cost data for subscriptions that are not part of an Enterprise Agreement
If you add an Azure subscription to CloudCheckr that is not part of an Enterprise Agreement, CloudCheckr can now retrieve and report on that subscription’s costs.
January 26, 2017
CloudCheckr will be performing a scheduled system update on Thursday, January 26, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS FEATURES
Implemented Right-Sizing Workflows
CloudCheckr now gives you the ability to control who can request Right-Sizing modifications, and who can approve and execute those requests. This new feature, called Workflows, will be rolled out to all the automation tasks.
To enable this capability, you must utilize the new User Group functionality. When added account access to a user group, within the Automation tab, you will see two new permissions: Open Workflow and Admin Workflow. Open Workflow is the permission that should be given to users that you would like to submit requests. Users with Admin Workflow permissions will be able to deny or approve the requests. Once a request is approved, CloudCheckr will immediately action that request. Workflows also retain a log, and notes, for any and all changes.
Added Predicted Usage to EC2 List of Instances Export
The export of the EC2 List of Instances report now includes a column for the predicted instance usage.
AZURE FEATURES
Added a Perimeter Assessment Report
Azure Inventory report will now include a Perimeter Assessment report, which will show you all the entry points from the public Internet into your Azure environment. This report can be accessed within the Security > Secure Configuration menu.
Reworked details of Under-Utilized VM best practice check
The details of the Under-Utilized Virtual Machines best practice check has been updated to provide better clarity into the VMs and the metrics CloudCheckr is reporting against.
Improvements to the Virtual Machine utilization reporting
The Virtual Machine utilization reporting has been improved to provide better statistics for your VMs. You can see this data within the Inventory > Virtual Machine > List of Virtual Machines report.
January 20, 2017
CloudCheckr will be performing a scheduled system update on Friday, January 20, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AZURE FEATURES
Added CSV option for Invoice Generator
The invoice generator within Azure accounts now supports the ability to export the invoices in CSV format.
Added Custom Reports to Inventory reports
The Azure Inventory reports will now allow you to save your filter configurations as custom reports. This prevents you from having to rebuild your reports each time you want view them.
New Best Practice Check – Under-Utilized Virtual Machines
A new best practice check has been added to the Usage tab, showing the Virtual Machines that are determined to be under-utilized based on their CPU usage.
January 13, 2017
CloudCheckr will be performing a scheduled system update on Friday, January 13, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS FEATURES
Added Untagged Resources report to multi-account views
The Untagged Resources report has been added to multi-account views. This report can be found within the Inventory module.
Newly added accounts will default to the Classic Best Practice report
When new accounts are added to CloudCheckr they will default to the ‘Classic’ best practice view, instead of the Dashboard view.
AZURE FEATURES
Added Best Practice report for Azure
Azure accounts will now have a Best Practice report. There is one best practice check to start (Security Rules Allowing All Inbound Traffic), and additional checks will be added with each update.
January 07, 2017
CloudCheckr will be performing a scheduled system update on Friday, January 07, 2017. This update will roll-out new features and reports to the application.
There is no expected service outage during this update. However, it is recommended that users clear the cache or temporary internet files of their browser after the update. All new features and reports may not appear in your account until CloudCheckr performs its next scan of your AWS deployment.
Details of the update:
AWS FEATURES
Added ability to find security groups with specific port open
The Security Group Common Searches report now has a new option which allows you to find security groups that have specific port open. You can find this report within the Security > Secure Configuration > Security Groups report menu.
AZURE FEATURES
Support for Azure Government
CloudCheckr now supports Azure Government. When adding a new Azure account into CloudCheckr you will choose whether the account is commerial or government.
Added Security Group reports
A new report menu has been added for Azure security group reporting.
Added the ability to group by tag within Advanced Grouping
Azure Advanced Grouping report now allows you to group by tag, in addition to filtering by tag.
Added Virtual Machine History by Instance report
Added a new report within Inventory > Virtual Machine > Trending, that shows Virtual Machine history by instance.