AWS Trusted Advisor adds five new checks on AWS CloudTrail and Amazon Route 53

Posted on: Mar 18, 2014

AWS Support announces five new AWS Trusted Advisor checks that offer best practices for using AWS CloudTrail (for logging AWS API activity) and Amazon Route 53 (for DNS services). AWS Trusted Advisor now provides 37 AWS best practices, and the five new checks focus on security, cost optimization, and fault tolerance:

  • AWS CloudTrail Logging (Security category): Checks for your use of AWS CloudTrail. CloudTrail provides increased visibility into activity in your AWS account by recording information about AWS API calls made on the account.
  • Amazon Route 53 Latency Resource Record Sets (Cost Optimization category): Checks for Amazon Route 53 latency record sets that are configured inefficiently and can lead to cost saving. If you create only one latency resource record set for a domain name, all queries are routed to one region, and you may pay extra for latency-based routing without getting the benefits.
  • Amazon Route 53 MX and SPF Resource Record Sets (Security category): Checks for an SPF resource record set for each MX resource record set. An SPF (sender policy framework) record publishes a list of servers that are authorized to send email for your domain, which helps reduce spam by detecting and stopping email address spoofing.
  • Amazon Route 53 Deleted Health Checks (Fault Tolerance category): Checks for resource record sets that are associated with health checks that have been deleted. If you delete a health check without updating the associated resource record sets, the routing of DNS queries for your DNS failover configuration may be unpredictable.
  • Amazon Route 53 Failover Resource Record Sets (Fault Tolerance category): Checks for Amazon Route 53 failover resource record sets that are misconfigured. When Amazon Route 53 health checks determine that the primary resource is unhealthy, Amazon Route 53 responds to queries with a secondary, backup resource record set. You must create correctly configured primary and secondary resource record sets for failover to work.

For more information on Trusted Advisor and descriptions of the other 32 checks, visit AWS Trusted Advisor.