Use the Access Control List

This topic shows you how to grant access to a user group using the Access Control List (ACL).

For the purposes of this procedure, we will use the New Group page for demonstration.

Procedure

  1. After you click New Group on the Groups page, the New Group page opens.
  2. Assuming you have provide a group name, go the Granted Access section.
  3. Click Add Account ACL.
    The Access Account-Acl dialog box opens.
    The options available on the screen will reflect the latest version in the software.

    Each tab identifies functionality and/or permissions that you can configure the user group to have access to.
    Click each for details on each tab.

    Permission Enables User Groups To...
    Allgress Access to the Allgress web page.

    Allgress is a third-party entity that partners with CloudCheckr.

    If access to the page is enabled, it will be visible from Settings > Partner Tools > Allgress.

    Edit Aws Iam Admin Users Edit the AWS IAM admin users.
    Edit CW Metrics Edit the CW metrics.
    Edit Save Filter Edit a saved filter.
    Spot Management Console Access to the Spot Management Console.

    Spot Management enables partners to optimize Spot Instance usage.

    If access to the page is enabled, it will be visible from Settings > Partner Tools > Spotinst.

    Edit Alerts Edit alerts.
    Edit Best Practice Edit best practice checks.
    Edit Emails Edit emails.
    Edit Tags Edit tags.
    Edit Api Edit API calls.
    Edit Cost View Edit the Cost view.
    Edit Partner Tools Edit the features available in Partner Tools.
    See Account Notifications View account notifications.
    Cost Types Access the selected cost type (list, blended, or unblended) in the new reports, notifications, and alerts.


    Permission Enables User Groups To...
    AMI Summary Access to the AMI Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Inventory > EC2 > AMI > Summary.

    Auto Scaling Summary Access to the Auto Scaling Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Inventory > EC2 > Auto Scaling > Summary.

    CloudFormation Summary Access to the CloudFormation report in CloudCheckr.

    If access to the report is enabled, it will be visible from Inventory > CloudFormation > Summary.

    Custom Report Builder Access to the Custom Report Builder in CloudCheckr.

    If access to the report is enabled, it will be visible from Inventory > Custom Reports > Custom Report Builder.

    Direct Connect Summary Access to the Direct Connect Summary report.

    If access to the page is enabled, it will be visible from Inventory > Direct Connect > Summary.

    EC2 History by Instance Access to the EC2 History by Instance report.

    If access to the page is enabled, it will be visible from Inventory > Trending > EC2 > History by Instance.

    EC2 Other Trending Access to the EC2 Other report.

    If access to the page is enabled, it will be visible from Inventory > Trending > EC2 > Other.

    Elastic Beanstalk Summary Access to the Elastic Beanstalk Summary report.

    If access to the page is enabled, it will be visible from Inventory > Elastic Beanstalk > Summary.

    Elastic IP Summary Access to the Elastic IP Summary report.

    If access to the page is enabled, it will be visible from Inventory > EC2 > Elastic IPs > Summary.

    Exclude Buckets Access to the Exclude Buckets report.

    If access to the page is enabled, it will be visible from Inventory > S3 > Exclude Buckets.

    Auto Scaling Groups Access to the Auto Scaling Groups report.

    If access to the page is enabled, it will be visible from Inventory > Trending > EC2 > Auto Scaling > Groups.

    AWS Support Case Summary Access to the AWS Support Case report.

    If access to the page is enabled, it will be visible from Inventory > Support Cases > Summary.

    CloudFront Summary Access to the CloudFront Summary report.

    If access to the page is enabled, it will be visible from Inventory > CloudFront > Summary.

    CloudWatch Alarm Summary Access to the CloudWatch Alarm Summary report.

    If access to the page is enabled, it will be visible from Inventory > CloudWatch Alarm > Summary.

    Custom Reports Access to the Custom reports.

    If access to the page is enabled, it will be visible from Inventory > Custom Reports.

    DynamoDB Summary Access to the DynamoDB Summary report.

    If access to the page is enabled, it will be visible from Inventory > DynamoDB > Summary.

    EC2 History by Time Access to the EC2 History by Time report.

    If access to the page is enabled, it will be visible from Inventory > Trending > EC2 > History by Time.

    EC2 Summary Access to the EC2 Summary report.

    If access to the page is enabled, it will be visible from Inventory > EC2 > EC2 Summary.

    Elastic Container Service (ECS) Summary Access to the Elastic Container Service (ECS) Summary report.

    If access to the page is enabled, it will be visible from Inventory > Elastic Container Service > Summary.

    Glacier Summary Access to the Glacier Summary report.

    If access to the page is enabled, it will be visible from Inventory > Glacier > Summary.

    Auto Scaling Launch Configurations Access to the Auto Scaling Launch Configurations report.

    If access to the page is enabled, it will be visible from Inventory > EC2 > Auto Scaling > Launch Configurations.

    Certificate Manager (ACM) Summary Access to the Certificate Manager report.

    If access to the page is enabled, it will be visible from Inventory > Certificate Manager > Summary.

    CloudHSM Summary Access to the CloudHSM Summary report.

    If access to the page is enabled, it will be visible from Inventory > CloudHSM Summary > Summary.

    Cognito User Pool Summary Access to the Cognito User Pool Summary report.

    If access to the page is enabled, it will be visible from Inventory > Cognito > User Pool Summary.

    Data Pipeline Access to the Data Pipeline report.

    If access to the page is enabled, it will be visible from Inventory > Data Pipeline > Summary.

    EBS Summary Access to the EBS Summary report.

    If access to the page is enabled, it will be visible from Inventory > EC2 > EBS > Summary.

    EC2 Instance Trending Access to the EC2 Instance Trending reports.

    If access to the page is enabled, it will be visible from Inventory > Trending > EC2.

    EC2 System Manager System Instance Summary Access to the EC2 Systems Manager Instance Summary report.

    If access to the page is enabled, it will be visible from Inventory > EC2 > Systems Manager > Summary.

    Elastic File Systems Summary Access to the Elastic File Systems (EFS) Summary report.

    If access to the page is enabled, it will be visible from Inventory > EFS > Summary.

    ElastiCache Summary Access to the ElastiCache Summary report.

    If access to the page is enabled, it will be visible from Inventory > ElastiCache > Summary.

    Glacier Trending Access to the Glacier Trending report.

    If access to the page is enabled, it will be visible from Inventory > Trending > Glacier.



    Permission Enables User Groups To...
    Cost Savings Access to the Cost Savings report in CloudCheckr.

    If access to the report is enabled, it will be visible from Savings in the left navigation pane.



    Permission Enables User Groups To...
    Best Practices Access to the Best Practices report in CloudCheckr.

    If access to the report is enabled, it will be visible from Best Practices in the left navigation pane.



    Permission Enables User Groups To...
    Account Families Access to the Account Families page in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Partner Tools > Configure > Account Families in the left navigation pane.

    Assign Credits Access to the Assign Credits feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Partner Tools > Configure > Assign Credits in the left navigation pane.

    AWS Partner Monthly Summary AWS Partner Monthly Summary page in CloudCheckr.

    If access to the report is enabled, it will be visible Cost > Partner Tools > Report > Summary by Month in the left navigation pane.

    Billing Family Overview Access to the Billing Family feature in CloudCheckr.
    Common Searches Access to the Common Searches feature in CloudCheckr.

    If access to the report is enabled, it will be visible Cost > AWS Billing > Custom Reporting > Common Searches in the left navigation pane.

    Cost View Access to the Cost Views feature in CloudCheckr.

    If access to the report is enabled, it will be visible Cost > AWS Billing > Custom Reporting >Cost Views in the left navigation pane.

    Custom Credit Memos Access to the Custom Credit Memos feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Partner Tools > Configure > Custom Credit Memos in the left navigation pane.

    Detailed Billing Report Summarization Access to the Detailed Billing Report Summarization feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > DBR > Summarization in the left navigation pane.

    DynamoDB Reserved Capacity Purchase Recommendations Access to the DynamoDB Reserved Capacity Purchase Recommendations feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage> Inventory > DynamoDB > List of Reserved Capacity in the left navigation pane.

    EC2 Cost Comparison Details Access to the EC2 Cost Comparison Details report in CloudCheckr.
    EC2 Cost Summary Access to the EC2 Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis> EC2 > Summary in the left navigation pane.

    EC2 Cost Warnings (Static View) Access to the EC2 Cost Warnings (Static View) in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost >Spend Analysis > EC2 > Static Warning in the left navigation pane.

    EC2 RI Purchase Recommendations (by Instance) Access to the C2 RI Purchase Recommendations (by Instance) in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost >Reserved Usage > Recommendations > EC2 > Purchase (by Instance) in the left navigation pane.

    Advanced Filtering (w/ tags) Access to the Advanced Filtering feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Custom Reporting > Advanced Filtering in the left navigation pane.

    AWS Bill Invoice Generator Access to the AWS Bill Invoice Generator in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Partner Tools > Report > Generate Invoices in the left navigation pane.

    Billing & Cost Forecast Management Dashboard Access to the Billing & Cost Forecast Management dashboard in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Dashboard in the left navigation pane.

    CloudFront Cost Details Access to the CloudFront Cost Details feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > CloudFront > Details in the left navigation pane.

    Configure Custom Cost Access to the Configure Custom Cost report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Configure Custom Cost in the left navigation pane.

    Custom Billing Charges Access to the Custom Billing Charges report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Custom Billing Charges in the left navigation pane.

    Custom Fee Based On On-Demand Cost Access to the Custom Fee Based On On-Demand Cost report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Custom Fee Based On On-Demand Cost in the left navigation pane.

    DynamoDB Cost Details Access to the DynamoDB Cost Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > DynamoDB > Details in the left navigation pane.

    DynamoDB Reserved Capacity Unit Summary Access to the DynamoDB Reserved Capacity Unit Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > DynamoDB > Summary in the left navigation pane.

    EC2 Cost Comparison Summary Access to the EC2 Cost Comparison Summary report in CloudCheckr.
    EC2 Cost Summary (Static View) Access to the C2 Cost Summary (Static View) report in CloudCheckr.
    EC2 Reserved Instance Summary Access to the EC2 Reserved Instance Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > EC2 > Summary in the left navigation pane.

    ElastiCache Cost Comparison Details Access to the ElastiCache Cost Comparison Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > ElastiCache > Comparison Details in the left navigation pane.

    ElastiCache Cost Summary Access to the ElastiCache Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > ElastiCache > Summary in the left navigation pane.

    ElastiCache Reserved Node Summary Access to the ElastiCache Reserved Node Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > ElastiCache > List of Reserved Nodes in the left navigation pane.

    Glacier Cost Summary Access to the Glacier Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > Glacier > Summary in the left navigation pane.

    Improperly Tagged Resources Access to the Improperly Tagged Resources report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Tags (from Detailed Billing) > Improperly Tagged Resources in the left navigation pane.

    List of EC2 Reserved Instances Access to the list of EC2 Reserved Instances feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > EC2 > List of Reserved Instances in the left navigation pane.

    List of Redshift Reserved Nodes Access to the list of Redshift Reserved Nodes feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > Redshift> List of Reserved Nodes in the left navigation pane.

    Marketplace Cost Summary Access to the Marketplace Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > Marketplace > Summary in the left navigation pane.

    Profit Analysis Access to the Profit Analysis report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Partner Tools > Report > Profit Analysis in the left navigation pane.

    RDS Cost Details Access to the RDS Cost Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > RDS > Details in the left navigation pane.

    RDS Cost Utilization (Static View) Access to the RDS Cost Utilization (Static View) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > RDS > Static Utilization in the left navigation pane.

    Redshift Cost Comparison Details Access to the Redshift Cost Comparison Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > Redshift > Details in the left navigation pane.

    Redshift Cost Summary Access to the Redshift Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > Redshift > Summary in the left navigation pane.

    Reserved Instance Mapping Access to the Reserved Instance Mapping report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Reserved Instance Mapping in the left navigation pane.

    Retired RDS Reserved DB Instances Access to the Retired RDS Reserved DB Instances report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Retired RDS Reserved DB Instances in the left navigation pane.

    S3 Cost Summary (Static View) Access to the S3 Cost Summary (Static View) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > S3 > Static Summary in the left navigation pane.

    S3 Storage Cost/Usage Access to the S3 Storage Cost/Usage report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > S3 > Storage Cost/Usage in the left navigation pane.

    Single Month Billing Summary Access to the Single Month Billing Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost >AWS Billing > Summary Reports > Monthly in the left navigation pane.

    Tag Parse Mapping Access to the Tag Parse Mapping feature in CloudCheckr.
    Workspaces Cost Summary Access to the Workspaces Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spending Analysis > Workspaces > Summary in the left navigation pane.

    Advanced Grouping (w/ tags) Access to the Advanced Grouping report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Custom Reporting > Advanced Grouping in the left navigation pane.

    AWS Credits Summary Access to the AWS Credits Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Other Features > AWS Credits Summary in the left navigation pane.

    Billing Cost Changes Access to the Billing Cost Changes report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Custom Reporting > Cost Changes in the left navigation pane.

    CloudFront Cost Summary Access to the CloudFront Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > CloudFront > Summary in the left navigation pane.

    Consolidated Billing Summary Access to the Consolidated Billing Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Summary Reports > Consolidated in the left navigation pane.

    Custom Charge Per Instance Access to the Custom Charge Per Instance report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Custom Charge Per Instance in the left navigation pane.

    Custom Usage Rates Access to the Custom Usage Rates report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Partner Tools > Configure > Custom Usage Rates in the left navigation pane.

    DynamoDB Cost Summary Access to the DynamoDB Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > DynamoDB > Summary in the left navigation pane.

    DynamoDB Reserved Usage Access to the DynamoDB Reserved Usage report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > DynamoDB > Reserved Usage in the left navigation pane.

    EC2 Cost Details Access to the EC2 Cost Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > EC2 > Details in the left navigation pane.

    EC2 Cost Utilization (Static View) Access to the EC2 Cost Utilization (Static View) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > EC2 > Static Utilization in the left navigation pane.

    EC2 RI Purchase Recommendations (by Frequency) Access to the EC2 RI Purchase Recommendations (by Frequency) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > EC2 > Purchase (by Frequency) in the left navigation pane.

    ElastiCache Cost Comparison Summary Access to the ElastiCache Cost Comparison Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > ElastiCache > Comparison Details in the left navigation pane.

    ElastiCache Cost Utilization (Static View) Access to the ElastiCache Cost Utilization (Static View) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > ElastiCache > Static Utilization in the left navigation pane.

    Export Detailed Billing Report Access to the Export Detailed Billing Report report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > AWS Billing > Other Features > Export DBR in the left navigation pane.

    Glacier Cost Summary (Static View) Access to the Glacier Cost Summary (Static View) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > Glacier > Static Summary in the left navigation pane.

    List of DynamoDB Reserved Capacity Units Access to the list of DynamoDB Reserved Capacity Units in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > DynamoDB > Summary in the left navigation pane.

    List of ElastiCache Reserved Nodes Access to the ElastiCache Reserved Nodes report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > ElastiCache > List of Reserved Nodes in the left navigation pane.

    Lookup Resources Access to the Lookup Resources feature in CloudCheckr.
    Mass Tagging Access to the Mass Tagging feature in CloudCheckr.
    RDS Cost Comparison Details Access to the RDS Cost Comparison Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > RDS > Comparison Detail in the left navigation pane.

    RDS Cost Summary Access to the RDS Cost Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > RDS > Comparison Summary in the left navigation pane.

    RDS Reserved DB Instance Summary Access to the RDS Reserved DB Instance Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Inventory > RDS > Summary in the left navigation pane.

    Redshift Cost Comparison Summary Access to the Redshift Cost Comparison Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > Redshift > Summary in the left navigation pane.

    Redshift Reserved Node Purchase Recommendations Access to the Redshift Reserved Node Purchase Recommendations report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Recommendations > Redshift > Purchase in the left navigation pane.

    Reserved Instances Historical Savings Access to the Reserved Instances Historical Savings report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > RI Historical Savings in the left navigation pane.

    RI Upfront Cost Amortization Access to the RI Upfront Cost Amortization report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Reserved Usage > Amortization in the left navigation pane.

    S3 Cost Warnings (Static View) Access to the S3 Cost Warnings (Static View) report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Spend Analysis > S3 > Static Summary in the left navigation pane.

    Search Tags Access to the Search Tags feature in CloudCheckr.
    Tag Mapping Access to the Tag Mapping feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Tags (from Detailed Billing) > Tag Mapping in the left navigation pane.

    Tagging Rules Access to the Tagging Rules report in CloudCheckr.

    If access to the report is enabled, it will be visible from Cost > Tags (from Detailed Billing) > Tagging Rules in the left navigation pane.



    Permission Enables User Groups To...
    AWS Config Common Searches Access to the AWS Config Common Searches feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > Summary in the left navigation pane.

    AWS Config Snapshots Access to the AWS Config Snapshots feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > Configuration Snapshot in the left navigation pane.

    CloudTrail Common Searches Access to the CloudTrail Common Searches feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > AWS API (CloudTrail) > Common Searches in the left navigation pane.

    CloudTrail Summary Access to the CloudTrail Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > AWS API (CloudTrail) > Summary in the left navigation pane.

    CloudWatch Logs Setup Access to the CloudWatch Logs Setup feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > OS Logs (CloudWatch Logs) > Setup in the left navigation pane.

    DB Security Groups Summary Access to the DB Security Groups Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > RDS > Summary in the left navigation pane.

    ElastiCache Security Group Summary Access to the ElastiCache Security Group Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > ElastiCache > Summary in the left navigation pane.

    List of Customer Gateways Access to the list of Customer Gateways in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Customer Gateways > List of Gateways in the left navigation pane.

    List of EC2-Classic Security Groups Access to the list of EC2-Classic Security Groups in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > EC2-Classic > List of EC2-Classic Security Groups in the left navigation pane.

    List of Endpoints Access to the List of Endpoints report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Endpoints > List of Endpoints in the left navigation pane.

    List of NAT Gateways Access to the List of NAT Gateways report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > NAT Gateways > List of NAT Gateways in the left navigation pane.

    List of Redshift Security Groups Access to the Redshift Security Groups report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > Redshift > List of Redshift Security Groups in the left navigation pane.

    List of Trails Access to the List of Trails report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > AWS API (CloudTrail) > List of Trails in the left navigation pane.

    List of VPN Connections Access to the List of VPN Connections report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > VPN Connections > Summary in the left navigation pane.

    Network ACL Common Searches Access to the Network ACL Common Searches report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Network ACLs > List of Network ACLs in the left navigation pane.

    Perimeter Assessment Access to the Perimeter Assessment report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Perimeter Assessment in the left navigation pane.

    S3 Encryption Details Access to the S3 Encryption Details report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Encryption > S3 in the left navigation pane.

    Security Permissions Access to the Security Permissions report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Permissions > S3 in the left navigation pane.

    VPC Flow Logs - Summary Access to the VPC Flow Logs - Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Network (VPC Flow Logs) > Summary in the left navigation pane.

    VPN Connections Summary Access to the VPN Connections Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > VPN Connections > Summary in the left navigation pane.

    AWS Config Configuration History Access to the AWS Config Configuration History report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > Configuration History in the left navigation pane.

    AWS Config Summary Access to the AWS Config Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > Summary in the left navigation pane.

    CloudTrail Events Access to the CloudTrail Events report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > OS Logs (CloudWatch Logs) in the left navigation pane.

    CloudWatch Logs - Define Events Access to the CloudWatch Logs - Define Events report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > OS Logs (CloudWatch Logs) > Define Events in the left navigation pane.

    CloudWatch Logs Summary Access to the CloudWatch Logs Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > OS Logs (CloudWatch Logs) > Define Events in the left navigation pane.

    EC2-Classic Security Group Summary Access to the EC2-Classic Security Group Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > EC2-Classic > Summary in the left navigation pane.

    Internet Gateways Summary Access to the Internet Gateways Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Internet Gateways > Summary in the left navigation pane.

    List of DB Security Groups Access to the List of DB Security Groups report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > RDS > Summary in the left navigation pane.

    List of EC2-VPC Security Groups Access to the List of EC2-VPC Security Groups report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > EC2-VPC > List of EC2-VPC Security Groups in the left navigation pane.

    List of IAM Admin Users Access to the list of IAM Admin Users in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > IAM Admin Users in the left navigation pane.

    List of Network ACLs Access to the list of Network ACLs in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Network ACLs > List of Network ACLs in the left navigation pane.

    List of Route Tables Access to the list of Route Tables in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Route Tables > List of Tables in the left navigation pane.

    List of VPC Resources Access to the list of VPC Resources in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Route Tables > List of Tables in the left navigation pane.

    List of VPN Resources Access to the list of VPN Resources in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > VPN Connections > List of Connections in the left navigation pane.

    Network ACL Summary Access to the Network ACL Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Network ACLs > Summary in the left navigation pane.

    Redshift Security Group Summary Access to the Redshift Security Group Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Redshift > Summary in the left navigation pane.

    Security Group Common Searches Access to the Security Group Common Searches feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > Common Searches in the left navigation pane.

    Subnets Summary Access to the Subnets Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Subnets > Summary in the left navigation pane.

    VPC Flow Logs - Events Access to the VPC Flow Logs - Events report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Network (VPC Flow Logs) > View Results in the left navigation pane.

    VPC Summary Access to the VPC Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Summary in the left navigation pane.

    VPN Gateways Summary Access to the VPN Gateways Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Virtual Private Gateways > List of VPN Gateways in the left navigation pane.

    AWS Config Resource Changes Access to the AWS Config Resource Changes report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > Resource Changes in the left navigation pane.

    Change Monitoring Access to the Change Monitoring report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Change Monitoring in the left navigation pane.

    CloudTrail Setup Access to the CloudTrail Setup feature in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Activity AWS API (CloudTrail) > Setup in the left navigation pane.

    CloudWatch Logs - View Results Access to the CloudWatch Logs - View Results report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > OS Logs (CloudWatch Logs) > View Results in the left navigation pane.

    Customer Gateways Summary Access to the Customer Gateways Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Customer Gateways > Summary in the left navigation pane.

    EC2-VPC Security Group Summary Access to the EC2-VPC Security Group Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > EC2-VPC > Summary in the left navigation pane.

    List of Configuration Recorders Access to the List of Configuration Recorders report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > List of Recorders in the left navigation pane.

    List of Delivery Channels Access to the List of Delivery Channels report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Resources (AWS Config) > List of Delivery Channels in the left navigation pane.

    List of ElastiCache Security Groups Access to the List of ElastiCache Security Groups report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > ElastiCache > List of ElastiCache Security Groups in the left navigation pane.

    List of Internet Gateways Access to the List of Internet Gateways report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > VPC > Internet Gateways > List of Internet Gateways in the left navigation pane.

    List of Peering Connections Access to the List of Peering Connections report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > VPC > Peering Connections > List of Peering Connections in the left navigation pane.

    List of Subnets Access to the List of Subnets report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Subnets > List of Subnets in the left navigation pane.

    List of VPCs Access to the List of VPCs report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > List of VPCs in the left navigation pane.

    NAT Gateways Summary Access to the NAT Gateways Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > NAT Gateways > Summary in the left navigation pane.

    Peering Connection Summary Access to the Peering Connection Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Peering Connections > Summary in the left navigation pane.

    Route Tables Summary Access to the Route Tables Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Route Tables > Summary in the left navigation pane.

    Security Group Visualization Access to the Security Group Visualization report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > Security Groups > Visualization in the left navigation pane.

    VPC Endpoints Summary Access to the VPC Endpoints Summary report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Endpoints > Summary in the left navigation pane.

    VPC Flow Logs - Setup Access to the VPC Flow Logs - Setup report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Activity Monitoring > Network (VPC Flow Logs) > Setup in the left navigation pane.

    VPC Traffic Analysis Access to the VPC Traffic Analysis report in CloudCheckr.

    If access to the report is enabled, it will be visible from Security > Secure Configuration > VPC > Traffic Analysis in the left navigation pane.



    Permission

    Enables User Groups To…

    CIS Benchmark

    Access the CIS Benchmark page.

    Total Compliance

    Access the Total Compliance page.



    Permission

    Enables User Groups To…

    CloudWatch Custom Metrics

    Access the CloudWatch Custom Metrics page.

    CloudWatch Historical Export

    Access the CloudWatch Historical Export page.

    DynamoDB Right Sizing

    Access the DynamoDB Right Sizing page.

    DynamoDB Utilization Heat Map

    Access the DynamoDB Utilization Heat Map page.

    EBS Utilization Heat Map

    Access the EBS Utilization Heat Map page.

    EC2 CPU Utilization Heat Map

    Access the EC2 CPU Utilization Heat Map page.

    EC2 Instance Right Sizing Report

    Access the EC2 Instance Right Sizing Report page.

    EC2 Load Balancer Utilization Heat Map

    Access the EC2 Load Balancer Utilization Heat Map page.

    ElastiCache Utilization Heat Map

    Access the ElastiCache Utilization Heat Map page.

    Idle EC2 Instances

    Access the Idle EC2 Instances page.

    Monthly Average CPU Utilization

    Access the Monthly Average CPU Utilization page.

    Network Utilization Heat Map

    Access the Network Utilization Heat Map page.

    RDS Utilization Heat Map

    Access the RDS Utilization Heat Map page.

    Redshift Utilization Heat Map

    Access the Redshift Utilization Heat Map page.

    Resource Utilization Details (EBS)

    Access the RDS Utilization Details (EBS) page.

    Resource Utilization Details (EC2)

    Access the RDS Utilization Details (EC2) page.

    Resource Utilization Details (RDS)

    Access the Resource Utilization Details (RDS) page.

    Resource Utilization Details (Redshift)

    Access the Resource Utilization Details (Redshift) page.

    Resource Utilization Summary (EBS)

    Access the Resource Utilization Summary (EBS) page.

    Resource Utilization Summary (EC2)

    Access the Resource Utilization Summary (EC2) page.

    Resource Utilization Summary (ElastiCache)

    Access the Resource Utilization Summary (ElastiCache) page.

    Resource Utilization Summary (Network)

    Access the Resource Utilization Summary (Network) page.

    Resource Utilization Summary (RDS)

    Access the Resource Utilization Summary (RDS) page.

    Resource Utilization Summary (Redshift)

    Access the Resource Utilization Summary (Redshift) page.


    Permission

    Enables User Groups To…

    Admin Workflow

    Access the Admin Workflow page.

    All Automation Tasks

    Access all tasks related to Automation.

    Open Workflow

    Access the Open Workflows tab under Automation > Workflows.

    Setup Automation

    Access the Setup Automation page.



    Permission

    Enables User Groups To…

    Alert Manager (CloudTrail)

    Access the CloudTrail Alert Manager page.

    Alert Manager (Cost)

    Access the Cost Alert Manager page.

    Alert Manager (Resources)

    Access the Resources Alert Manager page.

    Alert Manager (Utilization)

    Access the Utilization Alert Manager page.

    Alert Results (CloudTrail)

    Access the CloudTrail Alert Results page.

    Alert Results (Cost)

    Access the Cost Alert Results page.

    Alert Results (Resources)

    Access the Resources Alert Results page.

    Alert Results (Utilization)

    Access the Utilization Alert Results page.




    Permission

    Enables User Groups To…

    Account Name

    Modify the Account Name.

    Account-Level Tags

    Create or modify Account-Level Tags.

    Allgress

    Access the Allgress web page.

    API Access Keys

    Access the API Access Keys page.

    AWS Credentials

    Access the AWS Credentials page.

    CloudCheckr App for Splunk

    Access the CloudCheckr App for Splunk page.

    Configurations

    Access the Integration Configurations page.

    Cost and Usage Report

    Access the Cost and Usage Report Configuration page.

    Detailed Billing Bucket

    Access the Detailed Billing Bucket Configuration page.

    EC2 Tags for Dashboard

    Access the Edit EC2 Tags for Dashboard page.

    Email Settings

    Access the Email Configuration page.

    Extension for AppDynamics

    Access the Extension for AppDynamics Configuration page.

    Extension for Datadog

    Access the Extension for Datadog Configuration page.

    Extension for Vistara

    Access the Extension for Vistara Configuration page.

    Plugin for New Relic

    Access the Plugin for New Relic Configuration page.

    Service Limits

    Access the AWS Service Limits Notification Configuration page.

    Spot Management

    Access the Spot Management Configuration page.

  4. Select the checkbox(es) in each tab that corresponds to the functionality or permissions that you want the group to have access to.
  5. Click OK to return to the New Group page.


How did we do?