CloudCheckr allows you to create User Groups and manage users and permissions at the group level. User Groups make managing permissions easier, especially for customers with hundreds or thousands of users. When creating Groups you can determine which accounts and reports are accessible by users within that group. Groups are an Admin-only feature, and can be accessed by clicking on the Settings link at the top of the app.
Note: A CloudCheckr User can only be a member of one User Group.
Creating a New Group
The Group configuration screen is located under the Settings selection at the top right portion of your screen.
You would start by creating a New Group
Within the New Group Menu, you then have the following options:
- Give your group a custom name.
- Grant access to either your set of standard AWS accounts in CloudCheckr, or your set of AWS Multi-Account Views in CloudCheckr. Both types of accounts can be added to the Group, they just need to be done in separate steps.
- Click ‘Add Account ACL’ (Access Control List) in order to designate permissions to any account and subset of reports within the specified account(s). See further explanation below.
- Choose any ‘Available Users’ and click the right arrows ‘>>’ to make them ‘Selected Users’
- Click ‘Create’.
The ‘Add Account ACL’ button gives you many options to customize access with your accounts, as explained below.
Within this menu, you have the following options:
- ‘Available AWS Accounts’ — choose any number of AWS accounts within CloudCheckr to configure access.
- Control access to each section of the CloudCheckr App via separate Access Control Tabs – within each of the tabbed sections, you can enable all reports by clicking ‘Select All’, or you can choose any subset of reports just selecting the ones you want your users to see.
The ‘Select All’ works on a per-tab basis, so you need to enable reports in every tab.
Currently, the reports enabled in this Account ACL section are complementary to the already-existing User Management screen. If you are adding Users who have already have permissions granted through User Management, these Account ACL permissions will not overwrite the existing permissions.
Let’s say you have Users who you want to have a specific CloudCheckr experience. You can limit their access to only seeing the Best Practices Report, Cost Reports, and List Cost functionality within those cost reports, as well as the ability to set up their own notification emails. You can accomplish that by selecting reports like this:
Under the ‘Generic’ tab you can select the Cost Types and ability to Edit Emails.
Under the ‘Settings’ tab you can also add Email Settings.
Under the ‘Cost’ tab you can select all the reports.