Admin API Reference Guide
- Using Access Keys
- Preferred HTTP Methods
- API Calls
- Add Access Control Lists Per Account Per Group
- Add Account V3
- Add API Key
- Add MAV Account
- Add Tag
- Add User
- Add Users
- Add User To Group
- Clone Group
- Configure Custom Cost
- Copy User
- Delete Access Control List From Group
- Delete Account
- Delete Group
- Delete Tag
- Edit Account Email Settings V2
- Edit Account Name
- Edit Credential
- Get Access Control List
- Get Access Control List By ID
- Get Access Control List Per Group
- Get Account
- Get Account Email Settings
- Get Account Level Tags V2
- Get Accounts By Group
- Get Accounts V2
- Get Accounts V4
- Get CloudTrail Custom Metrics
- Get External ID
- Get Group
- Get Groups
- Get Groups V2
- Get Invoice V2
- Get Resources Alert Results V2
- Get Utilization Alert Results V2
- Get User
- Get Users By Group
- Get Users V2
- Get Profit Analysis
- Get Profit Analysis CSV
- Grant Account
- Remove User
- Remove Users From Group
- Revoke Account
- Tag Account
- Untag Account
- Ignore Best Practice
- Add Custom Billing Charge – Fixed V2
- Add Custom Billing Charge – Monthly Percent V2
- Add Custom Billing Charge – Percent All Charges V2
- Add Custom Billing Charge – Per Virtual Machine
- Add Custom Billing Charge – Per Usage Hour
- Edit Custom Billing Charge – Per Virtual Machine
- Edit Custom Billing Charge – Per Usage Hour
- Add Undiscovered AWS Account ID
- Create Account Family
- Custom Billing Charge
- Delete Account Family
- Delete Custom Billing Charge
- Delete Custom Billing Charge – Fixed
- Delete Custom Billing Charge – Monthly Percent
- Edit Custom Billing Charge – Fixed V2
- Edit Custom Billing Charge – Monthly Percent V2
- Get Account Family V2
- Get Billing Dashboard V2
- Get Custom Billing Charges V3
- Modify Account Family
- Modify Account Family – Copy DBR
- Get SAML Providers
- Edit User
- Read Child SAML SSO Settings
- Read Child SAML SSO Settings V2
- Write Child SAML SSO Settings
- Get Best Practices V3
- Get Alerts
- Get CloudTrail Alert Results V2
- Get Cost Alert Results V2
- Get Utilization Alert Results
- Get Resources Alert Results
- Save Best Practice Notification V2
Please use these URLs when accessing the API in the following platforms:
- AU: https://au.cloudcheckr.com
- EU: https://eu.cloudcheckr.com
- GOV: https://gov.cloudcheckr.com
- FED: https://fed.cloudcheckr.com
CloudCheckr allows for the creation of two different types of access keys. Account-level access keys can only make calls against a single account. Admin-level access keys allow users to make calls against any of their accounts within CloudCheckr. They also allow API users to make account-management related calls that cannot be executed using account-level access keys.
CloudCheckr is revamping its API documentation to ensure that it reflects the best practices for REST and to improve overall consistency. We will restructure each call to include these sections:
| Section | Description |
| Input Parameters | Options that you pass with the endpoint to influence a response.
Identifies if a parameter is required or optional, the data type, and the parameter description. |
| API Call URL | Identifies the common path for the API (highlighted in yellow) and the end path of the endpoint (highlighted in light blue).
|
| Request Example | Includes a sample request that shows the endpoint and a few key parameters.
Formatted in curl since it’s language-agnostic. Includes the header information and the method (GET or POST in most cases). |
| Response Example | Shows a sample response for all of the parameters passed in the request example.
Includes examples in XML and JSON. |
Attempting to make any of these calls using a general API access key will result in an error. You may also use admin-level API keys to make the other calls found in the general API Reference guide.
When using an admin-level access keys to make those calls you must add one of the following parameter to your calls:
- use_account – the name of the account you are making the call for, where the name is the name of the account added in CloudCheckr.
- use_cc_account_id – the ID of the account you are making the call for. The ID is returned when using the method ‘account/add_account_v3′ to register the account in CloudCheckr.
XML Call:
https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]
JSON Call:
https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]
Using Access Keys
CloudCheckr requires an access key to be passed as a parameter to all API calls.
Click here for details on creating and managing access keys.
Example of Using an Access Key:
https://api.cloudcheckr.com/api/change_monitoring.json/get_changes?access_key=[access_key]
Preferred HTTP Methods
When using libraries such as curl, you may need to indicate the HTTP method to use (POST or GET). The CloudCheckr API accepts both POST and GET in most API calls. However, we recommend you use the preferred HTTP method when possible.
The preferred HTTP method for each call is GET unless specifically noted in the API CALLS section.
For more information on HTTP methods, click here: http://www.w3schools.com/tags/ref_httpmethods.asp.
API Calls
Add Access Control Lists Per Account Per Group
The API method, “add_access_control_lists_per_account_per_group”, is used to add access control lists per account per group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| acls | list <string> | required; unique alphanumeric ID for each access control list (acl) |
| group_id | string | required; group ID |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group?access_key=your_admin_access_key&use_account=AWS Main
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group? access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]
RESPONSE EXAMPLE:
XML:
<AddAccessControlListsPerAccountPerGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
<results>
<id>315ed648-da56-4713-98db-7d0a434a31f9<
/id>
<code>
0<
/code>
<message>
null<
/message>
<
/results>
</AddAccessControlListsPerAccountPerGroupResponse>
JSON:
{
"Id": "315ed648-da56-4713-98db-7d0a434a31f9",
"Code": 0,
"Message": null
}
Add Account V3
The API method, “add_account_v3”, is used to register an AWS account with CloudCheckr. This method will return a unique ID, “cc_account_id”, to enhance security for the newly-created account. Customers can use “cc_account_id” for the parameter, “use_cc_account_id”, when making calls to the admin-level API.
- The preferred HTTP method for this call is POST.
- AWS secret keys typically contain special characters. To submit as a parameter on the URL, you must URL encode it. Click here for details.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| account_name | string | required; the name of the AWS account to register with CloudCheckr |
| user_name | string | optional; the name of the user that will have access to this account. If no user is specified, the first administrator of the account will be applied |
| aws_access_key | string | optional; the access key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account |
| aws_secret_key | string | optional; the secret key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account |
| account_tag | string | optional; the tag for the account to be used within a Multi-Account View (MAV) |
| emails | list <string> | optional; the email address(es) that will populate the account’s email settings and determine who receives the automated reports.
If this parameter is not used, the email address used when registering the CloudCheckr account will be populated in this field.
|
| payer_use_account | string | optional; the name of the payer account |
| payee_aws_account_id | string | optional; the AWS account ID associated with the payee account |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
You will only need to define one of the * parameters if you want the new account to be linked to a payer account; if you do not want to link a payer account, then none of the three * parameters
are needed.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key
REQUEST EXAMPLE:
The Request Example uses the “cc_account_id” to show what the URL would look like if a customer needed a new account linked to a payer account.
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"account_name": "api added aws account",
}
RESPONSE EXAMPLE:
XML:
<AddAccountV3Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <
status>
<account_status>Success</account_status>
<cc_account_id>38</cc_account_id>
<credential_status>No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.</credential_status>
<role_account_id>352813966789</role_account_id>
<cc_external_id>CC-69CFBFCA8BF21FA123BA566A6DAAB227</cc_external_id>
</status>
</AddAccountV3Response>
JSON:
{
"account_status": "Success",
"cc_account_id": 38,
"credential_status": "No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.",
"role_account_id": "352813966789",
"cc_external_id": "CC-69CFBFCA8BF21FA123BA566A6DAAB227"
}
You can use the “role_account_id” and “cc_external_id” to create a role using the AWS Command Line Interface (CLI). See the
Create Role topic in the AWS documentation for more information.
Add API Key
The API method, “add_api_key”, is used to create a new CloudCheckr API key for a specific account.
You cannot create admin-level API keys with this method.
The preferred HTTP method for this call is POST.
XML Call:
https://api.cloudcheckr.com/api/account.xml/add_api_key?access_key=[access_key]&accounts=[account_name]
JSON Call:
https://api.cloudcheckr.com/api/account.json/add_api_key?access_key=[access_key]&accounts=[account_name]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – standard access key required for all API calls.
- accounts (required) – name(s) of the account(s) for which an API key is being created. Accepts multiple accounts.
OUTPUT
XML Example:
<AddApiKeyResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CreationStatuses>
<string>
Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]
</string>
</CreationStatuses>
</AddApiKeyResponse>
JSON Example:
{
"CreationStatuses": [
"Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]"
]
}
Add MAV Account
The API method, “add_mav_account”, is used to create a new Multi-View Account (MAV).
Important: This call can only be made using admin-level access keys.
The preferred HTTP method for this call is POST.
XML Call:
https://api.cloudcheckr.com/api/account.xml/add_mav_account?access_key=[access_key]&account_name=[account_name]
JSON Call:
https://api.cloudcheckr.com/api/account.json/add_mav_account?access_key=[access_key]&account_name=[account_name]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-level access key required for all API calls.
- account_name (required) – name of the new MAV account(s).
- account_tags_to_set (optional) – comma-separated list of tags to apply to the MAV. The tag must exist.
- for_all_accounts (optional) – true or false or 1 or 0 values. Same impact as having the “This Multi-Account View should include ALL ACCOUNTS” checked in the UI.
OUTPUT
XML & JSON Example:
{
"Code":200,
"Message":"OK"
}
Add Tag
The API method, “add_tag”, is used to create and enable an account-level tag and apply this tag to account(s), which you can use to build Multi-Account Views (MAVs).
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| tag_name | string | required; name of the account-level tag you are creating |
| account_name | string | required; name of the account where you are creating the tag |
| accounts | string | required; name of the accounts where you want to apply the tag |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_tag
REQUEST EXAMPLE:
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_tag?access_key=your_admin_access_key&tag_name=my_tag_name& account_name=my_account_name&accounts=account 1, account 2&use_cc_account_id=1234' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"tag_name": Production Tag,
"account_name": Production Account,
"accounts": Prod 1, Prod 2
}'
RESPONSE EXAMPLE:
{
"Code": 200,
"Message": "OK"
}
Add User
The API method, “add_user”, creates a new CloudCheckr user.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| list <string> | required; the email address of the new user | |
| account_access | list <string> | required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s) |
| user_role | string | required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator |
| group | string | optional; the name of the group associated with the new user |
| cost_report | boolean | optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| blended_cost | boolean | optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| unblended_cost | boolean | optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| list_cost | boolean | optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| resource_utilization_reports | boolean | optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| trending_reports | boolean | optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| change_monitoring | boolean | optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| best_practices | boolean | optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| edit_emails | boolean | optional; identifies if the customer can modify email addresses associated with the user |
| all_access | boolean | optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y” |
| password | string | optional; sets the password for the new user |
| automation | boolean | optional; allows the new user to access the associated report |
| savings | boolean | optional; allows the new user to access the associated report |
| alerts | boolean | optional; allows the new user to access the associated report |
| inventory | boolean | optional; allows the new user to access the associated report |
| security | boolean | optional; allows the new user to access the associated report |
| account_notification | boolean | optional; allows the new user to receive notifications from any associated accounts |
| partner_tools | boolean | optional; allows the new user to access the partner tools |
| edit_partner_tools | boolean | optional; allows the new user to modify the configuration of the partner tools |
| see_api_keys | boolean | optional; makes the API key visible to the new user |
| auth_types | boolean | optional; allows the new user access to authorization types |
| use_default_provider | boolean | optional; allows the new user to use the default provider configuration |
| sso_provider | string | optional; indicates that the new user has an SSO association |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"auth_types": "saml",
"group": "g2",
"use_default_provider": "true",
"sso_provider": "PingOne"
}
RESPONSE EXAMPLE:
XML:
<AddUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: newUser@cloudcheckr.com</CreationStatuses>
</AddUserResponse>
JSON:
{
"CreationStatuses": [
"Created new user with email: newUser32i34i32ke@cloudcheckr.com"
]
}
Add Users
The API method, “add_users”, creates multiple CloudCheckr users.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| string | required; the email address of the new user | |
| account_access | list <string> | required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s) |
| user_role | string | required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator |
| group | string | optional; the name of the group associated with the new user |
| cost_report | boolean | optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| blended_cost | boolean | optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| unblended_cost | boolean | optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| list_cost | boolean | optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| resource_utilization_reports | boolean | optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| trending_reports | boolean | optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| change_monitoring | boolean | optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| best_practices | boolean | optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| edit_emails | boolean | optional; identifies if the customer can modify email addresses associated with the user |
| all_access | boolean | optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y” |
| password | string | optional; sets the password for the new user |
| automation | boolean | optional; allows the new user to access the associated report |
| savings | boolean | optional; allows the new user to access the associated report |
| alerts | boolean | optional; allows the new user to access the associated report |
| inventory | boolean | optional; allows the new user to access the associated report |
| security | boolean | optional; allows the new user to access the associated report |
| account_notification | boolean | optional; allows the new user to receive notifications from any associated accounts |
| partner_tools | boolean | optional; allows the new user to access the partner tools |
| edit_partner_tools | boolean | optional; allows the new user to modify the configuration of the partner tools |
| see_api_keys | boolean | optional; makes the API key visible to the new user |
| auth_types | boolean | optional; allows the new user access to authorization types |
| use_default_provider | boolean | optional; allows the new user to use the default provider configuration |
| sso_provider | string | optional; indicates that the new user has an SSO association |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"group": "g2",
"use_default_provider": 'true",
"sso_provider": "PingOne"
}
RESPONSE EXAMPLE:
XML:
<AddUsersResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>
<status>Created new user with email: newUser48f@cloudcheckr.com</status>
<status>Created new user with email: newUserk39dk@cloudcheckr.com</status>
</CreationStatuses>
</AddUsersResponse>
JSON:
{
"CreationStatuses": [
"Created new user with email: newUser48f@cloudcheckr.com@cloudcheckr.com",
"Created new user with email: newUserk39dk@cloudcheckr.com"
]
}
Add User To Group
The API method, “add_user_to_group”, is used to add an existing CloudCheckr user to a new group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| group_id | string | required; unique identifier associated with the group |
| user_ids | list <string> | required; unique identifiers associated with the user(s) you add to the group If you add multiple users in a group, the response will provide them in a comma-separated list. |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_account
- use_cc_account_id
- use_aws_account_id
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group
REQUEST EXAMPLE:
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group?access_key=[your_access_key]&use_cc_account_id=3&user_ids=[some values]&group_id=[some value]\ \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "e85446b9-8821-41a6-9558-7550756dd899",
"user_ids": [
"8B65E388-8A0B-4B5A-A12B-8B0325D0ABF4",
"683C1113-1FF0-4F8B-AA3D-9288D2ED615A"
]
}'
RESPONSE EXAMPLE:
XML:
<AddUserToGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</AddUserToGroupResponse>
JSON:
{
"Code": 200,
"Message": "OK"
}
Clone Group
The API method, “clone_group”, creates a copy of an existing group without the users.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; group ID |
| name | string | required; name |
| use_account | string | required; friendly name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/clone_group
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/clone_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)access_key": "someValHere",
"(required)group_id": "someValHere",
"(required)name": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Configure Custom Cost
The API method, "configure_custom_cost", is used to configure the custom cost settings for a CloudCheckr account.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| CostType | string | required; identifies if you want to build List cost based on Unblended or Blended costs |
| CustomCostRIAmortization | string | required; identifies how you want your upfront cost amortized |
| RetiredRIAmortization | string | optional; identifies if you chose to amortize until the expected end date, the revised end date, or if you chose premature amortization |
| RIUnsharing | string | required; identifies if you want to unshare your RIs |
| SelectedFamilies | List string | required; identifies the account families that you want to benefit from unsharing |
| EnforceEc2RIVolume | boolean | required; indicates if you adjusted any RI volume discounts to reflect any account family purchases |
| UncompressPricingTiers | boolean | required; identifies if you want to uncompress your pricing tiers across your consolidated billing families to provide more accurate custom costs |
| SPAllocation | string | optional; identifies if you chose to revert discounts from accounts that benefited inadvertently from Savings Plans and change the usage to On-Demand |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID where the custom billing charge is applied (must be payer account) |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for This is the same ID that the API returns when you make the call 'add_account_v3′ to register the account in CloudCheckr. |
*Because this call requires an admin-level access key, you are required to add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
ENDPOINT URL:
https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost
JSON/XML CALL EXAMPLE:
curl --request POST \
--'https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost?access_key=your_admin_access_key&use_cc_account_id=7'\
--header'cache-control: no-cache'\
--header'content-type: application/[json|xml]'\
--data'{
"CostType":"Unblended",
"CustomCostRIAmortization":"Disabled",
"RIUnsharing":"Disabled",
"EnforceEc2RIVolume":"false",
"UncompressPricingTiers":"false",
"SPAllocation":"Disabled",
"use_cc_account_id":"7"
}'SUCCESSFUL JSON/XML RESPONSE:
{
"Code":"200",
"Message": "OK"
}
Copy User
The API method “copy user” is used to create a new CloudCheckr user with the exact permissions as an existing user.
IMPORTANT: This call can only be made using admin-level access keys.
The preferred HTTP method for this call is POST.
XML call:
https://api.cloudcheckr.com/api/account.xml/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]
JSON call:
https://api.cloudcheckr.com/api/account.json/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-Level Access Key is required for this call.
- email_to_copy (required) – The email address of the existing user.
- emails (required) – The email address(es) of the new user(s).
- use_account (required — either this field or ‘use_cc_account_id’) – The name of the AWS account within CloudCheckr.
- use_cc_account_id (required — either this field or ‘use_account’) – The CloudCheckr ID number for the AWS account within the application.
You can also use this call to add multiple users at once. Simply include all of the emails required, separated by commas.
OUTPUT
XML Example:
<CopyUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: mytest@mytest.me</CopyUserResponse>
JSON Example:
{
"CreationStatuses": [
"Created new user with email: mytest@mytest.me"
]
}
Delete Access Control List From Group
The API method, “delete_access_control_list_from_group”, is used to delete an access control list from a group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; ID of the user group |
| acls | list <string> | required; access control lists (ACLs) |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_groupaccess_key=your_admin_access_key&use_account=AWS Main
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_group?access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]
}
RESPONSE EXAMPLE:
XML:
<DeleteAccessControlListFromGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Status>
<Code>200</Code>
<Message>OK</Message>
</Status>
</DeleteAccessControlListFromGroupResponse>
JSON:
{
"Code": 200,
"Message": "OK"
}
Delete Account
The API method “delete_account” is used to remove an AWS account that has been registered with CloudCheckr.
IMPORTANT: This call can only be made using Admin-Level Access Keys.
The preferred HTTP method for this call is POST.
XML call:
https://api.cloudcheckr.com/api/account.xml/delete_account?access_key=[access_key]&account_name=MyAccountName
JSON call:
https://api.cloudcheckr.com/api/account.json/delete_account?access_key=[access_key]&account_name=MyAccountName
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-Level Access Key is required for this call.
- account_name (required) – the name of the AWS account that will be removed from CloudCheckr.
OUTPUT
XML & JSON Example:
{
"Code":200,
"Message":"OK"
}
Delete Group
The API method, “delete_group”, is used to delete the group with the specified ID.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; group ID |
| string | required; email address of the user | |
| user_id | string | required; user ID |
| use_account | string | required; friendly name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/delete_group
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"(required)group_id": "someValHere",
"email": "someValHere",
"user_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Delete Tag
The API method, “delete_tag”, is used to delete an account-level tag in Multi-Account Views. If you delete an account-level tag, it will impact any account that uses this tag to build its Multi-Account Views (MAVs).
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| account_name | string | required; name of the account that contains the tag |
| account_tag | string | required; name of the account-level tag that will be deleted |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag?access_key=[access key]
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
'account_name': 'my account name',
'account_tag': 'my account tag'
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Edit Account Email Settings V2
The API method, “edit_account_email_settings_v2”, allows you to identify what conditions will trigger an email notification, how often you want CloudCheckr to send these notifications, and who will receive these notifications.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| emails | string | required; identifies the email address(es) of the notification recipients If you have multiple recipients, separate each address with a comma. |
| alert_daily_billing | boolean | optional; select if you want CloudCheckr to send an alert email if your daily cost goes above a selected percentage of your threshold |
| alert_health_affected | boolean | optional; select if you want CloudCheckr to send an alert email if problems with AWS performance and/or services, such as outages, are affecting one or more of your resources |
| alert_health_all | boolean | optional; select if you want CloudCheckr to send an alert email if AWS performance and/or services is experiencing any problems such as outages |
| daily_bill_summary | boolean | optional; select if you want CloudCheckr to email a summary of your daily bill that includes highlights of any unusual activity |
| daily_best_practices | boolean | optional; select if you want CloudCheckr to send a daily email with the Best Practices recommendations that it discovers in your account |
| daily_bpc_importance_level | boolean | optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the daily Best Practices email |
| daily_bpc_type | boolean | optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the daily Best Practices email |
| change_monitoring | boolean | optional; select if you want CloudCheckr to send an email when it detects any changes in the Change Monitoring report |
| change_monitoring_aws_config | boolean | optional; select if you want CloudCheckr to send an email when it detects any changes in AWS Config |
| improperly_tagged_resources | boolean | optional; select if you want CloudCheckr to send an email when your resources break any tagging rules |
| automation | boolean | optional; select if you want CloudCheckr to send an email when an automation job finds or processes an item |
| self_healing | boolean | optional; select if you want CloudCheckr to send an email that reports on Self-Healing activity |
| daily_consolidated_bill_summary | boolean | optional; select you want CloudCheckr to send a daily email summary of the costs, credits, and the net bill of all your consolidated billing accounts |
| cloudtrail_summary | boolean | optional; select if you want CloudCheckr to send a daily email summary of the CloudTrail Event Counts filtered by the Top 10 users, event types, and failed event types |
| inventory_summary_report | boolean | optional; select if you want CloudCheckr to send a weekly email that lists two to three high-level statistics for each AWS service |
| ec2_trending_report | boolean | optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 configuration and usage |
| s3_summary_report | boolean | optional; select if you want CloudCheckr to send a weekly email that provides statistics on your S3 configuration and usage |
| ec2_resource_utilization_report | boolean | optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 CPU and network utilization |
| weekly_best_practices | boolean |