Admin API Reference Guide

Please use these URLs when accessing the API in the following platforms:
  • AU: https://au.cloudcheckr.com
  • EU: https://eu.cloudcheckr.com
  • GOV: https://gov.cloudcheckr.com
  • FED: https://fed.cloudcheckr.com

CloudCheckr allows for the creation of two different types of access keys. Account-level access keys can only make calls against a single account. Admin-level access keys allow users to make calls against any of their accounts within CloudCheckr. They also allow API users to make account-management related calls that cannot be executed using account-level access keys.

CloudCheckr is revamping its API documentation to ensure that it reflects the best practices for REST and to improve overall consistency. We will restructure each call to include these sections:

Section Description
Input Parameters Options that you pass with the endpoint to influence a response.

Identifies if a parameter is required or optional, the data type, and the parameter description.

API Call URL Identifies the common path for the API (highlighted in yellow) and the end path of the endpoint (highlighted in light blue).

Request Example Includes a sample request that shows the endpoint and a few key parameters.

Formatted in curl since it’s language-agnostic.

Includes the header information and the method (GET or POST in most cases).

Response Example Shows a sample response for all of the parameters passed in the request example.

Includes examples in XML and JSON.


Attempting to make any of these calls using a general API access key will result in an error. You may also use admin-level API keys to make the other calls found in the general API Reference guide.

When using an admin-level access keys to make those calls you must add one of the following parameter to your calls:
  • use_account – the name of the account you are making the call for, where the name is the name of the account added in CloudCheckr.
  • use_cc_account_id – the ID of the account you are making the call for. The ID is returned when using the method ‘account/add_account_v3′ to register the account in CloudCheckr.

XML Call:

https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.xml/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]

JSON Call:

https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_account=[MyAccount]
https://api.cloudcheckr.com/api/best_practice.json/get_best_practices?access_key=[access_key]&use_cc_account_id=[MyAccountId]

Using Access Keys

CloudCheckr requires an access key to be passed as a parameter to all API calls.

Click here for details on creating and managing access keys.

Example of Using an Access Key:

https://api.cloudcheckr.com/api/change_monitoring.json/get_changes?access_key=[access_key]

Preferred HTTP Methods

When using libraries such as curl, you may need to indicate the HTTP method to use (POST or GET). The CloudCheckr API accepts both POST and GET in most API calls. However, we recommend you use the preferred HTTP method when possible.

The preferred HTTP method for each call is GET unless specifically noted in the API CALLS section.

For more information on HTTP methods, click here:  http://www.w3schools.com/tags/ref_httpmethods.asp.


API Calls

Add Access Control Lists Per Account Per Group

The API method, “add_access_control_lists_per_account_per_group”, is used to add access control lists per account per group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
acls list <string> required; unique alphanumeric ID for each access control list (acl)
group_id string required; group ID
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group?access_key=your_admin_access_key&use_account=AWS Main

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_access_control_lists_per_account_per_group? access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]

RESPONSE EXAMPLE:

XML:

<AddAccessControlListsPerAccountPerGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance>
          <results>
          <id>315ed648-da56-4713-98db-7d0a434a31f9<
          /id>
          <code>
          0<
          /code>
          <message>
          null<
          /message>
          <
          /results>
          </AddAccessControlListsPerAccountPerGroupResponse>
          

JSON:

{
              "Id": "315ed648-da56-4713-98db-7d0a434a31f9",
              "Code": 0,
              "Message": null
          }

Add Account V3

The API method, “add_account_v3”, is used to register an AWS account with CloudCheckr. This method will return a unique ID, “cc_account_id”, to enhance security for the newly-created account. Customers can use “cc_account_id” for the parameter, “use_cc_account_id”, when making calls to the admin-level API.

  • The preferred HTTP method for this call is POST.
  • AWS secret keys typically contain special characters. To submit as a parameter on the URL, you must URL encode it. Click here for details.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
account_name string required; the name of the AWS account to register with CloudCheckr
user_name string optional; the name of the user that will have access to this account. If no user is specified, the first administrator of the account will be applied
aws_access_key string optional; the access key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account
aws_secret_key string optional; the secret key of the IAM user whose credentials will be used to connect CloudCheckr to your AWS account
account_tag string optional; the tag for the account to be used within a Multi-Account View (MAV)
emails list <string> optional; the email address(es) that will populate the account’s email settings and determine who receives the automated reports.

If this parameter is not used, the email address used when registering the CloudCheckr account will be populated in this field.
payer_use_account string optional; the name of the payer account
payee_aws_account_id string optional; the AWS account ID associated with the payee account
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*

You will only need to define one of the * parameters if you want the new account to be linked to a payer account; if you do not want to link a payer account, then none of the three * parameters are needed.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key


REQUEST EXAMPLE:

The Request Example uses the “cc_account_id” to show what the URL would look like if a customer needed a new account linked to a payer account.

curl -X POST \
               -- https://api.cloudcheckr.com/api/account.[json|xml]/add_account_v3?access_key=your_admin_access_key&use_cc_account_id=1234\
               -- header 'cache-control: no-cache' \
               -- header 'content-type: application/[json|xml]' \
               -- data '{
                  "account_name": "api added aws account",
              }

RESPONSE EXAMPLE:
XML:

<AddAccountV3Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <
          status>
             <account_status>Success</account_status>
             <cc_account_id>38</cc_account_id>
             <credential_status>No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.</credential_status>
             <role_account_id>352813966789</role_account_id>
             <cc_external_id>CC-69CFBFCA8BF21FA123BA566A6DAAB227</cc_external_id>
          </status>
          </AddAccountV3Response>

JSON:

{
             "account_status": "Success",
             "cc_account_id": 38,
             "credential_status": "No credentials given. Can use the following role_account_id and role_external_id to create cross-account role within AWS.",
             "role_account_id": "352813966789",
             "cc_external_id": "CC-69CFBFCA8BF21FA123BA566A6DAAB227"
          }
You can use the “role_account_id” and “cc_external_id” to create a role using the AWS Command Line Interface (CLI). See the Create Role topic in the AWS documentation for more information.

Add API Key

The API method, “add_api_key”, is used to create a new CloudCheckr API key for a specific account.

You cannot create admin-level API keys with this method.

The preferred HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_api_key?access_key=[access_key]&accounts=[account_name]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_api_key?access_key=[access_key]&accounts=[account_name]

INPUT PARAMETERS
This call accepts these parameters:

  • access_key (required) – standard access key required for all API calls.
  • accounts (required) – name(s) of the account(s) for which an API key is being created. Accepts multiple accounts.

OUTPUT
XML Example:

<AddApiKeyResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <CreationStatuses>
                  <string>
          Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]
          </string>
              </CreationStatuses>
          </AddApiKeyResponse>
          

JSON Example:

{
             "CreationStatuses": [
                "Created access key for Account: [ACCOUNT] Key: [ACCESS_KEY]"
             ]
          }

Add MAV Account

The API method, “add_mav_account”, is used to create a new Multi-View Account (MAV).

Important: This call can only be made using admin-level access keys.

The preferred HTTP method for this call is POST.

XML Call:

https://api.cloudcheckr.com/api/account.xml/add_mav_account?access_key=[access_key]&account_name=[account_name]

JSON Call:

https://api.cloudcheckr.com/api/account.json/add_mav_account?access_key=[access_key]&account_name=[account_name]

INPUT PARAMETERS
This call accepts these parameters:

  • access_key (required) – Admin-level access key required for all API calls.
  • account_name (required) – name of the new MAV account(s).
  • account_tags_to_set (optional) – comma-separated list of tags to apply to the MAV. The tag must exist.
  • for_all_accounts (optional) – true or false or 1 or 0 values. Same impact as having the “This Multi-Account View should include ALL ACCOUNTS” checked in the UI.

OUTPUT

XML & JSON Example:

{
"Code":200,
"Message":"OK"
}

Add Tag

The API method, “add_tag”, is used to create and enable an account-level tag and apply this tag to account(s), which you can use to build Multi-Account Views (MAVs).

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
tag_name string required; name of the account-level tag you are creating
account_name string required; name of the account where you are creating the tag
accounts string required; name of the accounts where you want to apply the tag
use_aws_account_id string *optional/required; the 12-digit AWS account ID
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

	https://api.cloudcheckr.com/api/account.[json|xml]/add_tag

REQUEST EXAMPLE:

curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_tag?access_key=your_admin_access_key&tag_name=my_tag_name& account_name=my_account_name&accounts=account 1, account 2&use_cc_account_id=1234' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"tag_name": Production Tag,
"account_name": Production Account,
"accounts": Prod 1, Prod 2
}'

RESPONSE EXAMPLE:

	{
"Code": 200,
"Message": "OK"
}

Add User

The API method, “add_user”, creates a new CloudCheckr user.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
email list <string> required; the email address of the new user
account_access list <string> required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s)
user_role string required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator
group string optional; the name of the group associated with the new user
cost_report boolean optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
blended_cost boolean optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
unblended_cost boolean optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
list_cost boolean optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
resource_utilization_reports boolean optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
trending_reports boolean optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
change_monitoring boolean optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
best_practices boolean optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
edit_emails boolean optional; identifies if the customer can modify email addresses associated with the user
all_access boolean optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y”
password string optional; sets the password for the new user
automation boolean optional; allows the new user to access the associated report
savings boolean optional; allows the new user to access the associated report
alerts boolean optional; allows the new user to access the associated report
inventory boolean optional; allows the new user to access the associated report
security boolean optional; allows the new user to access the associated report
account_notification boolean optional; allows the new user to receive notifications from any associated accounts
partner_tools boolean optional; allows the new user to access the partner tools
edit_partner_tools boolean optional; allows the new user to modify the configuration of the partner tools
see_api_keys boolean optional; makes the API key visible to the new user
auth_types boolean optional; allows the new user access to authorization types
use_default_provider boolean optional; allows the new user to use the default provider configuration
sso_provider string optional; indicates that the new user has an SSO association
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_user?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"auth_types": "saml",
"group": "g2",
"use_default_provider": "true",
"sso_provider": "PingOne"
}

RESPONSE EXAMPLE:
XML:

<AddUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: newUser@cloudcheckr.com</CreationStatuses>
          </AddUserResponse>
          

JSON:

{
              "CreationStatuses": [
                  "Created new user with email: newUser32i34i32ke@cloudcheckr.com"
              ]
          }

Add Users

The API method, “add_users”, creates multiple CloudCheckr users.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required, admin-level API key
email string required; the email address of the new user
account_access list <string> required; the name of the CloudCheckr account(s) the user can access; separate multiple account names by commas as shown in the example(s)
user_role string required; the level of access for the new user; accepts ReadonlyUser, BasicUser, BasicPlusUser, User, or Administrator
group string optional; the name of the group associated with the new user
cost_report boolean optional; defines whether the user can access the cost reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
blended_cost boolean optional; defines whether the user can view blended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
unblended_cost boolean optional; defines whether the user can view unblended costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
list_cost boolean optional; defines whether the user can view list costs within the cost reports; accepts “yes”, “1”, “y”, “no, “0”, or “n”
resource_utilization_reports boolean optional; defines whether the user can access the resource utilization reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
trending_reports boolean optional; defines whether the user can access the trending reports within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
change_monitoring boolean optional; defines whether the user can access the change monitoring report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
best_practices boolean optional; defines whether the user can access the best practice report within the account; accepts “yes”, “1”, “y”, “no, “0”, or “n”
edit_emails boolean optional; identifies if the customer can modify email addresses associated with the user
all_access boolean optional; if this set to true, the user will have access to all reports within the account and none of the other parameters listed below are required; accepts “yes”, “1”, or “y”
password string optional; sets the password for the new user
automation boolean optional; allows the new user to access the associated report
savings boolean optional; allows the new user to access the associated report
alerts boolean optional; allows the new user to access the associated report
inventory boolean optional; allows the new user to access the associated report
security boolean optional; allows the new user to access the associated report
account_notification boolean optional; allows the new user to receive notifications from any associated accounts
partner_tools boolean optional; allows the new user to access the partner tools
edit_partner_tools boolean optional; allows the new user to modify the configuration of the partner tools
see_api_keys boolean optional; makes the API key visible to the new user
auth_types boolean optional; allows the new user access to authorization types
use_default_provider boolean optional; allows the new user to use the default provider configuration
sso_provider string optional; indicates that the new user has an SSO association
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/add_users?access_key=your_admin_access_key&use_cc_account_id=1234\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"email": "newUser@cloudcheckr.com",
"account_access": "AWS Main",
"user_role": "user",
"cost_report": "no",
"group": "g2",
"use_default_provider": 'true",
"sso_provider": "PingOne"
}

RESPONSE EXAMPLE:
XML:

<AddUsersResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>
             <status>Created new user with email: newUser48f@cloudcheckr.com</status>
             <status>Created new user with email: newUserk39dk@cloudcheckr.com</status>
          </CreationStatuses>
          </AddUsersResponse>
          

JSON:

{
              "CreationStatuses": [
                  "Created new user with email: newUser48f@cloudcheckr.com@cloudcheckr.com",
                  "Created new user with email: newUserk39dk@cloudcheckr.com"
              ]
          }

Add User To Group

The API method, “add_user_to_group”, is used to add an existing CloudCheckr user to a new group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
group_id string required; unique identifier associated with the group
user_ids list <string> required; unique identifiers associated with the user(s) you add to the group
If you add multiple users in a group, the response will provide them in a comma-separated list.
use_aws_account_id string *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_account
  • use_cc_account_id
  • use_aws_account_id

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group

REQUEST EXAMPLE:

curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/add_user_to_group?access_key=[your_access_key]&use_cc_account_id=3&user_ids=[some values]&group_id=[some value]\ \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "e85446b9-8821-41a6-9558-7550756dd899",
"user_ids": [
"8B65E388-8A0B-4B5A-A12B-8B0325D0ABF4",
"683C1113-1FF0-4F8B-AA3D-9288D2ED615A"
]
}'

RESPONSE EXAMPLE:

XML:

<AddUserToGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</AddUserToGroupResponse>

JSON:

{
"Code": 200,
"Message": "OK"
}

Clone Group

The API method, “clone_group”, creates a copy of an existing group without the users.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; group ID
name string required; name
use_account string required; friendly name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/clone_group

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/clone_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)access_key": "someValHere",
"(required)group_id": "someValHere",
"(required)name": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Configure Custom Cost

The API method, "configure_custom_cost", is used to configure the custom cost settings for a CloudCheckr account.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
CostType string required; identifies if you want to build List cost based on Unblended or Blended costs
CustomCostRIAmortization string required; identifies how you want your upfront cost amortized
RetiredRIAmortization string optional; identifies if you chose to amortize until the expected end date, the revised end date, or if you chose premature amortization
RIUnsharing string required; identifies if you want to unshare your RIs
SelectedFamilies List string required; identifies the account families that you want to benefit from unsharing
EnforceEc2RIVolume boolean required; indicates if you adjusted any RI volume discounts to reflect any account family purchases
UncompressPricingTiers boolean required; identifies if you want to uncompress your pricing tiers across your consolidated billing families to provide more accurate custom costs
SPAllocation string optional; identifies if you chose to revert discounts from accounts that benefited inadvertently from Savings Plans and change the usage to On-Demand
use_aws_account_id string *optional/required; the 12-digit AWS account ID where the custom billing charge is applied (must be payer account)
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for

This is the same ID that the API returns when you make the call 'add_account_v3′ to register the account in CloudCheckr.

*Because this call requires an admin-level access key, you are required to add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

ENDPOINT URL:

https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost

JSON/XML CALL EXAMPLE:

curl --request POST \
--'https://api.cloudcheckr.com/api/billing.[json|xml]/configure_custom_cost?access_key=your_admin_access_key&use_cc_account_id=7'\
--header'cache-control: no-cache'\
--header'content-type: application/[json|xml]'\
--data'{
"CostType":"Unblended",
"CustomCostRIAmortization":"Disabled",
"RIUnsharing":"Disabled",
"EnforceEc2RIVolume":"false",
"UncompressPricingTiers":"false",
"SPAllocation":"Disabled",
"use_cc_account_id":"7"
}'

SUCCESSFUL JSON/XML RESPONSE:

{
"Code":"200",
"Message": "OK"
}

Copy User

The API method “copy user” is used to create a new CloudCheckr user with the exact permissions as an existing user.

IMPORTANT: This call can only be made using admin-level access keys.

The preferred HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]

JSON call:

https://api.cloudcheckr.com/api/account.json/copy_user?access_key=[access_key]&email_to_copy=[existing_user_email]&emails=[new_user_email]

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for this call.
  • email_to_copy (required) – The email address of the existing user.
  • emails (required) – The email address(es) of the new user(s).
  • use_account (required — either this field or ‘use_cc_account_id’) – The name of the AWS account within CloudCheckr.
  • use_cc_account_id (required — either this field or ‘use_account’) – The CloudCheckr ID number for the AWS account within the application.

You can also use this call to add multiple users at once. Simply include all of the emails required, separated by commas.

OUTPUT

XML Example:

<CopyUserResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance> <CreationStatuses>Created new user with email: mytest@mytest.me</CopyUserResponse>
          

JSON Example:

{
"CreationStatuses": [
"Created new user with email: mytest@mytest.me"
]
}

Delete Access Control List From Group

The API method, “delete_access_control_list_from_group”, is used to delete an access control list from a group.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; ID of the user group
acls list <string> required; access control lists (ACLs)
use_account string required/optional; friendly name of the account in CloudCheckr; must be a payer account in CloudCheckr*
use_cc_account_id string required/optional; unique account ID used in CloudCheckr; must be a payer account in CloudCheckr*
use_aws_account_id string required/optional; the 12-digit AWS account ID; must be a payer account in CloudCheckr*
One of the * parameters must be defined.

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_groupaccess_key=your_admin_access_key&use_account=AWS Main

REQUEST EXAMPLE:

curl -X POST \
-- https://api.cloudcheckr.com/api/account.[json|xml]/delete_access_control_list_from_group?access_key=your_admin_access_key&use_account=AWS Main\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"group_id": "315ED648-DA56-4713-98DB-7D0A434A31F9",
"acls": ["dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]16b586a1-4459-46e1-b348-8c24dd5cfb7f",
"dd82ecd7-c590-490f-9b3a-f22990a1b500[CC_Delimiter]e5c59d38-f3a1-4aac-aa48-a9823c1413ed"]
}

RESPONSE EXAMPLE:
XML:

<DeleteAccessControlListFromGroupResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <Status>
                <Code>200</Code>
                <Message>OK</Message>
             </Status>
          </DeleteAccessControlListFromGroupResponse>
          

JSON:

{
"Code": 200,
"Message": "OK"
}

Delete Account

The API method “delete_account” is used to remove an AWS account that has been registered with CloudCheckr.

IMPORTANT: This call can only be made using Admin-Level Access Keys.

The preferred HTTP method for this call is POST.

XML call:

https://api.cloudcheckr.com/api/account.xml/delete_account?access_key=[access_key]&account_name=MyAccountName

JSON call:

https://api.cloudcheckr.com/api/account.json/delete_account?access_key=[access_key]&account_name=MyAccountName

INPUT PARAMETERS

This call accepts these parameters:

  • access_key (required) – Admin-Level Access Key is required for this call.
  • account_name (required) – the name of the AWS account that will be removed from CloudCheckr.

OUTPUT

XML & JSON Example:

{
"Code":200,
"Message":"OK"
}

Delete Group

The API method, “delete_group”, is used to delete the group with the specified ID.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
group_id string required; group ID
email string required; email address of the user
user_id string required; user ID
use_account string required; friendly name of the account in the application
use_cc_account_id string required; account ID used in the application
use_aws_account_id string required; the 12-digit AWS account ID

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/delete_group

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_group?access_key=your_admin_access_key&use_cc_account_id=1234'\
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"(required)(admin level)access_key": "someValHere",
"(required)group_id": "someValHere",
"email": "someValHere",
"user_id": "someValHere",
"use_account": "someValHere",
"use_cc_account_id": "someValHere",
"use_aws_account_id": "someValHere",
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Delete Tag

The API method, “delete_tag”, is used to delete an account-level tag in Multi-Account Views. If you delete an account-level tag, it will impact any account that uses this tag to build its Multi-Account Views (MAVs).

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level API key
account_name string required; name of the account that contains the tag
account_tag string required; name of the account-level tag that will be deleted

ENDPOINT URL:

https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag

JSON/XML CALL EXAMPLE:

curl --request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/delete_tag?access_key=[access key]
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
'account_name': 'my account name',
'account_tag': 'my account tag'
}

SUCCESSFUL JSON/XML RESPONSE:

{
"Code": 200,
"Message": "OK"
}

Edit Account Email Settings V2

The API method, “edit_account_email_settings_v2”, allows you to identify what conditions will trigger an email notification, how often you want CloudCheckr to send these notifications, and who will receive these notifications.

The preferred HTTP method for this call is POST.

INPUT PARAMETERS:

Parameter Type Description
access_key string required; admin-level access key
emails string required; identifies the email address(es) of the notification recipients
If you have multiple recipients, separate each address with a comma.
alert_daily_billing boolean optional; select if you want CloudCheckr to send an alert email if your daily cost goes above a selected percentage of your threshold
alert_health_affected boolean optional; select if you want CloudCheckr to send an alert email if problems with AWS performance and/or services, such as outages, are affecting one or more of your resources
alert_health_all boolean optional; select if you want CloudCheckr to send an alert email if AWS performance and/or services is experiencing any problems such as outages
daily_bill_summary boolean optional; select if you want CloudCheckr to email a summary of your daily bill that includes highlights of any unusual activity
daily_best_practices boolean optional; select if you want CloudCheckr to send a daily email with the Best Practices recommendations that it discovers in your account
daily_bpc_importance_level boolean optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the daily Best Practices email
daily_bpc_type boolean optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the daily Best Practices email
change_monitoring boolean optional; select if you want CloudCheckr to send an email when it detects any changes in the Change Monitoring report
change_monitoring_aws_config boolean optional; select if you want CloudCheckr to send an email when it detects any changes in AWS Config
improperly_tagged_resources boolean optional; select if you want CloudCheckr to send an email when your resources break any tagging rules
automation boolean optional; select if you want CloudCheckr to send an email when an automation job finds or processes an item
self_healing boolean optional; select if you want CloudCheckr to send an email that reports on Self-Healing activity
daily_consolidated_bill_summary boolean optional; select you want CloudCheckr to send a daily email summary of the costs, credits, and the net bill of all your consolidated billing accounts
cloudtrail_summary boolean optional; select if you want CloudCheckr to send a daily email summary of the CloudTrail Event Counts filtered by the Top 10 users, event types, and failed event types
inventory_summary_report boolean optional; select if you want CloudCheckr to send a weekly email that lists two to three high-level statistics for each AWS service
ec2_trending_report boolean optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 configuration and usage
s3_summary_report boolean optional; select if you want CloudCheckr to send a weekly email that provides statistics on your S3 configuration and usage
ec2_resource_utilization_report boolean optional; select if you want CloudCheckr to send a weekly email that provides statistics on your EC2 CPU and network utilization
weekly_best_practices boolean optional; select if you want CloudCheckr to send a weekly email with the Best Practices recommendations that it discovers in your account
weekly_bpc_importance_level boolean optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the weekly Best Practices email
weekly_bpc_type boolean optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the weekly Best Practices email
monthly_bill_summary boolean optional; select if you want CloudCheckr to email a summary of your monthly bill that includes highlights of any unusual activity
monthly_consolidated_bill_summary boolean optional; select you want CloudCheckr to send a monthly email summary of the costs, credits, and the net bill of all your consolidated billing accounts
monthly_best_practices boolean optional; select if you want CloudCheckr to send a monthly email with the Best Practices recommendations that it discovers in your account
monthly_bpc_importance_level boolean optional; select if you want CloudCheckr to hide any Best Practice Importance Level indicators in the monthly Best Practices email
monthly_bpc_type boolean optional; select if you want CloudCheckr to hide any Best Practice Check Types indicators in the monthly Best Practices email
use_aws_account_id string *optional/required; the 12-digit AWS account ID for the CloudCheckr account you are making the call for
use_account string *optional/required; the name of the CloudCheckr account you are making the call for
use_cc_account_id string *optional/required; the CloudCheckr ID of the account you are making the call for
*Because this call requires an admin-level access key, you must add one of the following parameters to your request:
  • use_aws_account_id
  • use_account
  • use_cc_account_id

API CALL URL:

https://api.cloudcheckr.com/api/account.[json|xml]/edit_account_email_settings_v2
curl -- request POST \
-- 'https://api.cloudcheckr.com/api/account.[json|xml]/edit_account_email_settings_v2?access_key=your_admin_access_key&use_aws_account_id=123451050627&emails=email_addresses' \
-- header 'cache-control: no-cache' \
-- header 'content-type: application/[json|xml]' \
-- data '{
"emails": "this@mailbox.com,that@mailbox.com",
"use_aws_account_id": "123451050627"
}

RESPONSE EXAMPLES:

Result 200 OK (XML):

	<edit_account_email_settings_v2Response xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<status>
<Code>200</Code>
<Message>OK</Message>
</status>
</edit_account_email_settings_v2Response>

Result 200 OK (JSON):

	{
"Code": 200,
"Message": "OK"
}

Edit Account Name