Admin API Reference Guide
- Using Access Keys
- Preferred HTTP Methods
- API Calls
- Add Access Control Lists Per Account Per Group
- Add Account V3
- Add API Key
- Add MAV Account
- Add Tag
- Add User
- Add Users
- Add User To Group
- Clone Group
- Configure Custom Cost
- Copy User
- Delete Access Control List From Group
- Delete Account
- Delete Group
- Delete Tag
- Edit Account Email Settings V2
- Edit Account Name
- Edit Credential
- Get Access Control List
- Get Access Control List By ID
- Get Access Control List Per Group
- Get Account
- Get Account Email Settings
- Get Account Level Tags V2
- Get Accounts By Group
- Get Accounts V2
- Get Accounts V4
- Get CloudTrail Custom Metrics
- Get External ID
- Get Group
- Get Groups
- Get Groups V2
- Get Invoice V2
- Get Resources Alert Results V2
- Get Utilization Alert Results V2
- Get User
- Get Users By Group
- Get Users V2
- Get Profit Analysis
- Get Profit Analysis CSV
- Grant Account
- Remove User
- Remove Users From Group
- Revoke Account
- Tag Account
- Untag Account
- Ignore Best Practice
- Add Custom Billing Charge – Fixed V2
- Add Custom Billing Charge – Monthly Percent V2
- Add Custom Billing Charge – Percent All Charges V2
- Add Custom Billing Charge – Per Virtual Machine
- Add Custom Billing Charge – Per Usage Hour
- Edit Custom Billing Charge – Per Virtual Machine
- Edit Custom Billing Charge – Per Usage Hour
- Add Undiscovered AWS Account ID
- Create Account Family
- Custom Billing Charge
- Delete Account Family
- Delete Custom Billing Charge
- Delete Custom Billing Charge – Fixed
- Delete Custom Billing Charge – Monthly Percent
- Edit Custom Billing Charge – Fixed V2
- Edit Custom Billing Charge – Monthly Percent V2
- Get Account Family V2
- Get Billing Dashboard V2
- Get Custom Billing Charges V3
- Modify Account Family
- Modify Account Family – Copy DBR
- Get SAML Providers
- Edit User
- Read Child SAML SSO Settings
- Read Child SAML SSO Settings V2
- Write Child SAML SSO Settings
- Get Best Practices V3
- Get Alerts
- Get CloudTrail Alert Results V2
- Get Cost Alert Results V2
- Get Utilization Alert Results
- Get Resources Alert Results
- Save Best Practice Notification V2
- Get AWS RI Historical Savings
You can now use CloudCheckr CMx access tokens when running API calls in our legacy product. You can still use your existing API access keys in the legacy product, but access tokens will provide better security, more consistent authorization management, and the ability to access multiple projects and accounts.
Please use these URLs when accessing the API in the following platforms:
- AU: https://au.cloudcheckr.com
- EU: https://eu.cloudcheckr.com
- GOV: https://gov.cloudcheckr.com
- FED: https://fed.cloudcheckr.com
CloudCheckr allows for the creation of two different types of access keys. Account-level access keys can only make calls against a single account. Admin-level access keys allow users to make calls against any of their accounts within CloudCheckr. They also allow API users to make account-management related calls that cannot be executed using account-level access keys.
CloudCheckr is revamping its API documentation to ensure that it reflects the best practices for REST and to improve overall consistency. We will restructure each call to include these sections:
| Section | Description |
| Input Parameters | Options that you pass with the endpoint to influence a response.
Identifies if a parameter is required or optional, the data type, and the parameter description. |
| API Call URL | Identifies the common path for the API (highlighted in yellow) and the end path of the endpoint (highlighted in light blue).
|
| Request Example | Includes a sample request that shows the endpoint and a few key parameters.
Formatted in curl since it’s language-agnostic. Includes the header information and the method (GET or POST in most cases). |
| Response Example | Shows a sample response for all of the parameters passed in the request example.
Includes examples in XML and JSON. |
Attempting to make any of these calls using a general API access key will result in an error. You may also use admin-level API keys to make the other calls found in the general API Reference guide.
When using an admin-level access keys to make those calls you must add one of the following parameter to your calls:
- use_account – the name of the account you are making the call for, where the name is the name of the account added in CloudCheckr.
- use_cc_account_id – the ID of the account you are making the call for. The ID is returned when using the method ‘account/add_account_v3′ to register the account in CloudCheckr.
XML Call:
https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]
JSON Call:
https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]
Using Access Keys
CloudCheckr requires an access key to be passed as a parameter to all API calls.
Click here for details on creating and managing access keys.
Example of Using an Access Key:
https://api.cloudcheckr.com/api/change_monitoring.json/get_changes?access_key=[access_key]
Preferred HTTP Methods
When using libraries such as curl, you may need to indicate the HTTP method to use (POST or GET). The CloudCheckr API accepts both POST and GET in most API calls. However, we recommend you use the preferred HTTP method when possible.
The preferred HTTP method for each call is GET unless specifically noted in the API CALLS section.
For more information on HTTP methods, click here: http://www.w3schools.com/tags/ref_httpmethods.asp.
API Calls
Add Access Control Lists Per Account Per Group
The API method, “add_access_control_lists_per_account_per_group”, is used to add access control lists per account per group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| acls | list <string> | required; unique alphanumeric ID for each access control list (acl) |
| group_id | string | required; group ID |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group?access_key=your_admin_access_key&use_account=AWS Main
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group? access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]
RESPONSE EXAMPLE:
XML:
<AddAccessControlListsPerAccountPerGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
<results>
<id>315ed648-da56-4713-98db-7d0a434a31f9<
/id>
<code>
0<
/code>
<message>
null<
/message>
<
/results>
</AddAccessControlListsPerAccountPerGroupResponse>
JSON:
{
"Id": "315ed648-da56-4713-98db-7d0a434a31f9",
"Code": 0,
"Message": null
}
Add Account V3
The API method, “add_account_v3”, is used to register an AWS account with CloudCheckr. This method will return a unique ID, “cc_account_id”, to enhance security for the newly-created account. Customers can use “cc_account_id” for the parameter, “use_cc_account_id”, when making calls to the admin-level API.
- The preferred HTTP method for this call is POST.
- AWS secret keys typically contain special characters. To submit as a parameter on the URL, you must URL encode it. Click here for details.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| account_name | string | required; the name of the AWS account to register with CloudCheckr |
| user_name | string | optional; the name of the user that will have access to this account. If no user is specified, the first administrator of the account will be applied |
| aws_access_key | string | optional; the access key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account |
| aws_secret_key | string | optional; the secret key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account |
| account_tag | string | optional; the tag for the account to be used within a Multi-Account View (MAV) |
| emails | list <string> | optional; the email address(es) that will populate the account’s email settings and determine who receives the automated reports.
If this parameter is not used, the email address used when registering the CloudCheckr account will be populated in this field.
|
| payer_use_account | string | optional; the name of the payer account |
| payee_aws_account_id | string | optional; the AWS account ID associated with the payee account |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
You will only need to define one of the * parameters if you want the new account to be linked to a payer account; if you do not want to link a payer account, then none of the three * parameters
are needed.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key
REQUEST EXAMPLE:
The Request Example uses the “cc_account_id” to show what the URL would look like if a customer needed a new account linked to a payer account.
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"account_name": "api added aws account",
}
RESPONSE EXAMPLE:
XML:
<AddAccountV3Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <
status>
<account_status>Success</account_status>
<cc_account_id>38</cc_account_id>
<credential_status>No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.</credential_status>
<role_account_id>352813966789</role_account_id>
<cc_external_id>CC-69CFBFCA8BF21FA123BA566A6DAAB227</cc_external_id>
</status>
</AddAccountV3Response>
JSON:
{
"account_status": "Success",
"cc_account_id": 38,
"credential_status": "No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.",
"role_account_id": "352813966789",
"cc_external_id": "CC-69CFBFCA8BF21FA123BA566A6DAAB227"
}
You can use the “role_account_id” and “cc_external_id” to create a role using the AWS Command Line Interface (CLI). See the
Create Role topic in the AWS documentation for more information.
Add API Key
The API method, “add_api_key”, is used to create a new CloudCheckr API key for a specific account.
You cannot create admin-level API keys with this method.
The preferred HTTP method for this call is POST.
XML Call:
https://api.cloudcheckr.com/api/account.xml/add_api_key?access_key=[access_key]&accounts=[account_name]
JSON Call:
https://api.cloudcheckr.com/api/account.json/add_api_key?access_key=[access_key]&accounts=[account_name]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – standard access key required for all API calls.
- accounts (required) – name(s) of the account(s) for which an API key is being created. Accepts multiple accounts.
OUTPUT
XML Example:
<AddApiKeyResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CreationStatuses>
<string>
Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]
</string>
</CreationStatuses>
</AddApiKeyResponse>
JSON Example:
{
"CreationStatuses": [
"Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]"
]
}
Add MAV Account
The API method, “add_mav_account”, is used to create a new Multi-View Account (MAV).
Important: This call can only be made using admin-level access keys.
The preferred HTTP method for this call is POST.
XML Call:
https://api.cloudcheckr.com/api/account.xml/add_mav_account?access_key=[access_key]&account_name=[account_name]
JSON Call:
https://api.cloudcheckr.com/api/account.json/add_mav_account?access_key=[access_key]&account_name=[account_name]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-level access key required for all API calls.
- account_name (required) – name of the new MAV account(s).
- account_tags_to_set (optional) – comma-separated list of tags to apply to the MAV. The tag must exist.
- for_all_accounts (optional) – true or false or 1 or 0 values. Same impact as having the “This Multi-Account View should include ALL ACCOUNTS” checked in the UI.
OUTPUT
XML & JSON Example:
{
"Code":200,
"Message":"OK"
}
Add Tag
The API method, “add_tag”, is used to create and enable an account-level tag and apply this tag to account(s), which you can use to build Multi-Account Views (MAVs).
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| tag_name | string | required; name of the account-level tag you are creating |
| account_name | string | required; name of the account where you are creating the tag |
| accounts | string | required; name of the accounts where you want to apply the tag |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_tag
REQUEST EXAMPLE:
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_tag?access_key=your_admin_access_key&tag_name=my_tag_name& account_name=my_account_name&accounts=account 1, account 2&use_cc_account_id=1234' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"tag_name": Production Tag,
"account_name": Production Account,
"accounts": Prod 1, Prod 2
}'
RESPONSE EXAMPLE:
{
"Code": 200,
"Message": "OK"
}
Add User
The API method, “add_user”, creates a new CloudCheckr user.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| list <string> | required; the email address of the new user | |
| account_access | list <string> | required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s) |
| user_role | string | required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator |
| group | string | optional; the name of the group associated with the new user |
| cost_report | boolean | optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| blended_cost | boolean | optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| unblended_cost | boolean | optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| list_cost | boolean | optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| resource_utilization_reports | boolean | optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| trending_reports | boolean | optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| change_monitoring | boolean | optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| best_practices | boolean | optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| edit_emails | boolean | optional; identifies if the customer can modify email addresses associated with the user |
| all_access | boolean | optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y” |
| password | string | optional; sets the password for the new user |
| automation | boolean | optional; allows the new user to access the associated report |
| savings | boolean | optional; allows the new user to access the associated report |
| alerts | boolean | optional; allows the new user to access the associated report |
| inventory | boolean | optional; allows the new user to access the associated report |
| security | boolean | optional; allows the new user to access the associated report |
| account_notification | boolean | optional; allows the new user to receive notifications from any associated accounts |
| partner_tools | boolean | optional; allows the new user to access the partner tools |
| edit_partner_tools | boolean | optional; allows the new user to modify the configuration of the partner tools |
| see_api_keys | boolean | optional; makes the API key visible to the new user |
| auth_types | boolean | optional; allows the new user access to authorization types |
| use_default_provider | boolean | optional; allows the new user to use the default provider configuration |
| sso_provider | string | optional; indicates that the new user has an SSO association |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"auth_types": "saml",
"group": "g2",
"use_default_provider": "true",
"sso_provider": "PingOne"
}
RESPONSE EXAMPLE:
XML:
<AddUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: newUser@cloudcheckr.com</CreationStatuses>
</AddUserResponse>
JSON:
{
"CreationStatuses": [
"Created new user with email: newUser32i34i32ke@cloudcheckr.com"
]
}
Add Users
The API method, “add_users”, creates multiple CloudCheckr users.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| string | required; the email address of the new user | |
| account_access | list <string> | required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s) |
| user_role | string | required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator |
| group | string | optional; the name of the group associated with the new user |
| cost_report | boolean | optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| blended_cost | boolean | optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| unblended_cost | boolean | optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| list_cost | boolean | optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| resource_utilization_reports | boolean | optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| trending_reports | boolean | optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| change_monitoring | boolean | optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| best_practices | boolean | optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n” |
| edit_emails | boolean | optional; identifies if the customer can modify email addresses associated with the user |
| all_access | boolean | optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y” |
| password | string | optional; sets the password for the new user |
| automation | boolean | optional; allows the new user to access the associated report |
| savings | boolean | optional; allows the new user to access the associated report |
| alerts | boolean | optional; allows the new user to access the associated report |
| inventory | boolean | optional; allows the new user to access the associated report |
| security | boolean | optional; allows the new user to access the associated report |
| account_notification | boolean | optional; allows the new user to receive notifications from any associated accounts |
| partner_tools | boolean | optional; allows the new user to access the partner tools |
| edit_partner_tools | boolean | optional; allows the new user to modify the configuration of the partner tools |
| see_api_keys | boolean | optional; makes the API key visible to the new user |
| auth_types | boolean | optional; allows the new user access to authorization types |
| use_default_provider | boolean | optional; allows the new user to use the default provider configuration |
| sso_provider | string | optional; indicates that the new user has an SSO association |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"group": "g2",
"use_default_provider": 'true",
"sso_provider": "PingOne"
}
RESPONSE EXAMPLE:
XML:
<AddUsersResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>
<status>Created new user with email: newUser48f@cloudcheckr.com</status>
<status>Created new user with email: newUserk39dk@cloudcheckr.com</status>
</CreationStatuses>
</AddUsersResponse>
JSON:
{
"CreationStatuses": [
"Created new user with email: newUser48f@cloudcheckr.com@cloudcheckr.com",
"Created new user with email: newUserk39dk@cloudcheckr.com"
]
}
Add User To Group
The API method, “add_user_to_group”, is used to add an existing CloudCheckr user to a new group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| group_id | string | required; unique identifier associated with the group |
| user_ids | list <string> | required; unique identifiers associated with the user(s) you add to the group If you add multiple users in a group, the response will provide them in a comma-separated list. |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_account
- use_cc_account_id
- use_aws_account_id
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group
REQUEST EXAMPLE:
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group?access_key=[your_access_key]&use_cc_account_id=3&user_ids=[some values]&group_id=[some value]\ \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "e85446b9-8821-41a6-9558-7550756dd899",
"user_ids": [
"8B65E388-8A0B-4B5A-A12B-8B0325D0ABF4",
"683C1113-1FF0-4F8B-AA3D-9288D2ED615A"
]
}'
RESPONSE EXAMPLE:
XML:
<AddUserToGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</AddUserToGroupResponse>
JSON:
{
"Code": 200,
"Message": "OK"
}
Clone Group
The API method, “clone_group”, creates a copy of an existing group without the users.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; group ID |
| name | string | required; name |
| use_account | string | required; friendly name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/clone_group
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/clone_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)access_key": "someValHere",
"(required)group_id": "someValHere",
"(required)name": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Configure Custom Cost
The API method, "configure_custom_cost", is used to configure the custom cost settings for a CloudCheckr account.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| CostType | string | required; identifies if you want to build List cost based on Unblended or Blended costs |
| CustomCostRIAmortization | string | required; identifies how you want your upfront cost amortized |
| RetiredRIAmortization | string | optional; identifies if you chose to amortize until the expected end date, the revised end date, or if you chose premature amortization |
| RIUnsharing | string | required; identifies if you want to unshare your RIs |
| SelectedFamilies | List string | required; identifies the account families that you want to benefit from unsharing |
| EnforceEc2RIVolume | boolean | required; indicates if you adjusted any RI volume discounts to reflect any account family purchases |
| UncompressPricingTiers | boolean | required; identifies if you want to uncompress your pricing tiers across your consolidated billing families to provide more accurate custom costs |
| SPAllocation | string | optional; identifies if you chose to revert discounts from accounts that benefited inadvertently from Savings Plans and change the usage to On-Demand |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID where the custom billing charge is applied (must be payer account) |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for This is the same ID that the API returns when you make the call 'add_account_v3′ to register the account in CloudCheckr. |
*Because this call requires an admin-level access key, you are required to add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
ENDPOINT URL:
https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost
JSON/XML CALL EXAMPLE:
curl --request POST \
--'https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost?access_key=your_admin_access_key&use_cc_account_id=7'\
--header'cache-control: no-cache'\
--header'content-type: application/[json|xml]'\
--data'{
"CostType":"Unblended",
"CustomCostRIAmortization":"Disabled",
"RIUnsharing":"Disabled",
"EnforceEc2RIVolume":"false",
"UncompressPricingTiers":"false",
"SPAllocation":"Disabled",
"use_cc_account_id":"7"
}'SUCCESSFUL JSON/XML RESPONSE:
{
"Code":"200",
"Message": "OK"
}
Copy User
The API method “copy user” is used to create a new CloudCheckr user with the exact permissions as an existing user.
IMPORTANT: This call can only be made using admin-level access keys.
The preferred HTTP method for this call is POST.
XML call:
https://api.cloudcheckr.com/api/account.xml/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]
JSON call:
https://api.cloudcheckr.com/api/account.json/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-Level Access Key is required for this call.
- email_to_copy (required) – The email address of the existing user.
- emails (required) – The email address(es) of the new user(s).
- use_account (required — either this field or ‘use_cc_account_id’) – The name of the AWS account within CloudCheckr.
- use_cc_account_id (required — either this field or ‘use_account’) – The CloudCheckr ID number for the AWS account within the application.
You can also use this call to add multiple users at once. Simply include all of the emails required, separated by commas.
OUTPUT
XML Example:
<CopyUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: mytest@mytest.me</CopyUserResponse>
JSON Example:
{
"CreationStatuses": [
"Created new user with email: mytest@mytest.me"
]
}
Delete Access Control List From Group
The API method, “delete_access_control_list_from_group”, is used to delete an access control list from a group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; ID of the user group |
| acls | list <string> | required; access control lists (ACLs) |
| use_account | string | required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_groupaccess_key=your_admin_access_key&use_account=AWS Main
REQUEST EXAMPLE:
curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_group?access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]
}
RESPONSE EXAMPLE:
XML:
<DeleteAccessControlListFromGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Status>
<Code>200</Code>
<Message>OK</Message>
</Status>
</DeleteAccessControlListFromGroupResponse>
JSON:
{
"Code": 200,
"Message": "OK"
}
Delete Account
The API method “delete_account” is used to remove an AWS account that has been registered with CloudCheckr.
IMPORTANT: This call can only be made using Admin-Level Access Keys.
The preferred HTTP method for this call is POST.
XML call:
https://api.cloudcheckr.com/api/account.xml/delete_account?access_key=[access_key]&account_name=MyAccountName
JSON call:
https://api.cloudcheckr.com/api/account.json/delete_account?access_key=[access_key]&account_name=MyAccountName
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-Level Access Key is required for this call.
- account_name (required) – the name of the AWS account that will be removed from CloudCheckr.
OUTPUT
XML & JSON Example:
{
"Code":200,
"Message":"OK"
}
Delete Group
The API method, “delete_group”, is used to delete the group with the specified ID.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; group ID |
| string | required; email address of the user | |
| user_id | string | required; user ID |
| use_account | string | required; friendly name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/delete_group
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"(required)group_id": "someValHere",
"email": "someValHere",
"user_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Delete Tag
The API method, “delete_tag”, is used to delete an account-level tag in Multi-Account Views. If you delete an account-level tag, it will impact any account that uses this tag to build its Multi-Account Views (MAVs).
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| account_name | string | required; name of the account that contains the tag |
| account_tag | string | required; name of the account-level tag that will be deleted |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag?access_key=[access key]
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
'account_name': 'my account name',
'account_tag': 'my account tag'
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Edit Account Email Settings V2
The API method, “edit_account_email_settings_v2”, allows you to identify what conditions will trigger an email notification, how often you want CloudCheckr to send these notifications, and who will receive these notifications.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| emails | string | required; identifies the email address(es) of the notification recipients If you have multiple recipients, separate each address with a comma. |
| alert_daily_billing | boolean | optional; select if you want CloudCheckr to send an alert email if your daily cost goes above a selected percentage of your threshold |
| alert_health_affected | boolean | optional; select if you want CloudCheckr to send an alert email if problems with AWS performance and/or services, such as outages, are affecting one or more of your resources |
| alert_health_all | boolean | optional; select if you want CloudCheckr to send an alert email if AWS performance and/or services is experiencing any problems such as outages |
| daily_bill_summary | boolean | optional; select if you want CloudCheckr to email a summary of your daily bill that includes highlights of any unusual activity |
| daily_best_practices | boolean | optional; select if you want CloudCheckr to send a daily email with the Best Practices recommendations that it discovers in your account |
| daily_bpc_importance_level | boolean | optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the daily Best Practices email |
| daily_bpc_type | boolean | optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the daily Best Practices email |
| change_monitoring | boolean | optional; select if you want CloudCheckr to send an email when it detects any changes in the Change Monitoring report |
| change_monitoring_aws_config | boolean | optional; select if you want CloudCheckr to send an email when it detects any changes in AWS Config |
| improperly_tagged_resources | boolean | optional; select if you want CloudCheckr to send an email when your resources break any tagging rules |
| automation | boolean | optional; select if you want CloudCheckr to send an email when an automation job finds or processes an item |
| self_healing | boolean | optional; select if you want CloudCheckr to send an email that reports on Self-Healing activity |
| daily_consolidated_bill_summary | boolean | optional; select you want CloudCheckr to send a daily email summary of the costs, credits, and the net bill of all your consolidated billing accounts |
| cloudtrail_summary | boolean | optional; select if you want CloudCheckr to send a daily email summary of the CloudTrail Event Counts filtered by the Top 10 users, event types, and failed event types |
| inventory_summary_report | boolean | optional; select if you want CloudCheckr to send a weekly email that lists two to three high-level statistics for each AWS service |
| ec2_trending_report | boolean | optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 configuration and usage |
| s3_summary_report | boolean | optional; select if you want CloudCheckr to send a weekly email that provides statistics on your S3 configuration and usage |
| ec2_resource_utilization_report | boolean | optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 CPU and network utilization |
| weekly_best_practices | boolean | optional; select if you want CloudCheckr to send a weekly email with the Best Practices recommendations that it discovers in your account |
| weekly_bpc_importance_level | boolean | optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the weekly Best Practices email |
| weekly_bpc_type | boolean | optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the weekly Best Practices email |
| monthly_bill_summary | boolean | optional; select if you want CloudCheckr to email a summary of your monthly bill that includes highlights of any unusual activity |
| monthly_consolidated_bill_summary | boolean | optional; select you want CloudCheckr to send a monthly email summary of the costs, credits, and the net bill of all your consolidated billing accounts |
| monthly_best_practices | boolean | optional; select if you want CloudCheckr to send a monthly email with the Best Practices recommendations that it discovers in your account |
| monthly_bpc_importance_level | boolean | optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the monthly Best Practices email |
| monthly_bpc_type | boolean | optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the monthly Best Practices email |
| use_aws_account_id | string | *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for |
| use_account | string | *optional/required; the name of the CloudCheckr account you are making the call for |
| use_cc_account_id | string | *optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/edit_account_email_settings_v2
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/edit_account_email_settings_v2?access_key=your_admin_access_key&use_aws_account_id=123451050627&emails=email_addresses' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"emails": "this@mailbox.com,that@mailbox.com",
"use_aws_account_id": "123451050627"
}
RESPONSE EXAMPLES:
Result 200 OK (XML):
<edit_account_email_settings_v2Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</edit_account_email_settings_v2Response>
Result 200 OK (JSON):
{
"Code": 200,
"Message": "OK"
}
Edit Account Name
The API method, “edit_accountname”, is used to edit the account name to better fit with the naming conventions used within your deployment.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key
Alternatively, you can use an account API key to rename the account.
|
| account_name | string | required; name of the Cloudcheckr account |
| use_account | string | required/optional; friendly name of the account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID* |
If you use an admin-level API key, you must define one of the * parameters.
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/edit_accountname
JSON/XML CALL EXAMPLE:
curl --request POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/edit_accountname?access_key=[access key]
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
'account_name': CloudCheckr Support',
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Edit Credential
The API method, “edit_credential”, is used to add or change the AWS credentials on an AWS account that has been registered with CloudCheckr.
Note:
- The HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key
Alternatively, you can use an account API key to rename the account.
|
| aws_access_key | string | required/optional; the access key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account* |
| aws_secret_key | string | required/optional; the secret key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account* |
| use_account | string | required/optional; name of the account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID* |
| aws_role_arn | string | required/optional; AWS role ARN parameter that gets generated when you create a role in AWS using CLI*
See the Create Role topic in the AWS documentation for more information. |
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/edit_credential/REQUEST EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/edit_credential?access_key=your_admin_access_key
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Get Access Control List
The API method, “get_access_control_list”, configures which features of the application are visible and accessible for an account.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| section | string | optional; the name of the feature, module, or report that you want users to have access to in the application Here are some examples of sections in the application:
If you do not specify a section, all sections will be visible and accessible in the account. |
|
use_aws_account_id |
string |
*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for |
|
use_account |
string |
*optional/required; the name of the CloudCheckr account you are making the call for |
|
use_cc_account_id |
string |
*optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list
REQUEST EXAMPLE:
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.json/get_access_control_list' \
-- header 'access_key: [access key]' \
-- header 'content-type: application/json' \
-- data '{
"section": "Savings",
"use_cc_account_id": "3"
}
RESPONSE EXAMPLES:
<?xml version="1.0" encoding="UTF-8" ?>
<responseModel>
<Id>02xxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]cedd1593-75d5-48d1-a48c-e17</xxxxxxxxxxx>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<responseModel>
<Id>02bxxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]da61a4df-d4be-4a57-9e6a-xxxxxxxxxxxx</Id>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<responseModel>
<Id>02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]f3dc0618-c139-4f28-99d5-xxxxxxxxxxxx</Id>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<responseModel>
<Id>02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]6feaacf0-e136-48c4-90b1-xxxxxxxxxxxx</Id>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<Code>200</Code>
<Message>OK</Message>
{
"responseModel": [
{
"Id": "02xxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]cedd1593-75d5-48d1-a48c-e17",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
},
{
"Id": "02bxxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]da61a4df-d4be-4a57-9e6a-xxxxxxxxxxxx",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
},
{
"Id": "02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]f3dc0618-c139-4f28-99d5-xxxxxxxxxxxx",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
},
{
"Id": "02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]6feaacf0-e136-48c4-90b1-xxxxxxxxxxxx",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
}
],
"Code": 200,
"Message": "OK"
}
Get Access Control List By ID
The API method, “get_access_control_list_by_id”, is used to return the access control list by ID.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| id | string | required; ID of the ACL item |
| use_account | string | required; friendly name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_by_id
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_by_id&access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"(required)id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Get Access Control List Per Group
The API method, “get_access_control_list_per_group”, is used to return the access control list by group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; ID of the group |
| use_account | string | required/optional: friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional: unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional: the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_per_group?access_key=your_admin_access_key&use_account=AWS Main&group_id=315ED648-DA56-4713-98DB-7D0A434A31F9
REQUEST EXAMPLE:
curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_per_group?access_key=your_admin_access_key&use_account=AWS Main&group_id=315ED648-DA56-4713-98DB-7D0A434A31F9\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
XML:
<GetAccessControlListPerGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
<acl>
<id>dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]bde7a10b-6e76-4ce5-918c-5c4821b4f3bd</id>
<name>Inventory Summary</name>
<section>Inventory</section>
<code>0</code>
<message>null</message>
</acl>
<acl>
<id>dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]4adf637d-667a-4530-a6a4-e8b4e5fcd340</id>
<name>Map Overlay</name>
<section>Inventory</section>
<code>0</code>
<message>null</message>
</acl>
<acl>
<id>dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]08d18f15-1e86-40f7-bc8f-37f8bc27f1b7</id>
<nameTagged Resources</name>
<section>Inventory</section>
<code>0</code>
<message>null</message>
</acl>
</GetAccessControlListPerGroupResponse>
JSON:
{
"Acls": [
{
"Id": "dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]bde7a10b-6e76-4ce5-918c-5c4821b4f3bd",
"Name": "Inventory Summary",
"Section": "Inventory",
"Code": 0,
"Message": null
},
{
"Id": "dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]4adf637d-667a-4530-a6a4-e8b4e5fcd340",
"Name": "Map Overlay",
"Section": "Inventory",
"Code": 0,
"Message": null
},
{
"Id": "dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]08d18f15-1e86-40f7-bc8f-37f8bc27f1b7",
"Name": "Tagged Resources",
"Section": "Inventory",
"Code": 0,
"Message": null
}
]
}
Get Account
The API method, "get_account", is used to determine when CloudCheckr last updated the data in a selected account.
The preferred HTTP method for this call is GET.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| account_id | string | required; the CloudCheckr project ID of the account you are making the call for The account_id is equivalent to the use_cc_account_id. To get the account_id, you need to run the get_accounts_v4 call, which will return the cc_account_id parameter. |
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_account
REQUEST EXAMPLE:
curl -- request GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_account?access_key=your_admin_access_key&account_id=3'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
XML:
<?xml version="1.0" encoding="UTF-8" ?>
<Id>3</Id>
<Name>Test Payer</Name>
<Provider>Amazon Web Services</Provider>
<Type>General</Type>
<AccountId>000011050627</AccountId>
<HasCredentials>true</HasCredentials>
<Note></Note>
<LastUpdated>2020-11-27T01:38:45</LastUpdated>
<PayerId />
<PayerAccountId />
<Code>0</Code>
<Message />
JSON:
{
"Id": 3,
"Name": "Test Payer",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "000011050627",
"HasCredentials": true,
"Note": "",
"LastUpdated": "2020-11-27T01:38:45",
"PayerId": null,
"PayerAccountId": null,
"Code": 0,
"Message": null
}
In our response examples, please note that:
- Id refers to the project ID or account_id parameter
- AccountId refers to the AWS account ID
Get Account Email Settings
The API method, “get_account_email_settings”, is used to return a complete list of all email settings in a CloudCheckr account.
- This call can only be made using admin-level access keys.
- The preferred HTTP method for this call is GET.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| use_account | string | required/optional; name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional: the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_account_email_settings?access_key=your_admin_access_key&use_cc_account_id=1234'
REQUEST EXAMPLE:
curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_account_email_settings?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
XML:
<GetAccountEmailSettingsResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<accounts_and_email_settings>
<AccountAndEmailSettings>
<ProjectName>Account_Name_Example</ProjectName>
<EmailReportRecipients>
<EmailAddresses>email1@cloudcheckr.com, email2@cloudcheckr.com</EmailAddresses>
</EmailReportRecipients>
<AlertEmailSettings>
<EnableDailyCostAlert>true</EnableDailyCostAlert>
<AwsCostThreshold>10</AwsCostThreshold>
<EnableAwsHealthAlerts>false</EnableAwsHealthAlerts>
<EnableAwsHealthAlertsIfAffects>true</EnableAwsHealthAlertsIfAffects>
</AlertEmailSettings>
<DailyEmailSettings>
<EnableDailyChangeMonitoring>false</EnableDailyChangeMonitoring>
<EnableDailyBestPractice>false</EnableDailyBestPractice>
<EnableDailyBillForceUsingCloudWatch>false</EnableDailyBillForceUsingCloudWatch>
<EnableDailyAwsConsolidatedBillingSummary>true</EnableDailyAwsConsolidatedBillingSummary>
<EnableDailyChangeMonitoringAwsConfig>false</EnableDailyChangeMonitoringAwsConfig>
<EnableAutomation>false</EnableAutomation>
<EnableImproperlyTaggedResources>false</EnableImproperlyTaggedResources>
<EnableDailyCloudTrailSummary>false</EnableDailyCloudTrailSummary>
<DailyBestPracticeEmailSettings>
<EnableHighImportance>false</EnableHighImportance>
<EnableMediumImportance>false</EnableMediumImportance>
<EnableLowImportance>false</EnableLowImportance>
<EnableInformationalImportance>false</EnableInformationalImportance>
<EnableSecurityType>false</EnableSecurityType>
<EnableCostType>false</EnableCostType>
<EnableUsageType>false</EnableUsageType>
<EnableAvailabilityType>false</EnableAvailabilityType>
<EnableTrustedAdvisorType>false</EnableTrustedAdvisorType>
</DailyBestPracticeEmailSettings>
</DailyEmailSettings>
<WeeklyEmailSettings>
<EnableWeeklyInventory>true</EnableWeeklyInventory>
<EnableWeeklyS3Summary>true</EnableWeeklyS3Summary>
<EnableWeeklyEc2Trend>true</EnableWeeklyEc2Trend>
<EnableWeeklyS3Trend>false</EnableWeeklyS3Trend>
<EnableWeeklyEc2Utilization>true</EnableWeeklyEc2Utilization>
<EnableWeeklyBestPractice>false</EnableWeeklyBestPractice>
<WeeklyBestPracticeEmailSettings>
<EnableHighImportanceWeekly>false</EnableHighImportanceWeekly>
<EnableMediumImportanceWeekly>false</EnableMediumImportanceWeekly>
<EnableLowImportanceWeekly>false</EnableLowImportanceWeekly>
<EnableInformationalImportanceWeekly>false</EnableInformationalImportanceWeekly>
<EnableSecurityTypeWeekly>false</EnableSecurityTypeWeekly>
<EnableCostTypeWeekly>false</EnableCostTypeWeekly>
<EnableUsageTypeWeekly>false</EnableUsageTypeWeekly>
<EnableAvailabilityTypeWeekly>false</EnableAvailabilityTypeWeekly>
</WeeklyBestPracticeEmailSettings>
</WeeklyEmailSettings>
<MonthlyEmailSettings>
<EnableMonthlyCost>false</EnableMonthlyCost>
<EnableMonthlyAwsConsolidatedBillingSummary>false</EnableMonthlyAwsConsolidatedBillingSummary>
<EnableMonthlyBestPractice>false</EnableMonthlyBestPractice>
<DaysSelectedMonthly />
<MonthlyBestPracticeEmailSettings>
<EnableHighImportanceMonthly>false</EnableHighImportanceMonthly>
<EnableMediumImportanceMonthly>false</EnableMediumImportanceMonthly>
<EnableLowImportanceMonthly>false</EnableLowImportanceMonthly>
<EnableInformationalImportanceMonthly>false</EnableInformationalImportanceMonthly>
<EnableSecurityTypeMonthly>false</EnableSecurityTypeMonthly>
<EnableCostTypeMonthly>false</EnableCostTypeMonthly>
<EnableUsageTypeMonthly>false</EnableUsageTypeMonthly>
<EnableAvailabilityTypeMonthly>false</EnableAvailabilityTypeMonthly>
</MonthlyBestPracticeEmailSettings>
</MonthlyEmailSettings>
</AccountAndEmailSettings>
</accounts_and_email_settings>
</GetAccountEmailSettingsResponse>
JSON:
{
"GetAccountEmailSettingsResponse": {
"accounts_and_email_settings": {
"AccountAndEmailSettings": {
"ProjectName": "Account_Name_Example",
"EmailReportRecipients": {
"EmailAddresses": "email1@cloudcheckr.com, email2@cloudcheckr.com"
},
"AlertEmailSettings": {
"EnableDailyCostAlert": "true",
"AwsCostThreshold": "10",
"EnableAwsHealthAlerts": "false",
"EnableAwsHealthAlertsIfAffects": "true"
},
"DailyEmailSettings": {
"EnableDailyChangeMonitoring": "false",
"EnableDailyBestPractice": "false",
"EnableDailyBillForceUsingCloudWatch": "false",
"EnableDailyAwsConsolidatedBillingSummary": "true",
"EnableDailyChangeMonitoringAwsConfig": "false",
"EnableAutomation": "false",
"EnableImproperlyTaggedResources": "false",
"EnableDailyCloudTrailSummary": "false",
"DailyBestPracticeEmailSettings": {
"EnableHighImportance": "false",
"EnableMediumImportance": "false",
"EnableLowImportance": "false",
"EnableInformationalImportance": "false",
"EnableSecurityType": "false",
"EnableCostType": "false",
"EnableUsageType": "false",
"EnableAvailabilityType": "false",
"EnableTrustedAdvisorType": "false"
}
},
"WeeklyEmailSettings": {
"EnableWeeklyInventory": "true",
"EnableWeeklyS3Summary": "true",
"EnableWeeklyEc2Trend": "true",
"EnableWeeklyS3Trend": "false",
"EnableWeeklyEc2Utilization": "true",
"EnableWeeklyBestPractice": "false",
"WeeklyBestPracticeEmailSettings": {
"EnableHighImportanceWeekly": "false",
"EnableMediumImportanceWeekly": "false",
"EnableLowImportanceWeekly": "false",
"EnableInformationalImportanceWeekly": "false",
"EnableSecurityTypeWeekly": "false",
"EnableCostTypeWeekly": "false",
"EnableUsageTypeWeekly": "false",
"EnableAvailabilityTypeWeekly": "false"
}
},
"MonthlyEmailSettings": {
"EnableMonthlyCost": "false",
"EnableMonthlyAwsConsolidatedBillingSummary": "false",
"EnableMonthlyBestPractice": "false",
"DaysSelectedMonthly": "",
"MonthlyBestPracticeEmailSettings": {
"EnableHighImportanceMonthly": "false",
"EnableMediumImportanceMonthly": "false",
"EnableLowImportanceMonthly": "false",
"EnableInformationalImportanceMonthly": "false",
"EnableSecurityTypeMonthly": "false",
"EnableCostTypeMonthly": "false",
"EnableUsageTypeMonthly": "false",
"EnableAvailabilityTypeMonthly": "false"
}
}
}
}
}
Get Account Level Tags V2
The API method “get_account_level_tags_v2”, returns enabled account-level tags in three ways:
When called with only an access key, the call returns all account-level tags enabled in this customer, grouped by project name.
When called with a general account specified, the call returns all account-level tags enabled on that general account.
When called with a Multi-Account View specified, the call returns a list of accounts associated with the MAV and all enabled tags in the MAV.
Using call against general accounts:
The preferred HTTP method for this call is GET.
XML call:
https://api.cloudcheckr.com/api/account.xml/get_account_level_tags_v2?access_key=[access_key]
JSON call:
https://api.cloudcheckr.com/api/account.json/get_account_level_tags_v2?access_key=[access_key]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-Level Access Key is required for this call.
- use_account (optional) – Account name is used here; returns enabled account-level tags from specific account(s).
OUTPUT
XML Example:
<AccountLevelTagsReponse
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AccountItems>
<AccountItem>
<AccountName>My General Account Name</AccountName>
<TagsNames>
<string>MyAccountLevelTag1</string>
<string>MyAccountLevelTag2</string>
</TagsNames>
</AccountItem>
</AccountItems>
</AccountLevelTagsReponse>
JSON Example:
{
{AccountItems": [{"AccountName": "814089178758_IOC_PRD", "TagsNames": ["ISD", "USD Accounts", "All Intel Accounts", "All SSG Accounts]}]}
Using the call against Multi-Account Views:
XML call:
https://api.cloudcheckr.com/api/account.xml/get_account_level_tags_v2?access_key=[access_key]&use_account=[MAV account name]
JSON call:
https://api.cloudcheckr.com/api/account.json/get_account_level_tags_v2?access_key=[access_key]&use_account=[MAV account name]
INPUT PARAMETERS
This call accepts these parameters:
- access_key (required) – Admin-Level Access Key is required for this call.
- use_account (required)- Account name is used here; returns enabled account-level tags from MAV account(s).
OUTPUT
XML Example:
<AccountLevelTagsReponse
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AccountItems>
<AccountItem>
<AccountName>My MAV Account Name</AccountName>
<TagsNames>
<string>MyAccountLevelTag1</string>
<string>MyAccountLevelTag2</string>
</TagsNames>
</AccountItem>
</AccountItems>
</AccountLevelTagsReponse>
JSON Example:
{
"AccountLevelTagsReponse": {
"-xmlns:xsd": "http://www.w3.org/2001/XMLSchema",
"-xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance",
"AccountItems": {
"AccountItem": {
"AccountName": "My MAV Account Name",
"TagsNames": {
"string": [
"MyAccountLevelTag1",
"MyAccountLevelTag2"
]
}
}
}
}
}
Get Accounts By Group
The API method, “get_accounts_by_group”, is used to return a list of accounts based by a group ID.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; ID of the group |
| use_account | string | required; name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get accounts_by_group
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_by_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin-level)access_key": "someValHere",
"(required)group_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Projects": [
{
"Id": 3,
"Name": "2150 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "215011050627",
"HasCredentials": true,
"Note": "",
"LastUpdated": "2019-09-19T22:00:50"
},
{
"Id": 3,
"Name": "2150 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "215011050627",
"HasCredentials": true,
"Note": "",
"LastUpdated": "2019-09-19T22:00:50"
},
{
"Id": 4,
"Name": "949 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "949195593353",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T13:58:42"
},
{
"Id": 4,
"Name": "949 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "949195593353",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T13:58:42"
},
{
"Id": 6,
"Name": "4430 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "443094636793",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T18:24:01"
},
{
"Id": 6,
"Name": "4430 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "443094636793",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T18:24:01"
},
{
"Id": 8,
"Name": "open-sales-int-field-poc",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "103237659442",
"HasCredentials": true,
"Note": "tesst",
"LastUpdated": "2019-09-19T18:18:50"
},
{
"Id": 821,
"Name": "China Test",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "281027638441",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2017-05-16T15:07:50"
},
{
"Id": 938,
"Name": "DevOps Account",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "087544996801",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T14:55:58"
},
{
"Id": 1522,
"Name": "Map To Payer",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "625072036134",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-20T09:42:35"
},
{
"Id": 1536,
"Name": "183698509299",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "183698509299",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-20T16:09:13"
},
{
"Id": 1537,
"Name": "245990094719",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "245990094719",
"HasCredentials": true,
"Note": null,
"LastUpdated": null
},
{
"Id": 1539,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"+nj0zsTpqp20TR+3J5d/iQ==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "557949322966",
"HasCredentials": true,
"Note": null,
"LastUpdated": null
},
{
"Id": 1540,
"Name": "260172486890",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "260172486890",
"HasCredentials": true,
"Note": null,
"LastUpdated": null
},
{
"Id": 1645,
"Name": "718017 Demo",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1662,
"Name": "1836 Duplicate Test",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "183698509299",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T17:58:44"
},
{
"Id": 1667,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"le+IPer7RwEkaZIUzUkC4w==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1669,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"hBuyY+5DPgGWQa0Zldizqw==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1670,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"1QvCGYHCAJ9D+TZzj8gs+Q==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1672,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"qgBge5jxZGgi9HmkbPqWmw==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1674,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"RTtaVBm1Eko3i3+azzldTA==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1675,
"Name": "Sample (demo purposes only)",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
}
]
}
Get Accounts V2
The API method, “get_accounts_v2”, is used to return a complete list of all AWS accounts registered in CloudCheckr. This call will return an ID for each account that can be used for the parameter, “use_cc_account_id”, when making calls to the admin-level API. It will also include the AWS account ID.
This call can only be made using admin-level access keys.
The preferred HTTP method for this call is GET.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| use_account | string | required/optional; name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v2?access_key=[access_key]
REQUEST EXAMPLE:
curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v2?access_key=your_admin_access_key'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
XML:
<GetAccountsResponse2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<accounts_and_users>
<AccountAndUsernames>
<account_name>AWS Account1</account_name>
<cc_account_id>1</cc_account_id>
<aws_account_id>123456789012</aws_account_id>
<user_names>
<string>user@domain.com</string>
</user_names>
</AccountAndUsernames>
</accounts_and_users>
</GetAccountsResponse2>
JSON:
{
"accounts_and_users": [
{
"account_name": "AWS Account1",
"cc_account_id": "1",
"user_names":
"aws_account_id":"123456789012" [
"user@domain.com"
]
},
{
"accounts_and_users": [
{
"account_name": "AWS Account2",
"cc_account_id": "2",
"user_names":
"aws_account_id":"234567890123" [
"user@domain.com"
]
},
{
"accounts_and_users": [
{
"account_name": "AWS Account3",
"cc_account_id": "3",
"user_names":
"aws_account_id":"345678901234" [
"user@domain.com"
]
}
]
}
Get Accounts V4
The API method, “get_accounts_v4”, is used to return a complete list of all AWS and Azure accounts registered in CloudCheckr. This call will return an ID for each account that can be used for the parameter, “use_cc_account_id”, when making calls to the admin-level API. For AWS, it will include the AWS account ID and for Azure, it will include the Subscription ID.
This call can only be made using admin-level access keys.
The preferred HTTP method for this call is GET.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required, admin-level API key |
| use_account | string | required/optional; name of the account in CloudCheckr; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v4?access_key=[access_key]
REQUEST EXAMPLE:
curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v4?access_key=your_admin_access_key'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
XML:
<GetAccountsResponse4 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<accounts_and_users>
<AccountAndUsernames4>
<account_name>AWS Account Name</account_name>
<cc_account_id>1</cc_account_id>
<user_names>
<string>user@domain.com</string>
</user_names>
<aws_account_id>123456789012</aws_account_id>
<externalId>CC-99999999999999999999999999999999</externalId>
</AccountAndUsernames4>
<AccountAndUsernames4>
<account_name>Azure Subscription</account_name>
<cc_account_id>2</cc_account_id>
<user_names>
<string>user@domain.com</string>
</user_names>
<externalId>CC-88888888888888888888888888888888</externalId>
<azure_account_id>11111111-2222-3333-4444-555555555555</azure_account_id>
</AccountAndUsernames4>
</accounts_and_users>
</GetAccountsResponse4>
JSON:
{
"accounts_and_users": {
"accounts_and_users": [
{
"azure_account_id": null,
"externalId": "CC-99999999999999999999999999999999",
"aws_account_id": "123456789012",
"account_name": "AWS Account Name",
"cc_account_id": "1",
"user_names": [
"user@domain.com"
]
},
{
"azure_account_id": "11111111-2222-3333-4444-555555555555",
"externalId": "CC-88888888888888888888888888888888",
"aws_account_id": null,
"account_name": "Azure Subscription",
"cc_account_id": "2",
"user_names": [
"user@domain.com"
]
}
]
}
Get CloudTrail Custom Metrics
The API method, “get_cloudtrail_custom_metrics”, is used to export a list of Amazon Machine Images (AMIs) and every launched instance. This API request is based on the Ec2AmiWorkload custom metric.
The preferred HTTP method for this call is GET.
INPUT PARAMETERS:
|
Parameter |
Type |
Description |
|
access_key |
string |
required; admin-level access key |
|
type |
string |
optional; type of custom metric |
|
from |
DateTime |
optional; the date that you want CloudCheckr to start getting data for the CloudTrail custom metrics |
|
to |
DateTime |
optional; the date that you want CloudCheckr to stop getting data for the CloudTrail custom metrics |
|
use_aws_account_id |
string |
*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for |
|
use_account |
string |
*optional/required; the name of the CloudCheckr account you are making the call for |
|
use_cc_account_id |
string |
*optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
API CALL URL:
https://api.cloudcheckr.com/api/security.[json|xml]/get_cloudtrail_custom_metrics
REQUEST EXAMPLE:
curl -- request GET \
-- 'https://api.cloudcheckr.com/api.cloudcheckr.com/api/security.[json|xml]/get_cloudtrail_custom_metrics?access_key=[your_access_key]&use_cc_account_id=3&type=Ec2AmiWorkload'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
This call exports the results to a compressed CSV file and contains the following data:
| AMI ID | EC2 Instance ID | Event Date | Region | AWS Account ID | User Identity ARN | IP Address | User Agent |
| ami-f1f12345 | i-1ab2a345 | 5/20/2016 15:47 | US East (Northern Virginia) | 123456789012 | arn:aws:iam::123456789012:user/cloudcheckr | 192.168.10.10 | signin.amazonaws.com |
| ami-f1f12345 | i-1ab2a350 | 5/15/2016 10:47 | US East (Northern Virginia) | 123456789012 | arn:aws:iam::123456789012:user/cloudcheckr | 192.168.10.10 | signin.amazonaws.com |
| ami-f1f12345 | i-1ab2a355 | 5/12/2016 5:47 | US East (Northern Virginia) | 123456789012 | arn:aws:iam::123456789012:user/cloudcheckr | 192.168.10.10 | signin.amazonaws.com |
| ami-f2f65432 | i-1ab2a360 | 5/10/2016 1:47 | US East (Northern Virginia) | 012345678998 | arn:aws:iam::123456789012:user/cloudcheckr | 192.168.10.100 | signin.amazonaws.com |
| ami-f2f65432 | i-1ab2a365 | 5/5/2016 12:47 | US East (Northern Virginia) | 012345678998 | arn:aws:iam::123456789012:user/cloudcheckr | 192.168.10.100 | signin.amazonaws.com |
| ami-f2f65432 | i-1ab2a370 | 5/2/2016 23:47 | US East (Northern Virginia) | 012345678998 | arn:aws:iam::123456789012:user/cloudcheckr | 192.168.10.100 | signin.amazonaws.com |
If the API request does not produce any results, it will generate a blank CSV file.
Get External ID
The API method, “get_external_id”, is used to retrieve external IDs if you require an external ID to be associated with a specific CloudCheckr account.
INPUT PARAMETERS:
| access_key | string | required; admin-level API key
Alternatively, you can use an account API key to rename the account.
|
| use_account | string | required/optional; name of the account in CloudCheckr* |
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_external_id?access_key=00000&use_account=CloudCheckrDev'
REQUEST EXAMPLE:
curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_external_id?access_key=00000&use_account=CloudCheckrDev'
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLES:
XML:
CC-8B02A95B24EAA7179E8118C1216A9BFA 352813966189 CloudCheckrDev
JSON:
JSON:
{
"code":200,
"message":"Saved scheduled invoice for CSP L2 Subscription Family"
}
Get Group
The API method, “get_group”, is used to retrieve a group.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| group_id | string | required; ID of the group |
| use_account | string | required; name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_group
JSON/XML CALL EXAMPLE:
curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin-level)access_key": "someValHere",
"(required)group_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Get Groups
The API method, “get_groups”, is used to return the groups.
The preferred HTTP method for this call is GET.
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| string | required; optional; email address associated with the group | |
| user_id | string | optional; user ID associated with the group |
| use_account | string | required/optional; friendly name of the account in the application; ; must be a payer account in CloudCheckr* |
| use_cc_account_id | string | required/optional; unique account ID used in the application; must be a payer account in CloudCheckr* |
| use_aws_account_id | string | required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr* |
One of the * parameters must be defined.
API CALL URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_groups?access_key=your_admin_access_key
REQUEST EXAMPLE:
curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_groups?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
RESPONSE EXAMPLE:
XML:
<GetGroupsResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
<GroupNames>
<GroupName>g2</GroupName>
<GroupName>g3</GroupName>
</GroupNames>
</GetGroupsResponse>
JSON:
{
"GroupNames": [
"g2",
"g3"
]
}
Get Groups V2
The API method, “get_groups_v2”, is used to return the groups.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level API key |
| string | required; email address of a user | |
| user_id | string | required; ID of a user |
| use_account | string | required; friendly name of the account in the application |
| use_cc_account_id | string | required; account ID used in the application |
| use_aws_account_id | string | required; the 12-digit AWS account ID |
ENDPOINT URL:
https://api.cloudcheckr.com/api/account.[json|xml]/get_groups_v2
JSON/XML CALL EXAMPLE:
curl --request POST\
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_groups_v2?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"email": "someValHere",
"user_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}
SUCCESSFUL JSON/XML RESPONSE:
{
"Code": 200,
"Message": "OK"
}
Get Invoice V2
The API method, “get_invoice_v2”, is used to retrieve the invoice data from the CloudCheckr invoice generator.
The preferred HTTP method for this call is POST.
INPUT PARAMETERS:
| Parameter | Type | Description |
| access_key | string | required; admin-level access key |
| customer_names | List <string> | required; a comma-separated list of names of the customers for the invoice you want to retrieve The customer name should correspond to the name of an account family. |
| start_date | string | required; the date that you want CloudCheckr to begin to pull the cost data |
| end_date | string | optional; the date that you want CloudCheckr to stop pulling the cost data |
| format | string | required; the report format for the invoice You can select from Summary, Detailed, or Saved Filter. |
| group_by | string | required; determines how you can group your cost data based on your invoice format
|
| saved_filter_name | string | optional; the name of the saved filter that you want CloudCheckr to use for the report format |
| regions | List <string> | optional; select the region from which you want CloudCheckr to pull the invoice data This parameter accepts region IDs as valid values. |
| replace_custom_charge_descriptions | boolean | optional; select if you want to show any custom charge descriptions |
| currency_denomination | string | optional; identifies what bill denomination you want to use if you are converting currency from US dollars |
| currency_conversion | string | optional; identifies what country’s currency you want to use if you are converting from US dollars |
| show_credits | string | optional; select if you want to show credits in your invoice |
| cost_type | string | required; select the cost type that you want CloudCheckr to apply in the invoice You can select from List, Unblended, or Blended cost types. |
| tag_key | string | optional; the name of the tag key that you want CloudCheckr to use to filter the invoice data |
| tag_value | string | optional; the name of the tag value that you want CloudCheckr to use to filter the invoice data |
|
use_aws_account_id |
string |
*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for |
|
use_account |
string |
*optional/required; the name of the CloudCheckr account you are making the call for |
|
use_cc_account_id |
string |
*optional/required; the CloudCheckr ID of the account you are making the call for |
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
- use_aws_account_id
- use_account
- use_cc_account_id
API CALL URL:
https://api.cloudcheckr.com/api/billing.[json|xml]/get_invoice_v2
REQUEST EXAMPLE:
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/billing.json/get_invoice_v2' \
-- header 'cache-control: no-cache' \
-- header 'access_key: [access key]' \
-- header 'content-type: application/json' \
-- data '{
"customer_names": ["CustomerA (22555) / 12548785424", "CustomerB (12587) / 000000000001"],
"use_cc_account_id": "3",
"start_date": "10/3/2019",
"end_date": "10/3/2019",
"format": "summary",
"group_by": "region",
"cost_type": "list"
}'
RESPONSE EXAMPLES:
<?xml version="1.0" encoding="UTF-8" ?>
<Invoice>
<InvoiceId></InvoiceId>
<CustomerName>CustomerA(22555) / 12548785424</CustomerName>
<CustomerAddress></CustomerAddress>
<CustomerEmail />
<AWSServiceTotal>$2.73</AWSServiceTotal>
<CustomChargeTotal>$0.00</CustomChargeTotal>
<CreditTotal />
<AdditionalInfo />
<HasData>true</HasData>
<InvoiceSummary>
<GroupName>Service Charges</GroupName>
<Cost>$2.73</Cost>
<UsageQuanity />
<InvoiceGroupNextLevel>
<GroupName>GovCloud (US)</GroupName>
<Cost>$2.70</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>GovCloud (US-East)</GroupName>
<Cost>$0.03</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
</InvoiceSummary>
<InvoiceDetail />
</Invoice>
<Invoice>
<InvoiceId></InvoiceId>
<CustomerName>CustomerB(12587) / 000000000001</CustomerName>
<CustomerAddress></CustomerAddress>
<CustomerEmail />
<AWSServiceTotal>$7.03</AWSServiceTotal>
<CustomChargeTotal>$0.00</CustomChargeTotal>
<CreditTotal />
<AdditionalInfo />
<HasData>true</HasData>
<InvoiceSummary>
<GroupName>Service Charges</GroupName>
<Cost>$7.03</Cost>
<UsageQuanity />
<InvoiceGroupNextLevel>
<GroupName>US East (Northern Virginia)</GroupName>
<Cost>$4.85</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Frankfurt)</GroupName>
<Cost>$0.16</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>US West (Oregon)</GroupName>
<Cost>$0.16</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Seoul)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Stockholm)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>US East (Ohio)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Ireland)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Tokyo)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Sydney)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Singapore)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Paris)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (London)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Mumbai)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>US West (Northern California)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Canada (Central)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>South America (Sao Paulo)</GroupName>
<Cost>< $0.01</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
</InvoiceSummary>
<InvoiceDetail />
</Invoice>
{
"Invoice": [
{
"InvoiceId": "",
"CustomerName": "CustomerA(22555) / 12548785424",
"CustomerAddress": "",
"CustomerEmail": null,
"AWSServiceTotal": "$2.73",
"CustomChargeTotal": "$0.00",
"CreditTotal": null,
"AdditionalInfo": null,
"HasData": true,
"InvoiceSummary": [
{
"GroupName": "Service Charges",
"Cost": "$2.73",
"UsageQuanity": null,
"InvoiceGroupNextLevel": [
{
"GroupName": "GovCloud (US)",
"Cost": "$2.70",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "GovCloud (US-East)",
"Cost": "$0.03",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
}
]
}
],
"InvoiceDetail": null
},
{
"InvoiceId": "",
"CustomerName": "CustomerB(12587) / 000000000001",
"CustomerAddress": "",
"CustomerEmail": null,
"AWSServiceTotal": "$7.03",
"CustomChargeTotal": "$0.00",
"CreditTotal": null,
"AdditionalInfo": null,
"HasData": true,
"InvoiceSummary": [
{
"GroupName": "Service Charges",
"Cost": "$7.03",
"UsageQuanity": null,
"InvoiceGroupNextLevel": [
{
"GroupName": "US East (Northern Virginia)",
"Cost": "$4.85",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Frankfurt)",
"Cost": "$0.16",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "US West (Oregon)",
"Cost": "$0.16",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Seoul)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Stockholm)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "US East (Ohio)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Ireland)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Tokyo)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Sydney)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Singapore)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Paris)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (London)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Mumbai)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "US West (Northern California)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Canada (Central)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "South America (Sao Paulo)",
"Cost": "< $0.01",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
}
]
}
],
"InvoiceDetail": null
}
]
}
Get Resources Alert Results V2
The API method, “get_resources_alert_results_V2”, is used to retrieve Resources alert data. Resources alerts allow you to monitor, manage, and act on any resource changes that occur in your cloud deployment.
You can configure CloudCheckr to send you a Resources alert any time it discovers:
- a new publicly accessible resource
- changes to your AWS Config setup
- changes to your security groups
The preferred HTTP meth