Reduce Costs, Increase Performance, and Improve Security

AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices.

Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally.

For a complete list of checks and descriptions, explore Trusted Advisor Best Practices.

How It Works

AWS Personal Health Dashboard Alerts
Optimize Your Infrastructure

Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories:

Trusted Advisor best practice checks categories
Core Checks & Recommendations

All AWS customers get access to the seven core Trusted Advisor checks to help increase the security and performance of the AWS environment. Checks include:

Security

  • S3 Bucket Permissions
  • Security Groups - Specific Ports Unrestricted
  • IAM Use
  • MFA on Root Account
  • EBS Public Snapshots
  • RDS Public Snapshots

Service Limits

Full Trusted Advisor Benefits

Business Support and Enterprise Support customers get access to the full set of Trusted Advisor checks and recommendations. These help optimize your entire AWS infrastructure, to increase security and performance, reduce your overall costs, and monitor service limits. Additional benefits include:

Notifications: Stay up-to-date with your AWS resource deployment with weekly updates, plus create alerts and automate actions with Amazon CloudWatch.

Programmatic access: Retrieve and refresh Trusted Advisor results programmatically using AWS Support API.

AWS Trusted Advisor Features

AWS Trusted Advisor provides a suite of features for you to customize recommendations and to proactively monitor your AWS resources.

Trusted Advisor Notifications. The Trusted Advisor notification feature helps you stay up-to-date with your AWS resource deployment. You will be notified by weekly email when you opt in for this service, and it is totally free.

Recent Changes*. You can track recent changes of check status on the console dashboard. The most recent changes appear at the top of the list to bring them to your attention.

Exclude Items. The "exclude items" feature (formerly called “suppress”) allows you to customize the Trusted Advisor report. You can exclude items from the check result if they are not relevant; the excluded items appear separately, and you can restore (include) them at any time.

Action Links. Items in a Trusted Advisor report have hyperlinks to the AWS Management Console, where you can take action on the Trusted Advisor recommendations.

Access Management. You can use AWS Identity and Access Management (IAM) to control access to specific checks or check categories.

AWS Support API*. You can retrieve and refresh Trusted Advisor results programmatically using AWS Support API.

Refresh. You can refresh individual checks or refresh all the checks at once by clicking the Refresh All button in the top-right corner of the summary dashboard. A check is eligible for refresh 5 minutes after it was last refreshed.

* Available with Business or Enterprise-level Support plan. Learn More>>

AWS Trusted Advisor FAQs
  • Q: What is AWS Trusted Advisor?

    AWS Trusted Advisor is an application that draws upon best practices learned from AWS’ aggregated operational history of serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps. 

  • Q: How do I access Trusted Advisor?

    Trusted Advisor is available in the AWS Management Console. All AWS users have access to the data for the seven core checks. Users with Business- or Enterprise-level Support can access all checks. You can access the Trusted Advisor console directly at https://console.aws.amazon.com/trustedadvisor/.

  • Q: What made you choose the current checks/recommendations over others?

    Every check was vetted for accuracy, consistency, and usefulness to our customers. We gather data and research to ensure we are making the right recommendations based on best practices and historical values. We have identified many possible checks for future implementation, and we will continue to add them over time.

  • Q: Does Trusted Advisor monitor my usage? Can Amazon see what I’m doing with AWS?

    Trusted Advisor respects your privacy just as all Amazon Web Services do. We will never have access to your data or the software running on your account without your consent.

  • Q: What does Trusted Advisor check?

    Trusted Advisor includes an ever-expanding list of checks in the following five categories:

    Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.

    Security – identification of security settings that could make your AWS solution less secure.

    Fault Tolerance – recommendations that help increase the resiliency of your AWS solution by highlighting redundancy shortfalls, current service limits, and overutilized resources.

    Performance – recommendations that can help to improve the speed and responsiveness of your applications.

    Service Limits – recommendations that will tell you when service usage is more than 80% of the service limit.

    For more information on Trusted Advisor and an up-to-date listing of checks, see AWS Trusted Advisor Best Practice Checks.  

  • Q: How does the Trusted Advisor notification feature work?

    The Trusted Advisor notification feature helps you stay up-to-date with your AWS resource deployment. You will be notified by weekly email when you opt in for this service, and it is totally free.

    What is in the notification? The notification email includes the summary of saving estimates and your check status, especially highlighting changes of check status.

    How do I sign up for the notification? This is an opt-in service, so do make sure to set up the notification in your dashboard. You can choose which contacts receive notification on the Preferences pane of the Trusted Advisor console.

    Who can get this notification? You can indicate up to 3 recipients for the weekly status updates and savings estimates.

    What language will the notification be in? The notification is available in English and Japanese.

    How often will I get notified, and when? Currently, you will receive a weekly notification email, typically on Thursday or Friday, and it will reflect your resource configuration over the past week (7 days). It is in our roadmap to provide an event-triggered mailer and more flexibility.

    Can I unsubscribe from the notifications if I do not want to receive the email anymore? Yes. You can change the setting in your dashboard by clearing all the check boxes and then clicking Save Preferences. Also, help us make this feature more relevant and better for you by using the Feedback button on the dashboard.

    How much does it cost? It is totally free. Get started today!

  • Q: How does the "Recent Changes" feature work?

    Trusted Advisor tracks the recent changes to your resource status on the console dashboard. The most recent changes over the past 30 days appear at the top to bring them to your attention. The system will track seven updates per page, and you can go to different pages to view all recent changes by clicking the forward or the backward arrow displayed on the top-right corner of the "Recent Changes" area.

  • Q: How does the "Exclude Items" function work?

    If you don’t want to be notified about the status of a particular resource, you can choose to exclude (suppress) the reporting for that resource. You would normally do this after you have inspected the results of a check and decide not to make any changes to the AWS resource or setting that Trusted Advisor is flagging.

    To exclude items, check the box to the left of the resource items, and then click the Exclude button. Excluded items appear in a separate view. You can restore (include) them at any time by selecting the items in the excluded items list and then clicking the Include button.

    The "Exclude Items" function is available only at the resource level, not at the check level. We recommend that you examine each resource alert before excluding it to make sure that you can still see the overall status of your deployment without overlooking a certain area.  

  • Q: What is an "Action Link"?

    Some items in a Trusted Advisor report have hyperlinks to the AWS Management Console, where you can take action on the Trusted Advisor recommendations. Currently, all checks have the action links in the check description "Recommended Action" section; three checks have links directly to the AWS Management Console: Security Groups - Specific Ports Unrestricted, Security Ports - Unrestricted Access,  and Service Limits.  

  • Q: How do I manage the access to the Trusted Advisor console? What is the new IAM policy?

    For the Trusted Advisor console, access is controlled by IAM policies that use the trustedadvisor namespace, and access options include viewing and refreshing individual checks or categories of checks. For more information, see Controlling Access to the Trusted Advisor Console.

  • Q: How do I access AWS Trusted Advisor via API?

    You can retrieve and refresh Trusted Advisor results programmatically. For more information, see About the AWS Support API.

  • Q: How often can I refresh my Trusted Advisor result?

    You can refresh a check 5 minutes after it was last refreshed. You can refresh individual checks or refresh all the checks at once by clicking the Refresh All button in the top-right corner of the summary dashboard.

    Checks are periodically refreshed without user action, but the interval can vary considerably. You can always see the date and time of the last refresh to the right of the check title.

  • Q: How do Trusted Advisor activities affect my Amazon CloudTrail logs?

    Each customer action in Trusted Advisor triggers an API call that is documented in your Amazon CloudTrail logs. For example, when you refresh a Trusted Advisor check, you will see a call to the relevant resources with invokedBy and userAgent values of "support.amazon.com". This logging incurs minimal charges (a few cents per month).

  • Q: Which Trusted Advisor checks and features are available to all AWS customers?

    All AWS customers get access to the seven core Trusted Advisor checks to help increase the security and performance of the AWS environment. Checks include:

    Security

    • S3 Bucket Permissions
    • Security Groups - Specific Ports Unrestricted
    • IAM Use
    • MFA on Root Account
    • EBS Public Snapshots
    • RDS Public Snapshots

    Service Limits