AWS Trusted Advisor: Everything You Need To Know

AWS Trusted Advisor is your personal cloud expert! It helps you to provide best practices for AWS by inspecting your AWS environment with a motto toward saving money, improving system performance and reliability, and closing security gaps to protect.

In this post, I am going to cover the important things about AWS Trusted Advisor such as:

What is AWS Trusted Advisor?

AWS Trusted Advisor is an AWS tool that provides you real-time assistance to help you provision your resources following AWS best practices. It checks to help optimize your AWS infrastructure, provide better security and performance, reduce your overall costs, and also monitor service limits. Whether you want to develop applications, or as part of ongoing improvement, Always take advantage of the recommendations provided by Trusted Advisor it helps keep your solutions provisioned optimally.
Trusted Advisor best practice

How does it Work?

The Trusted Advisor scans an organization’s cloud infrastructure and provides recommendations based on the defined best practices. The basic recommendations can be grouped into three categories:

No problem detected—a green check.
Investigation recommended—an orange exclamation mark.
Action recommended—a red exclamation mark.

aws-trusted-advisor-diagram

If you are planning to migrate to the AWS cloud or to set up a new cloud application, Trusted Advisor’s recommendations can help you to optimize your cloud infrastructure. For example, if you are planning to set up a new RDS instance and receive a notification from AWS Trusted Advisor that two of 15 RDS instances have been idle for more than 30 days, you can investigate and plan to utilize one of the idle instances rather than introducing a new one. This saves costs for your organization.

AWS Trusted Advisor Check large section of services which can be grouped into four categories:

Cost Optimization—recommendations provided by Trusted Advisor can reduce expenses by highlighting idle resources or by committing reserved resources.
Security—With the help of AWS Trusted Advisor user can harden their AWS services against intruders by enabling various security features.
Fault Tolerance—suggestions that enhance the resilience of your applications by highlighting health issues, missing backups, and redundancy shortfalls.
Performance—recommendations that can increase the overall performance of your applications and cloud infrastructure by checking your service limits and monitoring instances.

Best Practices Of AWS Trusted Advisor At No Charge

The following Trusted Advisor checks are now available to all AWS users:

Service Limits Check – This check inspects your usage with regard to the most important service limits for each AWS product. It alerts you when you are using more than 80% of your allocation resources such as EC2 instances and EBS volumes.
Security Groups – Specific Ports Unrestricted Check – This check will look for and notify you of overly permissive access to your EC2 instances and help you to avoid malicious activities such as hacking, denial-of-service attacks, and loss of data.
IAM Use Check – This check alerts you if you are using account-level credentials to control access to your AWS resources instead of following security best practices by creating users, groups, and roles to control access to the resources.
MFA on Root Account Check – This check recommends the use of multi-factor authentication (MFA), to improve security by requiring additional authentication data from a secondary device.

Features and Functionalities

AWS Trusted Advisor provides many features for you to customize recommendations and to proactively monitor your AWS resources.

Recent Changes (Available with Business or Enterprise-level Support Plan)

You can track recent changes in check status on the console dashboard. The most recent changes appear at the top of the list to bring them to your attention.

Exclude Items

The “exclude items” feature allows you to customize the Trusted Advisor report. You can exclude items from the check result if they are not relevant; the excluded items appear separately, and you can restore (include) them at any time.

Action Links (beta)

You can track recent changes in check status on the console dashboard. The most recent changes appear at the top of the list to bring them to your attention.

Access Management

You can use AWS Identity and Access Management (IAM) to control access to specific checks or check categories.

Refresh

You can refresh a check every 5 minutes. You can refresh individual checks or refresh all the checks at once by clicking the Refresh All button in the top-right corner of the summary dashboard.

AWS Trusted Advisor Explorer vs. AWS Systems Manager Explorer

AWS announced on May 4 that AWS Systems Manager Explorer will provide a multi-account summary of Trusted Advisor checks. There are a few differences between the services:

Systems Manager Explorer will aggregate all AWS Trusted Advisor checks, including performance, security, and reliability checks. AWS Trusted Advisor Explorer will only aggregate cost optimization recommendations provided after evaluation.
Systems Manager Explorer is available in maximum regions, while AWS Advisor Explorer is limited to few regions (AWS recommends using US-East region) because it relies on multiple services that are not available in all regions.
AWS Trusted Advisor Explorer is capable of providing more flexibility since it is a CloudFormation template user can modify. It also allows us to use data queries via AWS Athena (SQL style) and custom dashboards resource tags and external visualization tools. AWS Systems Manager Explorer supports queries via AWS API to create custom reports and custom dashboards are available with pre-set widgets as defined by AWS.