AWS Trusted Advisor

What is AWS Trusted Advisor, and How Does It Work?

AWS Trusted Advisor is an AWS product that provides real-time support in provisioning your resources by AWS best practices. It optimizes your AWS infrastructure, improves security and performance, lowers overall costs, and monitors service restrictions. Always use the advice supplied by Trusted Advisor while developing apps or as part of continuing development. It aids in keeping your solutions appropriately supplied.

The Trusted Advisor assesses a company's cloud architecture and makes suggestions based on best practices. The fundamental recommendations may be divided into three categories :

• A green check indicates no problems discovered.
• An orange exclamation mark was proposed after further investigation.
• The red exclamation mark is advised.

If you want to transfer to the AWS cloud or launch a new cloud application, Trusted Advisor's tips can assist you in optimizing your cloud architecture. For example, suppose you want to launch a new RDS instance and receive a warning from AWS Trusted Advisor that two of the 15 RDS instances have been inactive for over 30 days. In that case, you may investigate and plan to use one of the idle instances rather than launching a new one.

AWS Trusted Advisor Features and Functionalities

AWS Trusted Advisor has various tools that allow you to personalize suggestions and proactively monitor your AWS resources.

• Recent Modifications (Available with Business or Enterprise-level Support Plan) :
  You may observe recent changes in check status on the console dashboard. To capture your attention, the most recent changes are presented at the top of the list.
• Items to Avoid :
  You may personalize the Trusted Advisor report using the "exclude items" function. Items can be omitted from the check result if they are irrelevant, the excluded items display individually and are always reversible.
• Links to Action :
  You may observe recent changes in check status on the console dashboard. To attract emphasis to the most recent changes, they are placed at the top of the list.
• Management of Access :
  AWS Identity and Access Management (IAM) is used to restrict access to certain checks or check categories.
• Refresh :
  Every 5 minutes, a check is updated. You may refresh selected checks (or) all checks at once by hitting the Refresh All button in the summary dashboard.

AWS Trusted Advisor Best Practices

• Cost Efficiency :
  Trusted Advisor advice can cut expenditures by flagging idle resources or committing reserved resources.
• Security :
  Users may fortify their AWS services against attackers by setting various security mechanisms with the aid of AWS Trusted Advisor.
• Fault Tolerance :
  suggestions that improve your applications resilience by flagging health concerns, missing backups, and redundancy gaps.
• Performance :
   tips include evaluating your service restrictions and monitoring instances to improve the overall performance of your apps and cloud infrastructure.

AWS Trusted Advisor Best Practices at No Charge

All AWS users may now perform the following Trusted Advisor checks :

• Check for Service Restrictions :
  This check examines your consumption of the most critical service limits for each AWS product. It notifies you when you use more than 80% of your allocated resources, like EC2 instances and EBS volumes.
• Specific Ports for Security Groups Check with No Restrictions :
  This tool will detect and inform you of excessively permissive access to your EC2 instances, assisting you in avoiding dangerous actions such as hacking, denial-of-service attacks, and data loss.
• IAM Use Check :
  This check informs you if you are utilizing account-level credentials to govern access to your AWS resources rather than following security best practices and creating users, groups, and roles.
• MFA on Root Account Check :
  The use of multi-factor authentication (MFA) to strengthen security by requiring extra authentication data from a secondary device is recommended in this check.

How to Get Started with AWS Trusted Advisor?

Trusted Advisor is accessible via the AWS Management Console. To do so, use the Trusted Advisor console.

Examine the check findings for your AWS account and then take the advised steps to resolve any concerns. For example, a Trusted Advisor may advise you to eliminate underutilized resources to lower your monthly costs, such as a bill for anything like an Amazon Elastic Compute Cloud (Amazon EC2) instance.

You may also utilize the AWS Support API to manipulate your Trusted Advisor checks.

Log In to the Trusted Advisor Interface

The Trusted Advisor console allows you to examine the checks and status. The user should have AWS Identity and Access Management (IAM) authorization to use the Trusted Advisor interface.

View the following summary for each check category on the Dashboard page:

• Action advised (red) :
  A Trusted Advisor has recommended action for the check. For example, a check that discovers a security vulnerability with your IAM resources may propose immediate action.
• Investigation advised (yellow) :
  Trusted Advisor identifies a potential problem with the check. For example, a check that surpasses a resource quota may suggest strategies to eliminate redundant resources.
• Excluded items (gray) :
  The counts of checks that have excluded things, such as resources that you wish a check to disregard. For example, you might not want the check to analyze Amazon EC2 instances.

View Check Categories

The following check categories' descriptions and outcomes are available to view :

• Cost optimization :
  Suggestions that could help you save money. These audits highlight wasteful spending and areas where your bill is cut.
• Performance :
  Suggestions to increase the responsiveness and quickness of your applications.
• Security :
  Suggestions for security settings that help increase the security of your AWS service.
• Fault tolerance :
  Advice that helps your AWS solution be more resilient. These checks highlight redundancy gaps, existing service quotas, and misused resources.
• Service limitations :
  Verifies your account's use to see if it approaches or exceeds the upper limit for AWS services and resources, sometimes referred to as quotas.

View the Report for Every Check Category on the Category Page

• "Action Recommended" in (red) :
  Trusted Advisor advises an action for the check.
• "Action Recommended" in (red) :
  Trusted Advisor advises an action for the check. The Trusted Advisor identifies a potential problem with the check.
• No issues found (green) :
  Trusted Advisor doesn't see any flaws with the check.
• Prohibited items (grey) :
  The number of checks with excluded things, such as resources you wish a check to disregard.

View Particular Checks

Expand a check to see the entire check description, the resources it affects, any actionable advice, and connections to further details. To read the description and the following information, choose the check name :

• Alert Criteria :
  Describes the cutoff point at which a check's status changes.
• Recommendations for Action :
  Outlines the suggestions for this check.
• Other Resources :
  Provides links to relevant AWS documentation.
• A table displays a list of your account's impacted goods. These elements might be included or excluded from the check results.

Filter Your Checks

You can choose the check results you wish to see on the check category pages. To focus on pressing issues first, you could filter by checking that you found mistakes in your account.

Use tag filters to limit the things displayed to those that match the provided tag if your account has checks that assess items, such as AWS resources.

Select which checks to view in the View list :

• All checks :
  Display all checks for this category. Action advised - Display all checks that advise you to take action. These are the checks emphasized in red.
• Investigation advised :
  Make a list of checks that suggest you take possible action. This Yellow color highlights the checks.
• No problems found :
  List the checks that have no difficulties. These verifications are emphasized in green.
• Checks with excluded items :
  List checks for which you instructed that things be omitted from the check results.

Refresh Check Results

To receive the most recent results for your account, you can refresh checks. To update the checks, go into the Trusted Advisor interface if you have a Developer or Basic support plan. If you have an Enterprise Support, Enterprise On-Ramp, or Business subscription, Trusted Advisor will automatically update the checks in your account once every week.

To update Trusted Advisor tests :

1. Click on the link to access the AWS Trusted Advisor interface.
2. Select Refresh all checks on the Dashboard or a check category page.

Additionally, you can update specific tests in the methods listed below :

1. Use the RefreshTrustedAdvisorCheck API action.
2. Select the refresh icon () for a specific check.

Download Check Results

You may download check results to receive an overview of Trusted Advisor on your account. Results for all checks or a particular check can be downloaded. To get the reports of Trusted Advisor checks.

1. Click on the link to access the AWS Trusted Advisor interface.
   • On the Dashboard, select Download all checks to download all check results.
   • Select the check name, then select the download icon to download a check's results.
2. Download or launch the .xls file. The file includes the same summary data from the Trusted Advisor console, including the name, description, status, and impacted resources, among other things.

Using AWS Trusted Advisor as a Web Service

You may use the AWS Support service to create apps that communicate with AWS Trusted Advisor. This subject demonstrates how to obtain a list of Trusted Advisor checks, refresh one of them, and then obtain detailed check results in Java.

• Obtain a list of Trusted Advisor checks that are currently accessible :
  You can utilize the AWS Support client instance created by the following piece of Java code to access all Trusted Advisor API actions. The code then uses the DescribeTrustedAdvisorChecks API action to retrieve the list of Trusted Advisor checks and their accompanying CheckId values. This knowledge is used to create user interfaces that let people choose the check they wish to perform or update.

• Refresh the list of Trusted Advisor checks available :
  You may utilize the AWS Support client instance created by the following piece of Java code to update Trusted Advisor data.

• Consult with a trusted advisor to monitor for status changes :
  Utilizing the DescribeTrustedAdvisorCheckRefreshStatuses API action, you may inquire about the status of a Trusted Advisor check-in process and when new data will be available for the check after submitting a request to execute one to generate the most recent status information. The following Java code snippet uses the value contained in the CheckId variable to obtain the status of the check requested in the next section.

• Request the outcome of a Trusted Advisor check :
  You send a request using the DescribeTrustedAdvisorCheckResult API method after choosing the check for the desired detailed results. The DescribeTrustedAdvisorChecksResult object referred to by the variable result in the previous Java code snippet is used in the following code fragment.

• Print the Trusted Advisor check details :
  To obtain a list of resources highlighted by the Trusted Advisor check, the following Java code snippet iterates over the DescribeTrustedAdvisorCheckResultResult class returned in the preceding section.

Benefits of AWS Trusted Advisor

The Trusted Advisor Benefits Checks examine your AWS infrastructure and offer recommendations for best practice-compliant activities.

• Cost reduction :
  By examining usage, setting, and spending, Trusted Advisor can provide you with cost-saving advice that you can implement. Examples include finding new EBS volumes, unconnected Elastic IP addresses, idle RDS DB instances, and Lambda function timeouts that are too high.

• Performance :
  A trusted Advisor may provide actionable advice to help your services run better by examining the use and setup. Examples include computing utilization of EC2 instances, setups on CloudFront, and EBS throughput and latency analysis.

• Security :
  By recommending fundamental security best practices that security professionals have carefully selected, Trusted Advisor may help your AWS environment become more secure. Examples include determining the danger of access to RDS security groups, open access keys, and unused S3 bucket permissions.

• Error sensitivity :
  Your services' dependability might be increased with the aid of a trusted advisor. Examining Auto scaling EC2 groups, deleting Route 53 health checks, turning off Availability Zones, and turning off RDS backups are a few examples.

• Maintenance regulations :
  A service quota is the maximum amount of resources you may add to an AWS account. Quotas are implemented by AWS to safeguard you from unintended spending and to offer highly accessible and dependable service to all users. Trusted Advisor will let you know as soon as you fulfill more than 80% of a service obligation. Then, you can act upon suggestions to eliminate resources or ask for a quota increase.

AWS Trusted Advisor Explorer vs. AWS Systems Manager Explorer

AWS Systems Manager Explorer includes a multi-account overview of Trusted Advisor checks. There are some distinctions between the services :

• All AWS Trusted Advisor assessments, including performance, security, and reliability checks, will be aggregated by Systems Manager Explorer. Only recommendations for cost optimization submitted after examination will be aggregated by AWS Trusted Advisor Explorer.
• Systems Manager Explorer is available in all regions. However, AWS Advisor Explorer is only open in a few (AWS recommends the US-East region) since it relies on many services that are not available in all regions.
• AWS Trusted Advisor Explorer could provide additional flexibility because it is a CloudFormation template that users can edit. It also enables us to leverage AWS Athena data searches (SQL style), custom dashboards, resource tags, and external visualization tools. AWS Systems Manager Explorer allows queries using the AWS API to generate custom reports, and configurable dashboards with pre-defined widgets are available.

AWS Trusted Advisor Pricing

There are no long-term commitments and monthly billing for any premium AWS Support options. For Business and Developer Support plans, AWS Support costs are computed per account. You are charged for Enterprise On-Ramp and Enterprise Support depending on the total monthly AWS charges for all your account IDs that have those services subscribed.

The Developer, Business, Enterprise On-Ramp, and Enterprise Support plans monthly prices are computed using the previous month's total gross AWS charges (before any discounts or credits are applied).

As previously mentioned, a percentage of your monthly AWS costs, or the set minimum monthly rate, whichever is more extensive, will be charged as AWS Support fees. Users will be paying the larger of the monthly minimum or a percentage of their AWS costs for the time they are enrolled, even if they terminate their AWS Support subscription within 30 days of signing up. Any client who regularly signs up for and then discontinues AWS Support may be denied AWS Support at AWS's discretion.

When you prepay for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, Amazon Elasticsearch, and Amazon DynamoDB Savings Plans, Reserved Instances, and Nodes and are enrolled in a paid AWS Support plan, the upfront charges for each reserved resource are included in the calculation of your AWS Support fees in the month you purchase the resources. Furthermore, any recurring charges for these resources are factored into the calculation of your AWS Support fees for the month in which they occur.

Suppose you already have resources reserved when you sign up for a paid AWS Support plan. In that case, the upfront costs for those resources, prorated throughout the reservation, are considered for calculating the cost of AWS Support for the first month. As an illustration, if you buy a three-year Amazon EC2 All or Partial Upfront Reserved Instance on January 1 and enroll in the Business Support plan on October 1 of the same year, 75% of the upfront charge you paid in January is taken into account for determining your Support expenses for October.