AWS Cloud Operations Blog
Optimize your cloud deployments with Prioritized Trusted Advisor recommendations in your operational workflows
AWS Trusted Advisor Priority helps you focus on the most important recommendations for optimizing your cloud deployments, improving resilience, and addressing security gaps. As an AWS Enterprise Support customer, you gain access to prioritized and context-driven recommendations, curated both by your AWS account team and machine-generated checks from AWS services.
Note: AWS Trusted Advisor Priority is available only to AWS Enterprise Support customers. To compare AWS support plans, or upgrade your support plan to Enterprise Support, go to Compare AWS Support Plans.
AWS Enterprise Support customers, in collaboration with their account team, can track the entire lifecycle of recommendations, from creation to acceptance, resolution, or rejection of recommendations. This enables a comprehensive view and a search capability for prioritized recommendations across all member accounts in your organization. The closed-loop feedback tracking mechanism allows you to track, accept, reject, or resolve recommendations with your AWS account team, ensuring all feedback is accounted for and acted upon. By aggregating information from all your AWS accounts, you get an overall risk posture, providing a comprehensive understanding of your cloud environment. Additionally, you can review the history of actions taken across your AWS accounts at any time, offering valuable insights to your cloud operations team.
The AWS Organizations management account receives aggregated Trusted Advisor Priority recommendations from all member accounts. Each member account gets tailored recommendations for its specific resources, which it can review and update. Any changes made by member accounts automatically update the overall status in the management account.
In this blog post, we present an architecture pattern that you can implement to automate the ingestion and integration of the Trusted Advisor Priority recommendations into your day-to-day operational workflows and enterprise tools.
Trusted Advisor API
Trusted Advisor API provides programmatic access to Trusted Advisor recommendations for your account or all the accounts within your Organizations. Including the prioritized recommendations from Trusted Advisor Priority. You can use the Trusted Advisor API to get a list of checks and their descriptions, recommendations, and resources for recommendations in JSON format. You can update the status of prioritized recommendations by selecting either Acknowledge, Dismiss, or Resolve. To find definitions of the status of Trusted Advisor Priority recommendations visit Get started with AWS Trusted Advisor Priority.
To manage recommendations, use the API operations available at Trusted Advisor API. You can view and manage your prioritized recommendations from a management account or delegated administrator account if you have activated Trusted Advisor Priority. If Trusted Advisor Priority isn’t activated, contact your AWS Account team.
For more information, see AWS Trusted Advisor in the AWS Support User Guide.
Solution overview
The event-driven architecture enables your internal applications like reporting dashboards to present a near real-time summary view of recommendations and their status. You can integrate to your internal messaging systems like Slack to notify a team when their AWS Account team shares a Trusted Advisor Priority recommendation for the respective AWS Account’s resources.
Figure 1: Reference architecture
Step 1: AWS account team sends high priority Trusted Advisor recommendations to customer’s Trusted Advisor
Step 2: A scheduled Amazon EventBridge rule is configured to invoke at a pre-determined interval. For example, every 6 hours, 12 hours or daily.
Step 3: The EventBridge rule invoke the AWS Lambda function
Step 4: The Lambda function invokes one or more of AWS Trusted Advisor APIs
Step 5: The Lambda function writes the responses from step 4 to Amazon S3
Step 5.1: The response can be sent to a corporate Slack channel to notify infrastructure administrators by using a Slack Webhook. Sample code for Slack integration is at AWS Trusted Advisor Tools GitHub.
Step 6: A preconfigured AWS Glue Crawler connects to Amazon S3 to determine the schema for the data
Step 6.1: AWS Glue crawler creates metadata tables in AWS Glue Data Catalog.
Step 7: Amazon QuickSight connects to Amazon Athena to query and visualize Trusted Advisor Priority recommendations across all accounts in the organization.
Customizing the solution
This solution can be extended to operationalize the management of Trusted Advisor Priority recommendations. By notifying team members using Amazon SNS and sending messages to Slack channels. For sample code and other example solutions using Amazon SNS and integrating to Slack, visit AWS Trusted Advisor Tools GitHub.
To enhance business productivity and get actionable insights this solution can be integrated to Amazon Q using the Amazon QuickSight Q.
Cost of the Solution
Trusted Advisor API is available at no additional cost. You will only incur costs for using AWS services and resources created for implementing the reference architecture as shown in Figure 1 above. To get a high-level estimate for the cost of the solution please use the AWS Pricing Calculator.
Conclusion
In this blog post, we proposed an architecture that enables organizations to effectively operationalize AWS Trusted Advisor Priority recommendations. By automating the ingestion and distribution of these recommendations, teams can stay ahead of potential issues and maintain a proactive stance toward cloud optimization. This approach not only fosters collaboration between internal stakeholders and AWS Account teams but also unlocks new avenues for innovation, such as integrating recommendations with custom applications or notification systems.