Release News: What We’re Shipping with 2.12

three icons representing three pillars of cloudtamer governance

Our latest major release, 2.12, provides a plethora of new features and updates. As always, the full list of updates is available to customers at our Support Center. If you want the short-and-sweet version on the biggest updates, read on.

Operate Across AWS Regions

If you’re operating across multiple AWS regions, we’ve got you covered. You can now federate and manage commercial AWS accounts from an instance of installed in GovCloud. Now you won’t miss out on services only available in commercial regions if you have to operate within GovCloud.

Specify Account-Specific Cloud Access Roles

You can now specify which account(s) a cloud access role applies to. A great use case for this is if you have multiple lifecycle accounts in a project (for example, Dev, Test, and Prod) and you need to specify different access roles across the accounts. For example, with account-specific cloud access roles, you can give Joe access to Dev, but not to Prod.

create cloud access role in 2.12

Move Your Projects

Organizational changes happen. If you’ve had such a change after setting up your org structure and mapping cloud accounts in, you’ll appreciate the new ability to move a project. As part of the project move, you’ll specify a destination OU and how you’d like to handle inherited cloud rules and financial transaction history. You’ll also be able to create your spend plan for the project at this time.

move a project in 2.12

Get Improved Diagnostics

From the Project Diagnostics page, you can now view issues with deploying Cloud Rules and even re-trigger pre- and post-rule webhooks if they fail or re-attempt a CloudFormation Template if it fails.

Deploy Using Native AWS Services

For our deployment, we moved away from Kubernetes on the backend in favor of a lightweight CloudFormation template (CFT)-based approach. Reliability increases since there is less software between the user and the application, and we simplified disaster recovery by enabling the creation of a database from a snapshot. In addition, this new model makes it easy to use your own custom Amazon Machine Images (AMIs) if you need any type of hardening or corporate security applied to the nodes. Finally, we moved away from requiring a deployment server and removed the need for any management nodes, which effectively cuts the number of nodes in half. This switch to CloudFormation, a native AWS service, reduces the learning curve and management overhead for your team. You can find all the details and instructions for migrating to this new deployment method in our Deployment Guide on our Support Center.

  • IMPORTANT: The Kubernetes deployment model will only be available for the remainder of the 2.12.x series of releases. You’ll need to migrate to the new deployment beginning with 2.13.0 if you wish to receive new application updates.

These are some of the big highlights of our latest release. Customers can click the Support link on the User menu within to visit our Support Center and get the complete list of additions and changes in 2.12.

Interested in starting your journey with our latest release?  Let’s talk!

Marianna leads marketing at

Release News: What We’re Shipping with 2.11

three icons representing three pillars of cloudtamer governance

Our latest release, 2.11, is now available. Here’s a summary of the highlights.

Enhanced integration and automation with public API

In the biggest release news, we officially support programmatic access to using our versioned, public API. Using our API you can do things like create accounts, projects, and OUs from outside of For example, if you’re using ServiceNow for your business and financial workflows, users can request a new cloud account via ServiceNow and, once approved by the right people within your organization, the API can be called from within ServiceNow to create the project within Another example use case would be calling the API from another program to automatically apply one cloud rule across all projects within*

You can enable/disable the ability to generate API keys and specify the key lifespan via the Settings page.

screen capture depicting how to enable API key generation

Customized project forecasting via user-defined categories

We’ve expanded our linear forecasting model to allow customers to add custom cloud spending forecasts to projects. This helps customers have a more accurate forward-looking view of how much funding will be required for projects. Forecasting is available by navigating to the desired project and selecting the Financials tab. You can create categories (for example, Labor or AWS Services) within the Settings page and then apply these categories and enter forecasted spend within the category. Forecasting can be particularly handy when you need to predict seasonal or other types of spikes that are outside your normal past spend rate.

screen capture depicting custom forecasting interface

Increased flexibility with account move

You can now move an account to a different project. Go to the Account detail page and select Move Account from the More Options menu. Note that spend from past months will remain attributed to the former project.

screen capture of move account dialog

Additional UI enhancements

From a UI perspective, we’ve made tweaks in a few areas:

  • You’ll notice the left navigation has new fly-out functionality to make it quicker to select options.  You can also collapse or expand the navigation pane now.

screen capture of new left nav

  • We’ve renamed the Policies menu on the left nav to Cloud Management to better reflect the breadth of functionality available.
  • When viewing the Cloud Management tab for projects and OUs you’ll now see  a sub-tab display that provides a snapshot view of key data and easier navigation.

screen capture of new cloud management interface


*For those of you, like myself, who might want a guide to translating the developer’s language of APIs, here is WTF is an API.

Marianna leads marketing at

Release News: What We’re Shipping with 2.10

three icons representing three pillars of cloudtamer governance

Since our last major release, we’ve rolled out several iterations with some minor additions and changes. Now, for 2.10, we’re introducing some significant changes to our UI. We shared a preview of the new interface with visitors to our booth at AWS re:Invent, and the new look got a great reception.

Here are the major new things in 2.10.

Streamlined navigation within projects, organization units, and more

As product functionality has grown, we found that a single-page approach to our features was becoming a bit unwieldy. So, we’ve introduced a new tabbed display to the organization units, projects, users, user groups, and funding sources areas.

The tab options vary based on area, but generally include overview information, financial data, user and permission data, and enforcement options.

screen capture of new tabbed display

Another change on the UI side is a more consolidated display of filtering options via a new drop-down menu.

screen capture of filters drop-down menu

More visibility into users and permissions

The new Permissions tab provides additional details and new viewing options to see access lists by user or by permissions.

screen capture of users and permissions display

With this new view, we have tried to make it very easy to answer questions like:

  • What permissions does [John Doe] have on my project?
  • Who can modify spend plans on my project?
  • How was [John Doe] given permission to apply policies to my project?

Retain history for completed projects

You can now archive a project to support decommissioning. This is a useful option when projects are completed, but you still want to retain data to view past spending.

The Archive Project option is available from the ellipsis menu on the project card. After archiving, the project no longer displays on the project page. You can use the filter drop-down menu to view Archived projects.

These are some of the big highlights of our latest release. Customers can click the Support link on the User menu within to visit our Support Center and get the complete list of additions and changes in 2.10.

Interested in starting your journey with our latest release?  Let’s talk!

Marianna leads marketing at

Release News: What We’re Shipping with 2.9.0

three icons representing three pillars of cloudtamer governance

In our cloud-taming laboratory, we continue to develop new features to help customers govern their workloads in the cloud. Here’s what’s new in our just-released version 2.9.0.

Webhooks to integrate with your existing DevOps tools

We’ve added webhooks, which can be applied before and after the Cloud Formations in our Cloud Rules. Webhooks allow you to extend functionality beyond IAM policies and Cloud Formation templates by integrating with your own services. Webhooks also make testing much easier because you can build a full CI/CD process around your services and then have reach out to them.

A great example of a webhooks use case is a service that deletes all default VPCs in all regions in preparation for setting up your own VPCs. This is not easily achievable with a Cloud Formation, but easy to do with a service that interacts with the AWS CLI or AWS SDK.

Flexible budget enforcement actions for projects and funding sources

We’ve added more budget enforcement options at the project and funding source levels, as well as the ability to specify users and groups to receive notifications. For example, you can now elect to send a notification when:

    • A project’s monthly spend exceeds a percentage of remaining budget
    • The amount remaining in the project budget drops below a percentage
    • The amount spent from a funding source exceeds a percentage of total amount
    • The amount unused within a funding source drops below a specified dollar amount

screen showing budget enforcement actions

Cloud Rule exemptions for OUs

You can now request exemptions for Cloud Rules that are inherited by OUs. This provides more control over how policies are managed across your organization.

Increased financial visibility and flexibility

We’ve added a few new views for project spend across our application. In addition to lifetime spend and current month spend, you can now view spend by current funding sources. We’ve also added the ability to download the financials for a project for offline use.

screen showing cloud spend by funding source


These are the big highlights of our latest release. Customers can click the Support link on the User menu within to visit our Support Center and get the complete list of additions and changes in 2.9.0.

Marianna leads marketing at

Release News: More Ways to Save Time with 2.8.1

three icons representing three pillars of cloudtamer governance

Our team of cloud tamers has spent the past several weeks on our latest release. Here are just a few of the new features in Release 2.8.1, available now for customers.

Automate AMI distribution using Cloud Rules

We’ve made it easier for you to share Amazon Machine Images (AMIs) via Cloud Rules. Now you can include an AMI within a Cloud Rule and take advantage of the inheritance properties of other components we share to AWS accounts via these Rules, like Identify and Access Management (IAM) policies and CloudFormation templates (CFTs). So, you get the ‘set once/use many’ benefits when you want to apply AMIs across your organization.

Increase security by enforcing a lifespan for AWS keys

Access keys shouldn’t live forever. However, the keys created in AWS live forever by default. We’ve added a lifespan setting in so you can specify the number of days before AWS access keys created from will expire. After you set the lifespan, will automatically expire the access keys once the specified time has elapsed.

access key lifespan field highlighted in cloudtamer

Facilitate forensics via enhanced audit log

We now include an entry in the audit log when a user accesses the AWS console. This is a new addition to the existing actions audited, which contains every user login attempt and change to any object within the system. You can filter the audit log to view these actions to determine who accessed the console and when access occurred. Coupled with enabling services like AWS CloudTrail, this level of audit detail provides enhanced reporting capability for determining provenance of user activities in the event of a security compromise.

Save time with inherited Cloud Access Roles

You can now create and apply a Cloud Access Role at the OU level and have this role applied to all projects that are descendants of that OU. So, for example, if you want an auditor role to be available everywhere within an organization, you can apply it once at the top-level OU, and the role, IAM policies, and user mappings will be added to all projects.

Simplify end user cloud access using AWS Service Catalog

In our biggest release news, now supports sharing AWS Service Catalog portfolios and products across your organization. AWS Service Catalog helps you package together IT services that are approved for use on AWS and helps less experienced AWS users by providing an easy-to-use list of products they can deploy in their accounts. AWS Service Catalog products are very flexible and can encompass almost anything…from marketplace applications to custom CloudFormation templates to setup a LAMP stack. Cloud PMOs can use AWS Service Catalog to help standardize deployments of key architectural components of their AWS architecture to help automate setup and reduce errors that result from manual processes.

inherited cloud rule and service catalog portfolio in cloudtamer

Because the AWS Service Catalog portfolio lives in a Cloud Rule you can share the portfolio across OUs and projects directly or via inheritance. For example, within your Marketing OU, you may designate an inherited Rule that includes a Service Catalog product that enables creation of campaign websites. This can then be deployed 1, 10, or even 100+ times depending on the use case.

For a high-level overview of how and AWS Service Catalog work together, view our short video Governance@Scale with AWS Service Catalog and


Marianna is the Product Marketing Manager.