AWS Blog

AWS Trusted Advisor For Everyone

by Jeff Barr | on | in AWS Trusted Advisor | | Comments

AWS Trusted Advisor is your customized cloud expert! It helps you to observe best practices for the use of AWS by inspecting your AWS environment with an eye toward saving money, improving system performance and reliability, and closing security gaps. Since we launched Trusted Advisor in 2013, our customers have viewed over 1.7 million best-practice recommendations for cost optimization, performance improvement, security, and fault tolerance and have reduced their costs by about 300 million dollars.

Today I have two big pieces of news for all AWS users. First, we are making a set of four Trusted Advisor best practices available at no charge. Second, we are moving the Trusted Advisor into the AWS Management Console.

Four Best Practices at no Charge
The following Trusted Advisor checks are now available to all AWS users at no charge:

Service Limits Check – This check inspects your position with regard to the most important service limits for each AWS product. It alerts you when you are using more than 80% of your allocation resources such as EC2 instances and EBS volumes.

Security Groups – Specific Ports Unrestricted Check – This check will look for and notify you of overly permissive access to your EC2 instances and help you to avoid malicious activities such as hacking, denial-of-service attacks, and loss of data.

IAM Use Check – This check alerts you if you are using account-level credentials to control access to your AWS resources instead of following security best practices by creating users, groups, and roles to control access to the resources.

MFA on Root Account Check – This check recommends the use of multi-factor authentication (MFA), to improve security by requiring additional authentication data from a secondary device.

You can subscribe to the Business or Enterprise level of AWS Support in order to gain access to the remaining 33 checks (with more on the way).

Trusted Advisor in the Console
The Trusted Advisor is now an integral part of the AWS Management Console. We have fine-tuned the user interface to simplify navigation and to make it even easier for you to find and to act on recommendations and to filter out recommendations that you no longer want to see.

Let’s take a tour of the Trusted Advisor, starting from the Dashboard. I can see a top-level summary of all four categories of checks at a glance:

Each category actually contains four distinct links. If I click on the large icon associated with each category I can see a summary of the checks without regard to their severity or status. Clicking on the smaller green, orange, or red icons will take you to items with no problems, items where investigation is recommended, and items where action is recommended, respectively. It looks like I have room for some improvements in my fault tolerance:

I can use the menu at the top to filter the checks (this is equivalent to using the green, orange, and red icons):

If I sign up for the Business or Enterprise level of support, I can also choose to tell Trusted Advisor to selectively exclude certain resources from the checks. In the following case, I am running several Amazon Relational Database Service (RDS) instances without Multi-AZ. They are test databases and high-availability isn’t essential so I can exclude them from the test results:

I can also download the results of each check for further analysis or distribution:

I can even ask Trusted Advisor to send me a status update each week:

With the introduction of the console, we are also introducing a new, IAM-based model to control access to the results of each check and the actions associated with them in the console. To learn more about this important new feature, read about Controlling Access to the Trusted Advisor Console.

Available Now
As always (I never get tired of saying this), these new features are available now and you can start using them today!