CloudCheckr CMx Frequently Asked Questions

Getting started in a new product can be daunting, but to help you out, we have compiled a list of Frequently Asked Questions (FAQs) that focus on CloudCheckr CMx.

Frequently Asked Questions

We have organized our FAQs by category. Click into a category and drill into the questions to view more information.


Sign in to a CloudCheckr region using one of the following new URLs and type your current username and password:


Legacy URL


US Production





Must be accessed using Single Sign On

Only administrators will have access to CloudCheckr CMx. Administrators must provide access permissions to all other users before they can log in to CloudCheckr CMx.

If you have an existing Azure or AWS account in the current CloudCheckr product, you don't need to do anything. We use your existing credentials to transfer your data and billing configuration into CloudCheckr CMx.

If you are adding or modifying existing accounts, please use the following guides:

Our Product Announcements and Release Notes webpage will provide updates on new functionality that we deliver during our incremental software releases.

The following functionality will become available in upcoming software releases:

  • Enhancements to the existing reports such as improved filtering, better drill-through features, and data export support.
  • Multi-cloud and cross-account reporting for AWS, Azure, and Google Cloud data.
  • A rules engine for the manipulation of the cost data similar to how List cost functions in our current CloudCheckr product.
  • Additional data source processing.
  • Full billing and invoicing functionality.
  • Performance improvements.

Yes! This release doesn't replace your access to the current UI and API. You can switch back and forth between the two UIs and compare them side-by-side.

The biggest improvements for our customers include:

  • A platform built from the ground up to be scalable and performant.
  • A modern design that is more visually appealing, which can scale across multiple device sizes.
  • A dynamic account hierarchy that brings organization to your account list by allowing up to 11 layers of account groupings.
  • An API-first model that ensures UI and API functionality remains consistent.



Improved Navigation

  • Improved search functionality
  • Account Switcher makes jumping from one account to another quick and painless
  • Reorganized menu and layout

Account Hierarchy

  • Organize accounts into groups for streamlined account management and scalable permissions
  • Apply attributes across accounts for automatic categorization
  • Group accounts easily into multi-account views (MAVs)

Role Based Access Control

  • Create roles that define a set of users, permissions, and accounts
  • Establish permission sets that serve as reusable templates of permissions
  • Align roles to the account hierarchy for at-scale user and account management

New Ingestion Engine + Cost Reporting

  • Ingests AWS Cost and Usage Report (CUR) data in a fraction of the amount of time
  • Offers robust, interactive cost reports and dashboards
  • Provides a Pivot Explorer feature, so you can create on-the-fly reporting and analysis

The topic, Get Started with CloudCheckr CMx, gives an overview of all of the new features and provides links to the topics specific to these features.

Yes. Using CloudCheckr CMx doesn’t impact your access to the reports and functionality that you’re familiar with in the current CloudCheckr product.

You can switch back and forth between the new reports and the current reports in the CloudCheckr CMx environment by toggling the in the Left Navigation pane. For some of the existing CloudCheckr features, like Custom reports and dashboards, you will need to access them from the Search bar rather than from the left navigation pane.

This initial release provides the foundation for our future CloudCheckr CMx strategy. Some of the enhancements we are working on include the following:

  • Account Management UX improvements: Simplifying account creation—providing more contextual information and making it easier to manage accounts within the new hierarchy
  • Account Credentialing: Improving the onboarding workflow when credentialing a new account in CloudCheckr
  • Customer (Partner) Management: Rolling out a new user experience for creating and managing customers and plans

Account Hierarchy

Click to learn more about the new account hierarchy.

Our new account hierarchy introduces the concept of account groups that create a parent-child folder structure which allows you to organize your accounts as you see fit. This organization simplifies navigation and user permissions.

  • Accounts: No change to accounts as you know them. These are the various cloud provider accounts that you have added to CloudCheckr.
  • Account Groups: As mentioned earlier, account groups are like folders for your accounts. You can use them to organize your accounts in a hierarchy—up to 11 levels deep—and administer access management at the group or account level using roles.
    An account can only exist in one parent folder, but a folder can contain multiple accounts from different cloud providers.
  • Multi-Account Views (MAVs): No change to MAVs as you know them. MAVs allow you to look at all the resources in multiple accounts through a single lens. You can tag individual accounts and designate tags in the MAV to identify the accounts you want to combine. With MAVs, you can create complex views across large sets of accounts and slice and dice data across multiple tags.

Use cases for organizing accounts may include:

  • Match a complex organizational structure by creating groups for various divisions, business units, reporting lines, and other categories
  • Align your account hierarchy by region and provider
  • Enable accounts from multiple cloud providers to exist in the same account group

The account hierarchy combines with the Role Based Access Control (RBAC) to streamline the administration of CloudCheckr CMx. After establishing a logical account hierarchy, you can apply user roles to accounts and account groups that exist at any level of the hierarchy.

Role Based Access Control (RBAC)

Click to learn more about how you can administer and manage access to CloudCheckr CMx.

RBAC is a method of managing user access based on the roles assigned to those users. This is a hub-and-spoke model, where the role object acts as the hub for all access management. Permissions, users, and accounts are all applied to the role, and the intersection of those objects determines who has access to what in the system.

To further simplify things, we have introduced the concept of permission sets to Cloudcheckr CMx access management. Permission sets are templates of permissions that you can apply as a group to roles instead of having to apply or remove individual permissions each time a role is created or modified.

  • Users: The actual end-users who received a username (email address) and password that allows them to log in to the application
  • Clients: Services that access the CloudCheckr CMx API to make a request and return a response or data based on that request
  • Roles: The collection of permissions that a user inherits which enable them to perform certain tasks or operations in the CloudCheckr CMx application
  • Permissions: The individual privileges in CloudCheckr CMx that allow any user with that permission to perform a function or task such as view cost alerts and manage account groups
  • Permission Sets: A collection of privileges that you can apply as a group to your CloudCheckr CMx roles. For example, you might have a View-Only permission set that includes all View-Only permissions

Roles allow you to organize your users based on similar access and job function. For example, all members of your finance team may exist in a singular role that grants each member access to cost and billing reports for all accounts. When a new team member joins, you can add them to the role so that they inherit the same entitlements as their peers.

RBAC allows you to organize your users and the account hierarchy allows you to organize your accounts. By marrying the two, you can broadly administer access management across your accounts and user base. While the goal is to standardize access management, you still can apply fine-grained entitlements when needed.

You don't need to recreate existing users or passwords. However, these users won't have access via the RBAC model until you assign them roles. Since this is a new permissions model, we recommend creating permission sets and roles that meet the access needs of your user base.

Our team is ready to help. If you’re not sure how best to define your user roles, please reach out to schedule a session to review.

Also, we won't migrate API access keys over from CloudCheckr since the client/secret key functionality in RBAC is more robust and secure.


Click to learn more about our API improvements and configurations.

The following are some enhancements you will see as part of CMx API:

  • A platform built from the ground up to be scalable and performant.
  • A new and improved documentation system built on
  • A more intuitive user experience—including search parameters, filtering, and ordering—that leverages the OData standard.
  • More consistent response formatting and pagination.
  • A dynamic account hierarchy brings organization to your account list by allowing up to 11 layers of account groupings.
  • An API-first model that ensures UI and API functionality remains consistent.

Account-related functionality includes:

  • Retrieve all Accounts, Account Groups, and MAVs.
  • Retrieve parents of Accounts, Account Groups, and children of Account Groups.
  • Update Accounts and Account Groups.
  • Create new Account Groups.
  • Delete Account Groups.
  • Move Accounts and Account Groups throughout the hierarchy.

How did we do?