AWS Trusted Advisor adds checks for CloudFront, EBS/EC2, and IAM, updates Service Limits and S3 check
Four new checks have been added to Trusted Advisor to provide guidance related to EBS, CloudFront, and IAM access keys, with two updates released for existing S3 and service limit checks. These checks provide additional guidance to help provision your resources to improve system performance and reliability, increase security, and optimize cost.
Checks available to all Trusted Advisor customers:
• Service Limits (Updated): EC2 On-demand Service Limit has been added to the service limit check
Checks available to AWS Support Business and Enterprise plan customers:
• Amazon EC2 to EBS Throughput Optimization (New): Checks for Amazon EBS volumes whose performance might be affected by the maximum throughput capability of the Amazon EC2 instance they are attached to.
• CloudFront Alternate Domain Names (New): Checks CloudFront distributions for alternate domain names with incorrectly configured DNS settings.
• CloudFront SSL Certificate on the Origin Server (New): Checks your origin server for SSL certificates that are expired, about to expire, or that use outdated encryption.
• Amazon S3 Bucket Logging (Updated): A check has been added to identify whether server access logging is enabled for the configuration of Amazon Simple Storage Service (Amazon S3) buckets.
• IAM Access Key Rotation (New): With a best practice to rotate access keys on a regular basis, this check identifies active IAM access keys that have not been rotated in the last 90 days.
For more information on AWS Trusted Advisor and descriptions of the full set of checks, visit AWS Trusted Advisor.