Important:The tenant management function is only available to customers with an agency agreement.
If you would like to use this service, please contact us via our Helpdesk.
The AWS account monitored by AppKeeper is linked to the management unit called "tenant" to provide a "group" functionality. Group is a management unit that unites multiple tenants. Also, one user can operate on multiple AWS accounts by joining multiple tenants.
Group users manage their tenants through a dedicated Group dashboard.
Tenant users configure and operate within the tenant through a dedicated Tenant dashboard.
Tenant Management Use Cases
The tenant management functionality gives users the following management capabilities.
- A company uses AppKeeper for its end users can create a group
- The company creates a tenant for each end user company
- A management department (e.g. IT) in the company creates a group
- It creates a tenant for each department within the company
Tenant Management Function Details
Create one tenant for each AWS account.
Users can operate and view information on the tenant's AWS account by belonging to the tenant. Users who belong to a tenant are called tenant users. Users may belong to multiple tenants.
Operations allowed for tenant users on the AWS account for the tenant are based on the roles. There are three roles for tenant users; "Administrator," "Operator" and "Viewer."
See below table for relationship between roles and allowed operations for tenant users.
|Obtain the AppKeeper’s monitoring status||✓||✓||✓||Obtain AppKeeper 's monitoring status|
|Start/Stop AppKeeper||✓||✓||Start/Stop AppKeeper|
|Assign Webhooks to tenants||✓||✓||(Currently not available) link Webhook items for event notification to tenants|
|View event information||✓||✓||✓||View events'(recovery and detection) history|
|View instance information||✓||✓||✓||View instances' information(*)
* Monitoring status, monitoring settings, failure behavior settings, and service detection results
|Change the instance configuration||✓||✓||Change the instance configuration(*)
* failure behavior settings
|Access to Zendesk with SSO||✓||✓||✓||Access to Support Helpdesk|
|Execute command for services||✓||✓||Execute APIs for services|
|View service information||✓||✓||✓||View service information(*)
* List of services and whether the service is monitored or not
|Change the service configuration||✓||✓||Change the service configuration|
|Delete users from a tenant||✓||Delete users from a tenant|
|Add users to a tenant||✓||Add users to a tenant|
|View Webhooks Registered To Tenants||✓||✓||✓||(Currently not available) View list of Webhook URLs linked to tenant|
|View Tenant Alert Information||✓||✓||✓||View the IAM Role configuration errors that are occurring in the tenant|
|View tenant information||✓||✓||✓||View tenant information(*)
* AWS account IDs group ID, IAM role name, monitoring settings for newly discovered instances, and settings for failure log
|Change the tenant configuration||✓||✓||
Change tenant configuration(*)
* IAM role name,
|Update Tenant||✓||✓||Update Tenant configuration(*)
* IAM role name,
monitoring settings for newly discovered instances, and settings for failure log
|Delete Tenants||✓||Reservation of tenant cancellation|
|View tenant user information||✓||✓||✓||View tenant user information(*)
* Username in Cognito, AppKeeper roles, email address and last login date
|Change user roles||✓||Change user roles|
|Detect resources||✓||✓||✓||Detect resources|
|Change user information||✓||
Change user information(*)
* name, company name and address
|Obtain user information||✓||✓||✓||Obtain user information(*)
* Price Plan, Name/Company Name, Address, PaymentId, Trial Period End Date, Date of Retirement
|Create Payment Information||✓||Create Payment Information|
|View Payment Information||✓||View billing address, credit card information, and other registered payment information|
|Delete Payment Information||✓||Delete Payment Information|
|Update Payment Method||✓||Invoice: Change the billing address for the payment method
Credit card: Change the registered e-mail address.
|Change the plan||✓||Change pricing plan|
|Obtain current usage information (time used)||✓||✓||✓||View the time of use for a given month|
|View Invoice History||✓||✓||✓||Obtain historical bills and usage|
|Change the notification settings||✓||✓||Register a contact for failure notification,
Change Notification Timing
and Delete contacts for notification
|View the notification settings||✓||✓||✓||View List of email addresses registered to be notified in the event of a failure and Setting for Notification Timing|
|Download Failure Information||✓||✓||✓||Download Failure Logs|
The operations above may be restricted based on the group user described later.
A group collectively manages multiple tenants.
Users in the group (group users) can perform the following tasks:
- Operations for all the tenants in the group
- Add/delete tenants
- Add/delete users to their group
- Change user roles of their group
Operations allowed for group users are determined based on their roles. Group users have three roles; “Administrator,” “Operator” and “Viewer.”
Group user roles and allowed operations are described in the table below.
|View a tenant which a group belongs to||✓||✓||✓||View a tenant which a group belongs to|
|Create a new tenant||✓||✓||Create a new tenant|
|Change the highest role level for tenant users||✓||✓||Change the highest role level for tenant users|
|View the highest role level for tenant users||✓||✓||✓||View the highest role level for tenant users|
|Change privileges allowed for tenants||✓||✓||Change privileges settings for each operation|
|View privileges allowed for tenants||✓||✓||✓||View privileges settings for each operation|
|Register a new group user||✓||Register a new group user|
|View the information on group users||✓||✓||✓||View the email addresses and roles of group users|
|Delete a group user||✓||Delete a group user|
|Change group user roles||✓||Change group user roles|
|View Webhooks||✓||✓||✓||(Currently not available) Get a list of registered webhooks|
|Add URLs of Webhooks||✓||✓||(Currently not available) Add URLs of Webhooks|
- Setting a “Permission” for each tenant for operations
You can delete permission of roles for each tenant by operation.
For instance, a user who is assigned the "Administrator" role for a tenant has a permission to execute the operation "create a new tenant" by default, but a group user can change this permission to "not-authorized" for this operation. The tenant user who is set as “Permission” cannot “create a new tenant” even if “Administrator” role is assigned.
- Configure the Upper limit Role allowed for tenant users
The Upper limit Role is configured for each tenant. By default, the Upper limit Role is “Administrator,” which means that tenant users belong to the tenant may have “Administrator” role at the highest. When a group user changes their highest role level to “operator,” the highest role level assigned to the tenant users should be “operator” (i.e. they can be assigned only “operator” and “viewer”; not “management”).
Group users cannot belong to other groups.
Group users cannot be tenant users.
You cannot change the permission settings for operations on groups.