Admin API Reference Guide

You can now use CloudCheckr CMx access tokens when running API calls in our legacy product. You can still use your existing API access keys in the legacy product, but access tokens will provide better security, more consistent authorization management, and the ability to access multiple projects and accounts.
Please use these URLs when accessing the API in the following platforms:
  • AU: https://au.cloudcheckr.com
  • EU: https://eu.cloudcheckr.com
  • GOV: https://gov.cloudcheckr.com
  • FED: https://fed.cloudcheckr.com

CloudCheckr allows for the creation of two different types of access keys. Account-level access keys can only make calls against a single account. Admin-level access keys allow users to make calls against any of their accounts within CloudCheckr. They also allow API users to make account-management related calls that cannot be executed using account-level access keys.

CloudCheckr is revamping its API documentation to ensure that it reflects the best practices for REST and to improve overall consistency. We will restructure each call to include these sections:

Section Description
Input Parameters Options that you pass with the endpoint to influence a response.

Identifies if a parameter is required or optional, the data type, and the parameter description.

API Call URL Identifies the common path for the API (highlighted in yellow) and the end path of the endpoint (highlighted in light blue).

Request Example Includes a sample request that shows the endpoint and a few key parameters.

Formatted in curl since it’s language-agnostic.

Includes the header information and the method (GET or POST in most cases).

Response Example Shows a sample response for all of the parameters passed in the request example.

Includes examples in XML and JSON.


Attempting to make any of these calls using a general API access key will result in an error. You may also use admin-level API keys to make the other calls found in the general API Reference guide.

When using an admin-level access keys to make those calls you must add one of the following parameter to your calls:
  • use_account – the name of the account you are making the call for, where the name is the name of the account added in CloudCheckr.
  • use_cc_account_id – the ID of the account you are making the call for. The ID is returned when using the method ‘account/add_account_v3′ to register the account in CloudCheckr.

XML Call:

https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]

JSON Call:

https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]

Using Access Keys

CloudCheckr requires an access key to be passed as a parameter to all API calls.

Click here for details on creating and managing access keys.

Example of Using an Access Key:

https://api.cloudcheckr.com/api/change_monitoring.json/get_changes?access_key=[access_key]

Preferred HTTP Methods

When using libraries such as curl, you may need to indicate the HTTP method to use (POST or GET). The CloudCheckr API accepts both POST and GET in most API calls. However, we recommend you use the preferred HTTP method when possible.

The preferred HTTP method for each call is GET unless specifically noted in the API CALLS section.

For more information on HTTP methods, click here:  http://www.w3schools.com/tags/ref_httpmethods.asp.


API Calls

Add Access Control Lists Per Account Per Group

The API method, “add_access_control_lists_per_account_per_group”, is used to add access control lists per account per group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
acls list <string> required; unique alphanumeric ID for each access control list (acl)
group_id string required; group ID
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group?access_key=your_admin_access_key&use_account=AWS Main

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group? access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]

RESPONSE EXAMPLE:

XML:

<AddAccessControlListsPerAccountPerGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
          <results>
          <id>315ed648-da56-4713-98db-7d0a434a31f9<
          /id>
          <code>
          0<
          /code>
          <message>
          null<
          /message>
          <
          /results>
          </AddAccessControlListsPerAccountPerGroupResponse>
          

JSON:

{
              "Id": "315ed648-da56-4713-98db-7d0a434a31f9",
              "Code": 0,
              "Message": null
          }

Add Account V3

The API method, “add_account_v3”, is used to register an AWS account with CloudCheckr. This method will return a unique ID, “cc_account_id”, to enhance security for the newly-created account. Customers can use “cc_account_id” for the parameter, “use_cc_account_id”, when making calls to the admin-level API.

  • The preferred HTTP method for this call is POST.
  • AWS secret keys typically contain special characters. To submit as a parameter on the URL, you must URL encode it. Click here for details.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
account_name string required; the name of the AWS account to register with CloudCheckr
user_name string optional; the name of the user that will have access to this account. If no user is specified, the first administrator of the account will be applied
aws_access_key string optional; the access key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account
aws_secret_key string optional; the secret key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account
account_tag string optional; the tag for the account to be used within a Multi-Account View (MAV)
emails list <string> optional; the email address(es) that will populate the account’s email settings and determine who receives the automated reports.

If this parameter is not used, the email address used when registering the CloudCheckr account will be populated in this field.
payer_use_account string optional; the name of the payer account
payee_aws_account_id string optional; the AWS account ID associated with the payee account
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*

You will only need to define one of the * parameters if you want the new account to be linked to a payer account; if you do not want to link a payer account, then none of the three * parameters are needed.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key


REQUEST EXAMPLE:

The Request Example uses the “cc_account_id” to show what the URL would look like if a customer needed a new account linked to a payer account.

curl -X POST \
               -- https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key&use_cc_account_id=1234\
               -- header 'cache-control: no-cache' \
               -- header 'content-type: application/[json|xml]' \
               -- data '{
                  "account_name": "api added aws account",
              }

RESPONSE EXAMPLE:
XML:

<AddAccountV3Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <
          status>
             <account_status>Success</account_status>
             <cc_account_id>38</cc_account_id>
             <credential_status>No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.</credential_status>
             <role_account_id>352813966789</role_account_id>
             <cc_external_id>CC-69CFBFCA8BF21FA123BA566A6DAAB227</cc_external_id>
          </status>
          </AddAccountV3Response>

JSON:

{
             "account_status": "Success",
             "cc_account_id": 38,
             "credential_status": "No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.",
             "role_account_id": "352813966789",
             "cc_external_id": "CC-69CFBFCA8BF21FA123BA566A6DAAB227"
          }
You can use the “role_account_id” and “cc_external_id” to create a role using the AWS Command Line Interface (CLI). See the Create Role topic in the AWS documentation for more information.

Add API Key

The API method, “add_api_key”, is used to create a new CloudCheckr API key for a specific account.

You cannot create admin-level API keys with this method.

The preferred HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_api_key?access_key=[access_key]&accounts=[account_name]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_api_key?access_key=[access_key]&accounts=[account_name]

INPUT PARAMETERS
This call accepts these parameters:

  • access_key (required) – standard access key required for all API calls.
  • accounts (required) – name(s) of the account(s) for which an API key is being created. Accepts multiple accounts.

OUTPUT
XML Example:

<AddApiKeyResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <CreationStatuses>
                  <string>
          Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]
          </string>
              </CreationStatuses>
          </AddApiKeyResponse>
          

JSON Example:

{
             "CreationStatuses": [
                "Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]"
             ]
          }

Add MAV Account

The API method, “add_mav_account”, is used to create a new Multi-View Account (MAV).

Important: This call can only be made using admin-level access keys.

The preferred HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_mav_account?access_key=[access_key]&account_name=[account_name]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_mav_account?access_key=[access_key]&account_name=[account_name]

INPUT PARAMETERS
This call accepts these parameters:

  • access_key (required) – Admin-level access key required for all API calls.
  • account_name (required) – name of the new MAV account(s).
  • account_tags_to_set (optional) – comma-separated list of tags to apply to the MAV. The tag must exist.
  • for_all_accounts (optional) – true or false or 1 or 0 values. Same impact as having the “This Multi-Account View should include ALL ACCOUNTS” checked in the UI.

OUTPUT

XML & JSON Example:

{
"Code":200,
"Message":"OK"
}

Add Tag

The API method, “add_tag”, is used to create and enable an account-level tag and apply this tag to account(s), which you can use to build Multi-Account Views (MAVs).

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
tag_name string required; name of the account-level tag you are creating
account_name string required; name of the account where you are creating the tag
accounts string required; name of the accounts where you want to apply the tag
use_aws_account_id string *optional/required; the 12-digit AWS account ID
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

	https://api.cloudcheckr.com/api/account.[json|xml]/add_tag

REQUEST EXAMPLE:

curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_tag?access_key=your_admin_access_key&tag_name=my_tag_name& account_name=my_account_name&accounts=account 1, account 2&use_cc_account_id=1234' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"tag_name": Production Tag,
"account_name": Production Account,
"accounts": Prod 1, Prod 2
}'

RESPONSE EXAMPLE:

	{
"Code": 200,
"Message": "OK"
}

Add User

The API method, “add_user”, creates a new CloudCheckr user.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
email list <string> required; the email address of the new user
account_access list <string> required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s)
user_role string required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator
group string optional; the name of the group associated with the new user
cost_report boolean optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
blended_cost boolean optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
unblended_cost boolean optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
list_cost boolean optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
resource_utilization_reports boolean optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
trending_reports boolean optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
change_monitoring boolean optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
best_practices boolean optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
edit_emails boolean optional; identifies if the customer can modify email addresses associated with the user
all_access boolean optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y”
password string optional; sets the password for the new user
automation boolean optional; allows the new user to access the associated report
savings boolean optional; allows the new user to access the associated report
alerts boolean optional; allows the new user to access the associated report
inventory boolean optional; allows the new user to access the associated report
security boolean optional; allows the new user to access the associated report
account_notification boolean optional; allows the new user to receive notifications from any associated accounts
partner_tools boolean optional; allows the new user to access the partner tools
edit_partner_tools boolean optional; allows the new user to modify the configuration of the partner tools
see_api_keys boolean optional; makes the API key visible to the new user
auth_types boolean optional; allows the new user access to authorization types
use_default_provider boolean optional; allows the new user to use the default provider configuration
sso_provider string optional; indicates that the new user has an SSO association
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"auth_types": "saml",
"group": "g2",
"use_default_provider": "true",
"sso_provider": "PingOne"
}

RESPONSE EXAMPLE:
XML:

<AddUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: newUser@cloudcheckr.com</CreationStatuses>
          </AddUserResponse>
          

JSON:

{
              "CreationStatuses": [
                  "Created new user with email: newUser32i34i32ke@cloudcheckr.com"
              ]
          }

Add Users

The API method, “add_users”, creates multiple CloudCheckr users.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
email string required; the email address of the new user
account_access list <string> required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s)
user_role string required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator
group string optional; the name of the group associated with the new user
cost_report boolean optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
blended_cost boolean optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
unblended_cost boolean optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
list_cost boolean optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
resource_utilization_reports boolean optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
trending_reports boolean optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
change_monitoring boolean optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
best_practices boolean optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
edit_emails boolean optional; identifies if the customer can modify email addresses associated with the user
all_access boolean optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y”
password string optional; sets the password for the new user
automation boolean optional; allows the new user to access the associated report
savings boolean optional; allows the new user to access the associated report
alerts boolean optional; allows the new user to access the associated report
inventory boolean optional; allows the new user to access the associated report
security boolean optional; allows the new user to access the associated report
account_notification boolean optional; allows the new user to receive notifications from any associated accounts
partner_tools boolean optional; allows the new user to access the partner tools
edit_partner_tools boolean optional; allows the new user to modify the configuration of the partner tools
see_api_keys boolean optional; makes the API key visible to the new user
auth_types boolean optional; allows the new user access to authorization types
use_default_provider boolean optional; allows the new user to use the default provider configuration
sso_provider string optional; indicates that the new user has an SSO association
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"group": "g2",
"use_default_provider": 'true",
"sso_provider": "PingOne"
}

RESPONSE EXAMPLE:
XML:

<AddUsersResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>
             <status>Created new user with email: newUser48f@cloudcheckr.com</status>
             <status>Created new user with email: newUserk39dk@cloudcheckr.com</status>
          </CreationStatuses>
          </AddUsersResponse>
          

JSON:

{
              "CreationStatuses": [
                  "Created new user with email: newUser48f@cloudcheckr.com@cloudcheckr.com",
                  "Created new user with email: newUserk39dk@cloudcheckr.com"
              ]
          }

Add User To Group

The API method, “add_user_to_group”, is used to add an existing CloudCheckr user to a new group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
group_id string required; unique identifier associated with the group
user_ids list <string> required; unique identifiers associated with the user(s) you add to the group
If you add multiple users in a group, the response will provide them in a comma-separated list.
use_aws_account_id string *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_account
  • use_cc_account_id
  • use_aws_account_id

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group

REQUEST EXAMPLE:

curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group?access_key=[your_access_key]&use_cc_account_id=3&user_ids=[some values]&group_id=[some value]\ \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "e85446b9-8821-41a6-9558-7550756dd899",
"user_ids": [
"8B65E388-8A0B-4B5A-A12B-8B0325D0ABF4",
"683C1113-1FF0-4F8B-AA3D-9288D2ED615A"
]
}'

RESPONSE EXAMPLE:

XML:

<AddUserToGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</AddUserToGroupResponse>

JSON:

{
"Code": 200,
"Message": "OK"
}

Clone Group

The API method, “clone_group”, creates a copy of an existing group without the users.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; group ID
name string required; name
use_account string required; friendly name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/clone_group

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/clone_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)access_key": "someValHere",
"(required)group_id": "someValHere",
"(required)name": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Configure Custom Cost

The API method, "configure_custom_cost", is used to configure the custom cost settings for a CloudCheckr account.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
CostType string required; identifies if you want to build List cost based on Unblended or Blended costs
CustomCostRIAmortization string required; identifies how you want your upfront cost amortized
RetiredRIAmortization string optional; identifies if you chose to amortize until the expected end date, the revised end date, or if you chose premature amortization
RIUnsharing string required; identifies if you want to unshare your RIs
SelectedFamilies List string required; identifies the account families that you want to benefit from unsharing
EnforceEc2RIVolume boolean required; indicates if you adjusted any RI volume discounts to reflect any account family purchases
UncompressPricingTiers boolean required; identifies if you want to uncompress your pricing tiers across your consolidated billing families to provide more accurate custom costs
SPAllocation string optional; identifies if you chose to revert discounts from accounts that benefited inadvertently from Savings Plans and change the usage to On-Demand
use_aws_account_id string *optional/required; the 12-digit AWS account ID where the custom billing charge is applied (must be payer account)
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for

This is the same ID that the API returns when you make the call 'add_account_v3′ to register the account in CloudCheckr.

*Because this call requires an admin-level access key, you are required to add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

ENDPOINT URL:

https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost

JSON/XML CALL EXAMPLE:

curl --request POST \
--'https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost?access_key=your_admin_access_key&use_cc_account_id=7'\
--header'cache-control: no-cache'\
--header'content-type: application/[json|xml]'\
--data'{
"CostType":"Unblended",
"CustomCostRIAmortization":"Disabled",
"RIUnsharing":"Disabled",
"EnforceEc2RIVolume":"false",
"UncompressPricingTiers":"false",
"SPAllocation":"Disabled",
"use_cc_account_id":"7"
}'

SUCCESSFUL JSON/XML RESPONSE:

{
"Code":"200",
"Message": "OK"
}

Copy User

The API method “copy user” is used to create a new CloudCheckr user with the exact permissions as an existing user.

IMPORTANT: This call can only be made using admin-level access keys.

The preferred HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]

JSON call:

https://api.cloudcheckr.com/api/account.json/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for this call.
  • email_to_copy (required) – The email address of the existing user.
  • emails (required) – The email address(es) of the new user(s).
  • use_account (required — either this field or ‘use_cc_account_id’) – The name of the AWS account within CloudCheckr.
  • use_cc_account_id (required — either this field or ‘use_account’) – The CloudCheckr ID number for the AWS account within the application.

You can also use this call to add multiple users at once. Simply include all of the emails required, separated by commas.

OUTPUT

XML Example:

<CopyUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: mytest@mytest.me</CopyUserResponse>
          

JSON Example:

{
"CreationStatuses": [
"Created new user with email: mytest@mytest.me"
]
}

Delete Access Control List From Group

The API method, “delete_access_control_list_from_group”, is used to delete an access control list from a group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; ID of the user group
acls list <string> required; access control lists (ACLs)
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_groupaccess_key=your_admin_access_key&use_account=AWS Main

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_group?access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]
}

RESPONSE EXAMPLE:
XML:

<DeleteAccessControlListFromGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <Status>
                <Code>200</Code>
                <Message>OK</Message>
             </Status>
          </DeleteAccessControlListFromGroupResponse>
          

JSON:

{
"Code": 200,
"Message": "OK"
}

Delete Account

The API method “delete_account” is used to remove an AWS account that has been registered with CloudCheckr.

IMPORTANT: This call can only be made using Admin-Level Access Keys.

The preferred HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/delete_account?access_key=[access_key]&account_name=MyAccountName

JSON call:

https://api.cloudcheckr.com/api/account.json/delete_account?access_key=[access_key]&account_name=MyAccountName

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for this call.
  • account_name (required) – the name of the AWS account that will be removed from CloudCheckr.

OUTPUT

XML & JSON Example:

{
"Code":200,
"Message":"OK"
}

Delete Group

The API method, “delete_group”, is used to delete the group with the specified ID.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; group ID
email string required; email address of the user
user_id string required; user ID
use_account string required; friendly name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/delete_group

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"(required)group_id": "someValHere",
"email": "someValHere",
"user_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Delete Tag

The API method, “delete_tag”, is used to delete an account-level tag in Multi-Account Views. If you delete an account-level tag, it will impact any account that uses this tag to build its Multi-Account Views (MAVs).

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
account_name string required; name of the account that contains the tag
account_tag string required; name of the account-level tag that will be deleted

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag?access_key=[access key]
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
'account_name': 'my account name',
'account_tag': 'my account tag'
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Edit Account Email Settings V2

The API method, “edit_account_email_settings_v2”, allows you to identify what conditions will trigger an email notification, how often you want CloudCheckr to send these notifications, and who will receive these notifications.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
emails string required; identifies the email address(es) of the notification recipients
If you have multiple recipients, separate each address with a comma.
alert_daily_billing boolean optional; select if you want CloudCheckr to send an alert email if your daily cost goes above a selected percentage of your threshold
alert_health_affected boolean optional; select if you want CloudCheckr to send an alert email if problems with AWS performance and/or services, such as outages, are affecting one or more of your resources
alert_health_all boolean optional; select if you want CloudCheckr to send an alert email if AWS performance and/or services is experiencing any problems such as outages
daily_bill_summary boolean optional; select if you want CloudCheckr to email a summary of your daily bill that includes highlights of any unusual activity
daily_best_practices boolean optional; select if you want CloudCheckr to send a daily email with the Best Practices recommendations that it discovers in your account
daily_bpc_importance_level boolean optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the daily Best Practices email
daily_bpc_type boolean optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the daily Best Practices email
change_monitoring boolean optional; select if you want CloudCheckr to send an email when it detects any changes in the Change Monitoring report
change_monitoring_aws_config boolean optional; select if you want CloudCheckr to send an email when it detects any changes in AWS Config
improperly_tagged_resources boolean optional; select if you want CloudCheckr to send an email when your resources break any tagging rules
automation boolean optional; select if you want CloudCheckr to send an email when an automation job finds or processes an item
self_healing boolean optional; select if you want CloudCheckr to send an email that reports on Self-Healing activity
daily_consolidated_bill_summary boolean optional; select you want CloudCheckr to send a daily email summary of the costs, credits, and the net bill of all your consolidated billing accounts
cloudtrail_summary boolean optional; select if you want CloudCheckr to send a daily email summary of the CloudTrail Event Counts filtered by the Top 10 users, event types, and failed event types
inventory_summary_report boolean optional; select if you want CloudCheckr to send a weekly email that lists two to three high-level statistics for each AWS service
ec2_trending_report boolean optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 configuration and usage
s3_summary_report boolean optional; select if you want CloudCheckr to send a weekly email that provides statistics on your S3 configuration and usage
ec2_resource_utilization_report boolean optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 CPU and network utilization
weekly_best_practices boolean optional; select if you want CloudCheckr to send a weekly email with the Best Practices recommendations that it discovers in your account
weekly_bpc_importance_level boolean optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the weekly Best Practices email
weekly_bpc_type boolean optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the weekly Best Practices email
monthly_bill_summary boolean optional; select if you want CloudCheckr to email a summary of your monthly bill that includes highlights of any unusual activity
monthly_consolidated_bill_summary boolean optional; select you want CloudCheckr to send a monthly email summary of the costs, credits, and the net bill of all your consolidated billing accounts
monthly_best_practices boolean optional; select if you want CloudCheckr to send a monthly email with the Best Practices recommendations that it discovers in your account
monthly_bpc_importance_level boolean optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the monthly Best Practices email
monthly_bpc_type boolean optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the monthly Best Practices email
use_aws_account_id string *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/edit_account_email_settings_v2
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/edit_account_email_settings_v2?access_key=your_admin_access_key&use_aws_account_id=123451050627&emails=email_addresses' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"emails": "this@mailbox.com,that@mailbox.com",
"use_aws_account_id": "123451050627"
}

RESPONSE EXAMPLES:

Result 200 OK (XML):

	<edit_account_email_settings_v2Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</edit_account_email_settings_v2Response>

Result 200 OK (JSON):

	{
"Code": 200,
"Message": "OK"
}

Edit Account Name

The API method, “edit_accountname”, is used to edit the account name to better fit with the naming conventions used within your deployment.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key

Alternatively, you can use an account API key to rename the account.
account_name string required; name of the Cloudcheckr account
use_account string required/optional; friendly name of the account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID*
If you use an admin-level API key, you must define one of the * parameters.

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/edit_accountname

JSON/XML CALL EXAMPLE:

curl --request POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/edit_accountname?access_key=[access key]
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
'account_name': CloudCheckr Support',
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Edit Credential

The API method, “edit_credential”, is used to add or change the AWS credentials on an AWS account that has been registered with CloudCheckr.

Note:

  • The HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key

Alternatively, you can use an account API key to rename the account.
aws_access_key string required/optional; the access key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account*
aws_secret_key string required/optional; the secret key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account*
use_account string required/optional; name of the account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID*
aws_role_arn string required/optional; AWS role ARN parameter that gets generated when you create a role in AWS using CLI*

See the Create Role topic in the AWS documentation for more information.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/edit_credential/

REQUEST EXAMPLE:

curl --request POST \  
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/edit_credential?access_key=your_admin_access_key

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Get Access Control List

The API method, “get_access_control_list”, configures which features of the application are visible and accessible for an account.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
section string

optional; the name of the feature, module, or report that you want users to have access to in the application

Here are some examples of sections in the application:

  • Savings
  • Best Practices
  • Cost
  • Inventory
If you do not specify a section, all sections will be visible and accessible in the account.

use_aws_account_id

string

*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for

use_account

string

*optional/required; the name of the CloudCheckr account you are making the call for

use_cc_account_id

string

*optional/required; the CloudCheckr ID of the account you are making the call for

*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list

REQUEST EXAMPLE:

curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.json/get_access_control_list' \
-- header 'access_key: [access key]' \
-- header 'content-type: application/json' \
-- data '{
"section": "Savings",
"use_cc_account_id": "3"
}

RESPONSE EXAMPLES:

<?xml version="1.0" encoding="UTF-8" ?>
<responseModel>
<Id>02xxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]cedd1593-75d5-48d1-a48c-e17</xxxxxxxxxxx>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<responseModel>
<Id>02bxxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]da61a4df-d4be-4a57-9e6a-xxxxxxxxxxxx</Id>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<responseModel>
<Id>02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]f3dc0618-c139-4f28-99d5-xxxxxxxxxxxx</Id>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<responseModel>
<Id>02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]6feaacf0-e136-48c4-90b1-xxxxxxxxxxxx</Id>
<Name>Cost Savings</Name>
<Section>Savings</Section>
<Code>0</Code>
<Message />
</responseModel>
<Code>200</Code>
<Message>OK</Message>

{
"responseModel": [
{
"Id": "02xxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]cedd1593-75d5-48d1-a48c-e17",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
},
{
"Id": "02bxxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]da61a4df-d4be-4a57-9e6a-xxxxxxxxxxxx",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
},
{
"Id": "02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]f3dc0618-c139-4f28-99d5-xxxxxxxxxxxx",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
},
{
"Id": "02bxxxxx-7953-4932-88d5-0d54fdf01c51[CC_Delimiter]6feaacf0-e136-48c4-90b1-xxxxxxxxxxxx",
"Name": "Cost Savings",
"Section": "Savings",
"Code": 0,
"Message": null
}
],
"Code": 200,
"Message": "OK"
}

Get Access Control List By ID

The API method, “get_access_control_list_by_id”, is used to return the access control list by ID.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
id string required; ID of the ACL item
use_account string required; friendly name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_by_id

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_by_id&access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"(required)id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Get Access Control List Per Group

The API method, “get_access_control_list_per_group”, is used to return the access control list by group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; ID of the group
use_account string required/optional: friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional: unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional: the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_per_group?access_key=your_admin_access_key&use_account=AWS Main&group_id=315ED648-DA56-4713-98DB-7D0A434A31F9

REQUEST EXAMPLE:

curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_access_control_list_per_group?access_key=your_admin_access_key&use_account=AWS Main&group_id=315ED648-DA56-4713-98DB-7D0A434A31F9\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:
XML:

<GetAccessControlListPerGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
               <acl>
                 <id>dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]bde7a10b-6e76-4ce5-918c-5c4821b4f3bd</id>
                 <name>Inventory Summary</name>
                 <section>Inventory</section>
                 <code>0</code>
                 <message>null</message>
               </acl>
               <acl>
                 <id>dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]4adf637d-667a-4530-a6a4-e8b4e5fcd340</id>
                 <name>Map Overlay</name>
                 <section>Inventory</section>
                 <code>0</code>
                 <message>null</message>
               </acl>
               <acl>
                 <id>dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]08d18f15-1e86-40f7-bc8f-37f8bc27f1b7</id>
                 <nameTagged Resources</name>
                 <section>Inventory</section>
                 <code>0</code>
                 <message>null</message>
               </acl>
          </GetAccessControlListPerGroupResponse>
          

JSON:

{
"Acls": [
{
"Id": "dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]bde7a10b-6e76-4ce5-918c-5c4821b4f3bd",
"Name": "Inventory Summary",
"Section": "Inventory",
"Code": 0,
"Message": null
},
{
"Id": "dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]4adf637d-667a-4530-a6a4-e8b4e5fcd340",
"Name": "Map Overlay",
"Section": "Inventory",
"Code": 0,
"Message": null
},
{
"Id": "dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]08d18f15-1e86-40f7-bc8f-37f8bc27f1b7",
"Name": "Tagged Resources",
"Section": "Inventory",
"Code": 0,
"Message": null
}
]
}

Get Account

The API method, "get_account", is used to determine when CloudCheckr last updated the data in a selected account.

The preferred HTTP method for this call is GET.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
account_id string

required; the CloudCheckr project ID of the account you are making the call for

The account_id is equivalent to the use_cc_account_id.

To get the account_id, you need to run the get_accounts_v4 call, which will return the cc_account_id parameter.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_account

REQUEST EXAMPLE:

curl -- request GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_account?access_key=your_admin_access_key&account_id=3'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:
XML:

<?xml version="1.0" encoding="UTF-8" ?>
<Id>3</Id>
<Name>Test Payer</Name>
<Provider>Amazon Web Services</Provider>
<Type>General</Type>
<AccountId>000011050627</AccountId>
<HasCredentials>true</HasCredentials>
<Note></Note>
<LastUpdated>2020-11-27T01:38:45</LastUpdated>
<PayerId />
<PayerAccountId />
<Code>0</Code>
<Message />

JSON:

{
"Id": 3,
"Name": "Test Payer",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "000011050627",
"HasCredentials": true,
"Note": "",
"LastUpdated": "2020-11-27T01:38:45",
"PayerId": null,
"PayerAccountId": null,
"Code": 0,
"Message": null
}
In our response examples, please note that:
  • Id refers to the project ID or account_id parameter
  • AccountId refers to the AWS account ID

Get Account Email Settings

The API method, “get_account_email_settings”, is used to return a complete list of all email settings in a CloudCheckr account.

  • This call can only be made using admin-level access keys.
  • The preferred HTTP method for this call is GET.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
use_account string required/optional; name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional: the 12-digit AWS account ID; must be a payer account in CloudCheckr*
 One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_account_email_settings?access_key=your_admin_access_key&use_cc_account_id=1234'

REQUEST EXAMPLE:

curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_account_email_settings?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:

XML:

<GetAccountEmailSettingsResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <accounts_and_email_settings>
                  <AccountAndEmailSettings>
                      <ProjectName>Account_Name_Example</ProjectName>
                      <EmailReportRecipients>
                          <EmailAddresses>email1@cloudcheckr.com, email2@cloudcheckr.com</EmailAddresses>
                      </EmailReportRecipients>
                      <AlertEmailSettings>
                          <EnableDailyCostAlert>true</EnableDailyCostAlert>
                          <AwsCostThreshold>10</AwsCostThreshold>
                          <EnableAwsHealthAlerts>false</EnableAwsHealthAlerts>
                          <EnableAwsHealthAlertsIfAffects>true</EnableAwsHealthAlertsIfAffects>
                      </AlertEmailSettings>
                      <DailyEmailSettings>
                          <EnableDailyChangeMonitoring>false</EnableDailyChangeMonitoring>
                          <EnableDailyBestPractice>false</EnableDailyBestPractice>
                          <EnableDailyBillForceUsingCloudWatch>false</EnableDailyBillForceUsingCloudWatch>
                          <EnableDailyAwsConsolidatedBillingSummary>true</EnableDailyAwsConsolidatedBillingSummary>
                          <EnableDailyChangeMonitoringAwsConfig>false</EnableDailyChangeMonitoringAwsConfig>
                          <EnableAutomation>false</EnableAutomation>
                          <EnableImproperlyTaggedResources>false</EnableImproperlyTaggedResources>
                          <EnableDailyCloudTrailSummary>false</EnableDailyCloudTrailSummary>
                          <DailyBestPracticeEmailSettings>
                              <EnableHighImportance>false</EnableHighImportance>
                              <EnableMediumImportance>false</EnableMediumImportance>
                              <EnableLowImportance>false</EnableLowImportance>
                              <EnableInformationalImportance>false</EnableInformationalImportance>
                              <EnableSecurityType>false</EnableSecurityType>
                              <EnableCostType>false</EnableCostType>
                              <EnableUsageType>false</EnableUsageType>
                              <EnableAvailabilityType>false</EnableAvailabilityType>
                              <EnableTrustedAdvisorType>false</EnableTrustedAdvisorType>
                          </DailyBestPracticeEmailSettings>
                      </DailyEmailSettings>
                      <WeeklyEmailSettings>
                          <EnableWeeklyInventory>true</EnableWeeklyInventory>
                          <EnableWeeklyS3Summary>true</EnableWeeklyS3Summary>
                          <EnableWeeklyEc2Trend>true</EnableWeeklyEc2Trend>
                          <EnableWeeklyS3Trend>false</EnableWeeklyS3Trend>
                          <EnableWeeklyEc2Utilization>true</EnableWeeklyEc2Utilization>
                          <EnableWeeklyBestPractice>false</EnableWeeklyBestPractice>
                          <WeeklyBestPracticeEmailSettings>
                              <EnableHighImportanceWeekly>false</EnableHighImportanceWeekly>
                              <EnableMediumImportanceWeekly>false</EnableMediumImportanceWeekly>
                              <EnableLowImportanceWeekly>false</EnableLowImportanceWeekly>
                              <EnableInformationalImportanceWeekly>false</EnableInformationalImportanceWeekly>
                              <EnableSecurityTypeWeekly>false</EnableSecurityTypeWeekly>
                              <EnableCostTypeWeekly>false</EnableCostTypeWeekly>
                              <EnableUsageTypeWeekly>false</EnableUsageTypeWeekly>
                              <EnableAvailabilityTypeWeekly>false</EnableAvailabilityTypeWeekly>
                          </WeeklyBestPracticeEmailSettings>
                      </WeeklyEmailSettings>
                      <MonthlyEmailSettings>
                          <EnableMonthlyCost>false</EnableMonthlyCost>
                          <EnableMonthlyAwsConsolidatedBillingSummary>false</EnableMonthlyAwsConsolidatedBillingSummary>
                          <EnableMonthlyBestPractice>false</EnableMonthlyBestPractice>
                          <DaysSelectedMonthly />
                          <MonthlyBestPracticeEmailSettings>
                              <EnableHighImportanceMonthly>false</EnableHighImportanceMonthly>
                              <EnableMediumImportanceMonthly>false</EnableMediumImportanceMonthly>
                              <EnableLowImportanceMonthly>false</EnableLowImportanceMonthly>
                              <EnableInformationalImportanceMonthly>false</EnableInformationalImportanceMonthly>
                              <EnableSecurityTypeMonthly>false</EnableSecurityTypeMonthly>
                              <EnableCostTypeMonthly>false</EnableCostTypeMonthly>
                              <EnableUsageTypeMonthly>false</EnableUsageTypeMonthly>
                              <EnableAvailabilityTypeMonthly>false</EnableAvailabilityTypeMonthly>
                          </MonthlyBestPracticeEmailSettings>
                      </MonthlyEmailSettings>
                  </AccountAndEmailSettings>
              </accounts_and_email_settings>
          </GetAccountEmailSettingsResponse>
          

JSON:

{
"GetAccountEmailSettingsResponse": {
"accounts_and_email_settings": {
"AccountAndEmailSettings": {
"ProjectName": "Account_Name_Example",
"EmailReportRecipients": {
"EmailAddresses": "email1@cloudcheckr.com, email2@cloudcheckr.com"
},
"AlertEmailSettings": {
"EnableDailyCostAlert": "true",
"AwsCostThreshold": "10",
"EnableAwsHealthAlerts": "false",
"EnableAwsHealthAlertsIfAffects": "true"
},
"DailyEmailSettings": {
"EnableDailyChangeMonitoring": "false",
"EnableDailyBestPractice": "false",
"EnableDailyBillForceUsingCloudWatch": "false",
"EnableDailyAwsConsolidatedBillingSummary": "true",
"EnableDailyChangeMonitoringAwsConfig": "false",
"EnableAutomation": "false",
"EnableImproperlyTaggedResources": "false",
"EnableDailyCloudTrailSummary": "false",
"DailyBestPracticeEmailSettings": {
"EnableHighImportance": "false",
"EnableMediumImportance": "false",
"EnableLowImportance": "false",
"EnableInformationalImportance": "false",
"EnableSecurityType": "false",
"EnableCostType": "false",
"EnableUsageType": "false",
"EnableAvailabilityType": "false",
"EnableTrustedAdvisorType": "false"
}
},
"WeeklyEmailSettings": {
"EnableWeeklyInventory": "true",
"EnableWeeklyS3Summary": "true",
"EnableWeeklyEc2Trend": "true",
"EnableWeeklyS3Trend": "false",
"EnableWeeklyEc2Utilization": "true",
"EnableWeeklyBestPractice": "false",
"WeeklyBestPracticeEmailSettings": {
"EnableHighImportanceWeekly": "false",
"EnableMediumImportanceWeekly": "false",
"EnableLowImportanceWeekly": "false",
"EnableInformationalImportanceWeekly": "false",
"EnableSecurityTypeWeekly": "false",
"EnableCostTypeWeekly": "false",
"EnableUsageTypeWeekly": "false",
"EnableAvailabilityTypeWeekly": "false"
}
},
"MonthlyEmailSettings": {
"EnableMonthlyCost": "false",
"EnableMonthlyAwsConsolidatedBillingSummary": "false",
"EnableMonthlyBestPractice": "false",
"DaysSelectedMonthly": "",
"MonthlyBestPracticeEmailSettings": {
"EnableHighImportanceMonthly": "false",
"EnableMediumImportanceMonthly": "false",
"EnableLowImportanceMonthly": "false",
"EnableInformationalImportanceMonthly": "false",
"EnableSecurityTypeMonthly": "false",
"EnableCostTypeMonthly": "false",
"EnableUsageTypeMonthly": "false",
"EnableAvailabilityTypeMonthly": "false"
}
}
}
}
}

Get Account Level Tags V2

The API method “get_account_level_tags_v2”, returns enabled account-level tags in three ways:

When called with only an access key, the call returns all account-level tags enabled in this customer, grouped by project name.

When called with a general account specified, the call returns all account-level tags enabled on that general account.

When called with a Multi-Account View specified, the call returns a list of accounts associated with the MAV and all enabled tags in the MAV.

Using call against general accounts:

The preferred HTTP method for this call is GET.

XML call:

https://api.cloudcheckr.com/api/account.xml/get_account_level_tags_v2?access_key=[access_key]

JSON call:

https://api.cloudcheckr.com/api/account.json/get_account_level_tags_v2?access_key=[access_key]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for this call.
  • use_account (optional) – Account name is used here; returns enabled account-level tags from specific account(s).

OUTPUT

XML Example:

<AccountLevelTagsReponse
                xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <AccountItems>
                     <AccountItem>
                          <AccountName>My General Account Name</AccountName>
                          <TagsNames>
                               <string>MyAccountLevelTag1</string>
                               <string>MyAccountLevelTag2</string>
                          </TagsNames>
                     </AccountItem>
                </AccountItems>
           </AccountLevelTagsReponse>

JSON Example:

{
           {AccountItems": [{"AccountName": "814089178758_IOC_PRD", "TagsNames": ["ISD", "USD Accounts", "All Intel Accounts", "All SSG Accounts]}]}
          
          
          
          

Using the call against Multi-Account Views:

XML call:

https://api.cloudcheckr.com/api/account.xml/get_account_level_tags_v2?access_key=[access_key]&use_account=[MAV account name]

JSON call:

https://api.cloudcheckr.com/api/account.json/get_account_level_tags_v2?access_key=[access_key]&use_account=[MAV account name]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for this call.
  • use_account (required)- Account name is used here; returns enabled account-level tags from MAV account(s).

OUTPUT

XML Example:

<AccountLevelTagsReponse
                xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <AccountItems>
                     <AccountItem>
                          <AccountName>My MAV Account Name</AccountName>
                          <TagsNames>
                               <string>MyAccountLevelTag1</string>
                               <string>MyAccountLevelTag2</string>
                          </TagsNames>
                     </AccountItem>
                </AccountItems>
           </AccountLevelTagsReponse>

JSON Example:

{
           "AccountLevelTagsReponse": {
             "-xmlns:xsd": "http://www.w3.org/2001/XMLSchema",
             "-xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance",
               "AccountItems": {
                 "AccountItem": {
                   "AccountName": "My MAV Account Name",
                   "TagsNames": {
                     "string": [
                       "MyAccountLevelTag1",
                       "MyAccountLevelTag2"
                     ]
                   }
                 }
               }
             }
           }
          

Get Accounts By Group

The API method, “get_accounts_by_group”, is used to return a list of accounts based by a group ID.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; ID of the group
use_account string required; name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get accounts_by_group

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_by_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin-level)access_key": "someValHere",
"(required)group_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Projects": [
{
"Id": 3,
"Name": "2150 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "215011050627",
"HasCredentials": true,
"Note": "",
"LastUpdated": "2019-09-19T22:00:50"
},
{
"Id": 3,
"Name": "2150 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "215011050627",
"HasCredentials": true,
"Note": "",
"LastUpdated": "2019-09-19T22:00:50"
},
{
"Id": 4,
"Name": "949 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "949195593353",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T13:58:42"
},
{
"Id": 4,
"Name": "949 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "949195593353",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T13:58:42"
},
{
"Id": 6,
"Name": "4430 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "443094636793",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T18:24:01"
},
{
"Id": 6,
"Name": "4430 AWS Prod",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "443094636793",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T18:24:01"
},
{
"Id": 8,
"Name": "open-sales-int-field-poc",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "103237659442",
"HasCredentials": true,
"Note": "tesst",
"LastUpdated": "2019-09-19T18:18:50"
},
{
"Id": 821,
"Name": "China Test",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "281027638441",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2017-05-16T15:07:50"
},
{
"Id": 938,
"Name": "DevOps Account",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "087544996801",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T14:55:58"
},
{
"Id": 1522,
"Name": "Map To Payer",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "625072036134",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-20T09:42:35"
},
{
"Id": 1536,
"Name": "183698509299",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "183698509299",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-20T16:09:13"
},
{
"Id": 1537,
"Name": "245990094719",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "245990094719",
"HasCredentials": true,
"Note": null,
"LastUpdated": null
},
{
"Id": 1539,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"+nj0zsTpqp20TR+3J5d/iQ==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "557949322966",
"HasCredentials": true,
"Note": null,
"LastUpdated": null
},
{
"Id": 1540,
"Name": "260172486890",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "260172486890",
"HasCredentials": true,
"Note": null,
"LastUpdated": null
},
{
"Id": 1645,
"Name": "718017 Demo",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1662,
"Name": "1836 Duplicate Test",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": "183698509299",
"HasCredentials": true,
"Note": null,
"LastUpdated": "2019-09-19T17:58:44"
},
{
"Id": 1667,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"le+IPer7RwEkaZIUzUkC4w==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1669,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"hBuyY+5DPgGWQa0Zldizqw==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1670,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"1QvCGYHCAJ9D+TZzj8gs+Q==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1672,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"qgBge5jxZGgi9HmkbPqWmw==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1674,
"Name": "{\"Rowkey\":\"gy6x99zrwhea7r2s69xhjb861ejh3025\",\"Data\":\"RTtaVBm1Eko3i3+azzldTA==\"}",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
},
{
"Id": 1675,
"Name": "Sample (demo purposes only)",
"Provider": "Amazon Web Services",
"Type": "General",
"AccountId": null,
"HasCredentials": false,
"Note": null,
"LastUpdated": null
}
]
}

Get Accounts V2

The API method, “get_accounts_v2”, is used to return a complete list of all AWS accounts registered in CloudCheckr. This call will return an ID for each account that can be used for the parameter, “use_cc_account_id”, when making calls to the admin-level API. It will also include the AWS account ID.

This call can only be made using admin-level access keys.

The preferred HTTP method for this call is GET.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
use_account string required/optional; name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v2?access_key=[access_key]

REQUEST EXAMPLE:

curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v2?access_key=your_admin_access_key'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:
XML:

<GetAccountsResponse2 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <accounts_and_users>
                  <AccountAndUsernames>
                      <account_name>AWS Account1</account_name>
                      <cc_account_id>1</cc_account_id>
                      <aws_account_id>123456789012</aws_account_id>
                      <user_names>
                          <string>user@domain.com</string>
                      </user_names>
                  </AccountAndUsernames>
              </accounts_and_users>
          </GetAccountsResponse2>


JSON:

{
"accounts_and_users": [
{
"account_name": "AWS Account1",
"cc_account_id": "1",
"user_names":
"aws_account_id":"123456789012" [
"user@domain.com"
]
},
{
"accounts_and_users": [
{
"account_name": "AWS Account2",
"cc_account_id": "2",
"user_names":
"aws_account_id":"234567890123" [
"user@domain.com"
]
},
{
"accounts_and_users": [
{
"account_name": "AWS Account3",
"cc_account_id": "3",
"user_names":
"aws_account_id":"345678901234" [
"user@domain.com"
]
}
]
}

Get Accounts V4

The API method, “get_accounts_v4”, is used to return a complete list of all AWS and Azure accounts registered in CloudCheckr. This call will return an ID for each account that can be used for the parameter, “use_cc_account_id”, when making calls to the admin-level API. For AWS, it will include the AWS account ID and for Azure, it will include the Subscription ID.

This call can only be made using admin-level access keys.

The preferred HTTP method for this call is GET.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
use_account string required/optional; name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v4?access_key=[access_key]

REQUEST EXAMPLE:

curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_accounts_v4?access_key=your_admin_access_key'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:
XML:

<GetAccountsResponse4 xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
               <accounts_and_users>
                  <AccountAndUsernames4>
                      <account_name>AWS Account Name</account_name>
                      <cc_account_id>1</cc_account_id>
                      <user_names>
                          <string>user@domain.com</string>
                      </user_names>
                      <aws_account_id>123456789012</aws_account_id>
                      <externalId>CC-99999999999999999999999999999999</externalId>
                  </AccountAndUsernames4>
              <AccountAndUsernames4>
                      <account_name>Azure Subscription</account_name>
                      <cc_account_id>2</cc_account_id>
                      <user_names>
                          <string>user@domain.com</string>
                      </user_names>
                      <externalId>CC-88888888888888888888888888888888</externalId>
                      <azure_account_id>11111111-2222-3333-4444-555555555555</azure_account_id>
                  </AccountAndUsernames4>
              </accounts_and_users>
          </GetAccountsResponse4>

JSON:

{
"accounts_and_users": {
"accounts_and_users": [
{
"azure_account_id": null,
"externalId": "CC-99999999999999999999999999999999",
"aws_account_id": "123456789012",
"account_name": "AWS Account Name",
"cc_account_id": "1",
"user_names": [
"user@domain.com"
]
},
{
"azure_account_id": "11111111-2222-3333-4444-555555555555",
"externalId": "CC-88888888888888888888888888888888",
"aws_account_id": null,
"account_name": "Azure Subscription",
"cc_account_id": "2",
"user_names": [
"user@domain.com"
]
}
]
}

Get CloudTrail Custom Metrics

The API method, “get_cloudtrail_custom_metrics”, is used to export a list of Amazon Machine Images (AMIs) and every launched instance. This API request is based on the Ec2AmiWorkload custom metric.

The preferred HTTP method for this call is GET.

INPUT PARAMETERS:

Parameter

Type

Description

access_key

string

required; admin-level access key

type

string

optional; type of custom metric
Currently, the only acceptable value is Ec2AmiWorkload.

from

DateTime

optional; the date that you want CloudCheckr to start getting data for the CloudTrail custom metrics

to

DateTime

optional; the date that you want CloudCheckr to stop getting data for the CloudTrail custom metrics

use_aws_account_id

string

*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for

use_account

string

*optional/required; the name of the CloudCheckr account you are making the call for

use_cc_account_id

string

*optional/required; the CloudCheckr ID of the account you are making the call for

*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

https://api.cloudcheckr.com/api/security.[json|xml]/get_cloudtrail_custom_metrics

REQUEST EXAMPLE:

curl -- request GET \
-- 'https://api.cloudcheckr.com/api.cloudcheckr.com/api/security.[json|xml]/get_cloudtrail_custom_metrics?access_key=[your_access_key]&use_cc_account_id=3&type=Ec2AmiWorkload'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:

This call exports the results to a compressed CSV file and contains the following data:

AMI ID EC2 Instance ID Event Date Region AWS Account ID User Identity ARN IP Address User Agent
ami-f1f12345 i-1ab2a345 5/20/2016 15:47 US East (Northern Virginia) 123456789012 arn:aws:iam::123456789012:user/cloudcheckr 192.168.10.10 signin.amazonaws.com
ami-f1f12345 i-1ab2a350 5/15/2016 10:47 US East (Northern Virginia) 123456789012 arn:aws:iam::123456789012:user/cloudcheckr 192.168.10.10 signin.amazonaws.com
ami-f1f12345 i-1ab2a355 5/12/2016 5:47 US East (Northern Virginia) 123456789012 arn:aws:iam::123456789012:user/cloudcheckr 192.168.10.10 signin.amazonaws.com
ami-f2f65432 i-1ab2a360 5/10/2016 1:47 US East (Northern Virginia) 012345678998 arn:aws:iam::123456789012:user/cloudcheckr 192.168.10.100 signin.amazonaws.com
ami-f2f65432 i-1ab2a365 5/5/2016 12:47 US East (Northern Virginia) 012345678998 arn:aws:iam::123456789012:user/cloudcheckr 192.168.10.100 signin.amazonaws.com
ami-f2f65432 i-1ab2a370 5/2/2016 23:47 US East (Northern Virginia) 012345678998 arn:aws:iam::123456789012:user/cloudcheckr 192.168.10.100 signin.amazonaws.com
If the API request does not produce any results, it will generate a blank CSV file.

Get External ID

The API method, “get_external_id”, is used to retrieve external IDs if you require an external ID to be associated with a specific CloudCheckr account.

INPUT PARAMETERS:

access_key string required; admin-level API key

Alternatively, you can use an account API key to rename the account.
use_account string required/optional; name of the account in CloudCheckr*

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_external_id?access_key=00000&use_account=CloudCheckrDev'

REQUEST EXAMPLE:

curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_external_id?access_key=00000&use_account=CloudCheckrDev'
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLES:

XML:


            
              CC-8B02A95B24EAA7179E8118C1216A9BFA
              352813966189
              CloudCheckrDev
            
          
          

JSON:

JSON:

{
"code":200,
"message":"Saved scheduled invoice for CSP L2 Subscription Family"
}

Get Group

The API method, “get_group”, is used to retrieve a group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; ID of the group
use_account string required; name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_group

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin-level)access_key": "someValHere",
"(required)group_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Get Groups

The API method, “get_groups”, is used to return the groups.

The preferred HTTP method for this call is GET.

Parameter Type Description
access_key string required; admin-level API key
email string required; optional; email address associated with the group
user_id string optional; user ID associated with the group
use_account string required/optional; friendly name of the account in the application; ; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in the application; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_groups?access_key=your_admin_access_key

REQUEST EXAMPLE:

curl -X GET \
-- https://api.cloudcheckr.com/api/account.[json|xml]/get_groups?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:
XML:

<GetGroupsResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
           <GroupNames>
               <GroupName>g2</GroupName>
               <GroupName>g3</GroupName>
           </GroupNames>
          </GetGroupsResponse> 

JSON:

{
"GroupNames": [
"g2",
"g3"
]
}

Get Groups V2

The API method, “get_groups_v2”, is used to return the groups.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
email string required; email address of a user
user_id string required; ID of a user
use_account string required; friendly name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/get_groups_v2

JSON/XML CALL EXAMPLE:

curl --request POST\
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/get_groups_v2?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"email": "someValHere",
"user_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Get Invoice V2

The API method, “get_invoice_v2”, is used to retrieve the invoice data from the CloudCheckr invoice generator.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
customer_names List <string> required; a comma-separated list of names of the customers for the invoice you want to retrieve
The customer name should correspond to the name of an account family.
start_date string required; the date that you want CloudCheckr to begin to pull the cost data
end_date string optional; the date that you want CloudCheckr to stop pulling the cost data
format string required; the report format for the invoice
You can select from Summary, Detailed, or Saved Filter.
group_by string required; determines how you can group your cost data based on your invoice format
  • If you selected the Summary format, you must group by region, AWS service, AWS service and region, or account and AWS service.
  • If you selected the Detailed format, you must group by description, operation, or usage type and description.
  • If you selected the Saved Filter format, you must select the name of a saved filter from the list.
saved_filter_name string optional; the name of the saved filter that you want CloudCheckr to use for the report format
regions List <string> optional; select the region from which you want CloudCheckr to pull the invoice data
This parameter accepts region IDs as valid values.
replace_custom_charge_descriptions boolean optional; select if you want to show any custom charge descriptions
currency_denomination string optional; identifies what bill denomination you want to use if you are converting currency from US dollars
currency_conversion string optional; identifies what country’s currency you want to use if you are converting from US dollars
show_credits string optional; select if you want to show credits in your invoice
cost_type string required; select the cost type that you want CloudCheckr to apply in the invoice
You can select from List, Unblended, or Blended cost types.
tag_key string optional; the name of the tag key that you want CloudCheckr to use to filter the invoice data
tag_value string optional; the name of the tag value that you want CloudCheckr to use to filter the invoice data

use_aws_account_id

string

*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for

use_account

string

*optional/required; the name of the CloudCheckr account you are making the call for

use_cc_account_id

string

*optional/required; the CloudCheckr ID of the account you are making the call for

*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

https://api.cloudcheckr.com/api/billing.[json|xml]/get_invoice_v2

REQUEST EXAMPLE:

curl -- request POST \
-- 'https://api.cloudcheckr.com/api/billing.json/get_invoice_v2' \
-- header 'cache-control: no-cache' \
-- header 'access_key: [access key]' \
-- header 'content-type: application/json' \
-- data '{
"customer_names": ["CustomerA (22555) / 12548785424", "CustomerB (12587) / 000000000001"],
"use_cc_account_id": "3",
"start_date": "10/3/2019",
"end_date": "10/3/2019",
"format": "summary",
"group_by": "region",
"cost_type": "list"
}'

RESPONSE EXAMPLES:

<?xml version="1.0" encoding="UTF-8" ?>
<Invoice>
<InvoiceId></InvoiceId>
<CustomerName>CustomerA(22555) / 12548785424</CustomerName>
<CustomerAddress></CustomerAddress>
<CustomerEmail />
<AWSServiceTotal>$2.73</AWSServiceTotal>
<CustomChargeTotal>$0.00</CustomChargeTotal>
<CreditTotal />
<AdditionalInfo />
<HasData>true</HasData>
<InvoiceSummary>
<GroupName>Service Charges</GroupName>
<Cost>$2.73</Cost>
<UsageQuanity />
<InvoiceGroupNextLevel>
<GroupName>GovCloud (US)</GroupName>
<Cost>$2.70</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>GovCloud (US-East)</GroupName>
<Cost>$0.03</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
</InvoiceSummary>
<InvoiceDetail />
</Invoice>
<Invoice>
<InvoiceId></InvoiceId>
<CustomerName>CustomerB(12587) / 000000000001</CustomerName>
<CustomerAddress></CustomerAddress>
<CustomerEmail />
<AWSServiceTotal>$7.03</AWSServiceTotal>
<CustomChargeTotal>$0.00</CustomChargeTotal>
<CreditTotal />
<AdditionalInfo />
<HasData>true</HasData>
<InvoiceSummary>
<GroupName>Service Charges</GroupName>
<Cost>$7.03</Cost>
<UsageQuanity />
<InvoiceGroupNextLevel>
<GroupName>US East (Northern Virginia)</GroupName>
<Cost>$4.85</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Frankfurt)</GroupName>
<Cost>$0.16</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>US West (Oregon)</GroupName>
<Cost>$0.16</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Seoul)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Stockholm)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>US East (Ohio)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Ireland)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Tokyo)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Sydney)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Singapore)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (Paris)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>EU (London)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Asia Pacific (Mumbai)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>US West (Northern California)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>Canada (Central)</GroupName>
<Cost>$0.15</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
<InvoiceGroupNextLevel>
<GroupName>South America (Sao Paulo)</GroupName>
<Cost>&lt; $0.01</Cost>
<UsageQuanity />
</InvoiceGroupNextLevel>
</InvoiceSummary>
<InvoiceDetail />
</Invoice>
{
"Invoice": [
{
"InvoiceId": "",
"CustomerName": "CustomerA(22555) / 12548785424",
"CustomerAddress": "",
"CustomerEmail": null,
"AWSServiceTotal": "$2.73",
"CustomChargeTotal": "$0.00",
"CreditTotal": null,
"AdditionalInfo": null,
"HasData": true,
"InvoiceSummary": [
{
"GroupName": "Service Charges",
"Cost": "$2.73",
"UsageQuanity": null,
"InvoiceGroupNextLevel": [
{
"GroupName": "GovCloud (US)",
"Cost": "$2.70",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "GovCloud (US-East)",
"Cost": "$0.03",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
}
]
}
],
"InvoiceDetail": null
},
{
"InvoiceId": "",
"CustomerName": "CustomerB(12587) / 000000000001",
"CustomerAddress": "",
"CustomerEmail": null,
"AWSServiceTotal": "$7.03",
"CustomChargeTotal": "$0.00",
"CreditTotal": null,
"AdditionalInfo": null,
"HasData": true,
"InvoiceSummary": [
{
"GroupName": "Service Charges",
"Cost": "$7.03",
"UsageQuanity": null,
"InvoiceGroupNextLevel": [
{
"GroupName": "US East (Northern Virginia)",
"Cost": "$4.85",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Frankfurt)",
"Cost": "$0.16",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "US West (Oregon)",
"Cost": "$0.16",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Seoul)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Stockholm)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "US East (Ohio)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Ireland)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Tokyo)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Sydney)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Singapore)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (Paris)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "EU (London)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Asia Pacific (Mumbai)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "US West (Northern California)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "Canada (Central)",
"Cost": "$0.15",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
},
{
"GroupName": "South America (Sao Paulo)",
"Cost": "< $0.01",
"UsageQuanity": null,
"InvoiceGroupNextLevel": []
}
]
}
],
"InvoiceDetail": null
}
]
}

Get Resources Alert Results V2

The API method, “get_resources_alert_results_V2”, is used to retrieve Resources alert data. Resources alerts allow you to monitor, manage, and act on any resource changes that occur in your cloud deployment.

You can configure CloudCheckr to send you a Resources alert any time it discovers:

  • a new publicly accessible resource
  • changes to your AWS Config setup
  • changes to your security groups

The preferred HTTP method for this call is GET.

INPUT PARAMETERS:

Parameter

Type

Description

access_key

string

required; admin-level access key

from

DateTime

optional; the date that you want CloudCheckr to begin to retrieve Resources alert results

to

DateTime

optional; the date that you want CloudCheckr to stop retrieving Resources alert results

alert_name

string

optional; the name of the alert

enabled

boolean

optional; indicates if CloudCheckr will retrieve the results for enabled or disabled alerts

If you set this parameter to True, CloudCheckr will only retrieve Resource alerts that are enabled, which means that in the UI, the Toggle button is moved to On.

If you set this parameter to False, CloudCheckr will only retrieve Resource alerts that are not enabled, which means that in the UI, the Toggle button is moved to Off.

max_results

string

optional; identifies the maximum number of results that CloudCheckr will return before paginating the results

Pagination refers to the number of results that the API will display on a page before it continues those results onto the next page.

use_aws_account_id

string

*optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for

use_account

string

*optional/required; the name of the CloudCheckr account you are making the call for

use_cc_account_id

string

*optional/required; the CloudCheckr ID of the account you are making the call for

*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

https://api.cloudcheckr.com/api/alert.[json|xml]/get_resources_alert_results_v2

REQUEST EXAMPLE:

curl -- request GET \
-- 'https://api.cloudcheckr.com/api/alert.[json|xml]/get_resources_alert_results_v2?access_key=[your_access_key]&use_cc_account_id=3'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \

RESPONSE EXAMPLE:

<?xml version="1.0" encoding="UTF-8" ?>
<alert_results>
<id>106418</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/31/2018 7:06 AM</triggered>
<values>
<key>ChangeType</key>
<value>Modified</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>TestAlert (sg-0291f7f2ca3ec257f)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '80', IpProtocol: 'tcp', ToPort: '80', IpRange: 'sg-1127cf75', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0291f7f2ca3ec257f'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>Test_Alert</triggered_by>
</alert_results>
<alert_results>
<id>106417</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/31/2018 6:41 AM</triggered>
<values>
<key>ChangeType</key>
<value>Added</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>AlertTest (sg-0afa885fd2fbeae0f)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '0', IpProtocol: '-1', ToPort: '0', IpRange: '0.0.0.0/0', Egress: 'True', RegionName: 'us-east-1', GroupId: 'sg-0afa885fd2fbeae0f'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>Test_Alert</triggered_by>
</alert_results>
<alert_results>
<id>106416</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/31/2018 6:31 AM</triggered>
<values>
<key>ChangeType</key>
<value>Modified</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>TestAlert (sg-0291f7f2ca3ec257f)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '22', IpProtocol: 'tcp', ToPort: '22', IpRange: 'sg-905497ff', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0291f7f2ca3ec257f'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>Test_Alert</triggered_by>
</alert_results>
<alert_results>
<id>106415</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/31/2018 6:28 AM</triggered>
<values>
<key>ChangeType</key>
<value>Added</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>TestAlert (sg-0291f7f2ca3ec257f)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '0', IpProtocol: '-1', ToPort: '0', IpRange: '0.0.0.0/0', Egress: 'True', RegionName: 'us-east-1', GroupId: 'sg-0291f7f2ca3ec257f'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>Test_Alert</triggered_by>
</alert_results>
<alert_results>
<id>106414</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/31/2018 6:22 AM</triggered>
<values>
<key>ChangeType</key>
<value>Deleted</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>TestAlert (sg-0ca0c57094736433d)</value>
</values>
<values>
<key>RulesChanges</key>
<value></value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>JB_Sec_Grp_Changes</triggered_by>
</alert_results>
<alert_results>
<id>106411</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 9:41 PM</triggered>
<values>
<key>ChangeType</key>
<value>Added</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>rds-launch-wizard-4 (sg-0e64729ad275576d0)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '1433', IpProtocol: 'tcp', ToPort: '1433', IpRange: '72.43.63.34/32', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0e64729ad275576d0'
Added - FromPort: '0', IpProtocol: '-1', ToPort: '0', IpRange: '0.0.0.0/0', Egress: 'True', RegionName: 'us-east-1', GroupId: 'sg-0e64729ad275576d0'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>JB_Sec_Grp_Changes</triggered_by>
</alert_results>
<alert_results>
<id>106410</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 8:50 PM</triggered>
<values>
<key>ChangeType</key>
<value>Added</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>rds-launch-wizard-3 (sg-0a20224867df46732)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '1433', IpProtocol: 'tcp', ToPort: '1433', IpRange: '72.43.63.34/32', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0a20224867df46732'
Added - FromPort: '0', IpProtocol: '-1', ToPort: '0', IpRange: '0.0.0.0/0', Egress: 'True', RegionName: 'us-east-1', GroupId: 'sg-0a20224867df46732'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>JB_Sec_Grp_Changes</triggered_by>
</alert_results>
<alert_results>
<id>106405</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 8:27 PM</triggered>
<values>
<key>ChangeType</key>
<value>Added</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>rds-launch-wizard-2 (sg-0210bbd24f730c8cc)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '1433', IpProtocol: 'tcp', ToPort: '1433', IpRange: '72.43.63.34/32', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0210bbd24f730c8cc'
Added - FromPort: '0', IpProtocol: '-1', ToPort: '0', IpRange: '0.0.0.0/0', Egress: 'True', RegionName: 'us-east-1', GroupId: 'sg-0210bbd24f730c8cc'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>JB_Sec_Grp_Changes</triggered_by>
</alert_results>
<alert_results>
<id>106402</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 5:32 PM</triggered>
<values>
<key>Resource Id</key>
<value>vpc-24343948</value>
</values>
<values>
<key>Resource Type</key>
<value>VPCs</value>
</values>
<values>
<key>Resource Group</key>
<value></value>
</values>
<values>
<key>Resource Name</key>
<value>vpc-24343948 (Vpc Test)</value>
</values>
<values>
<key>IP</key>
<value>N/A</value>
</values>
<alert_type>New Publicly Accessible Resources</alert_type>
<triggered_by>JB_Public_Access2</triggered_by>
</alert_results>
<alert_results>
<id>106394</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 1:17 PM</triggered>
<values>
<key>ChangeType</key>
<value>Modified</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>launch-wizard-74 (sg-0145a74e09d28856b)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Deleted - FromPort: '3389', IpProtocol: 'tcp', ToPort: '3389', IpRange: '0.0.0.0/0', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0145a74e09d28856b'
Added - FromPort: '3389', IpProtocol: 'tcp', ToPort: '3389', IpRange: '0.0.0.0/0,72.43.63.34/32', Egress: 'False', RegionName: 'us-east-1', GroupId: 'sg-0145a74e09d28856b'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>JB_Sec_Grp_Changes</triggered_by>
</alert_results>
<alert_results>
<id>106393</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 10:23 AM</triggered>
<values>
<key>ChangeType</key>
<value>Added</value>
</values>
<values>
<key>Service</key>
<value>EC2 Security Groups</value>
</values>
<values>
<key>Location</key>
<value>US East (Northern Virginia)</value>
</values>
<values>
<key>Identifier</key>
<value>TestAlert (sg-0ca0c57094736433d)</value>
</values>
<values>
<key>RulesChanges</key>
<value>Added - FromPort: '0', IpProtocol: '-1', ToPort: '0', IpRange: '0.0.0.0/0', Egress: 'True', RegionName: 'us-east-1', GroupId: 'sg-0ca0c57094736433d'
</value>
</values>
<alert_type>Security Group Changes</alert_type>
<triggered_by>JB_Sec_Grp_Changes</triggered_by>
</alert_results>
<alert_results>
<id>106391</id>
<ui_id />
<can_ignore>false</can_ignore>
<triggered>3/30/2018 6:43 AM</triggered>
<values>
<key>ChangeType</key>