Four new checks have been added to Trusted Advisor to provide guidance related to EBS, CloudFront, and IAM access keys, with two updates released for existing S3 and service limit checks. These checks provide additional guidance to help provision your resources to improve system performance and reliability, increase security, and optimize cost.

Checks available to all Trusted Advisor customers:

- Service Limits (Updated): EC2 On-demand Service Limit has been added to the service limit check

Checks available to AWS Support Business and Enterprise plan customers:

- Amazon EC2 to EBS Throughput Optimization (New): Checks for Amazon EBS volumes whose performance might be affected by the maximum throughput capability of the Amazon EC2 instance they are attached to.

- CloudFront Alternate Domain Names (New): Checks CloudFront distributions for alternate domain names with incorrectly configured DNS settings.

- CloudFront SSL Certificate on the Origin Server (New): Checks your origin server for SSL certificates that are expired, about to expire, or that use outdated encryption.

- Amazon S3 Bucket Logging (Updated): A check has been added to identify whether server access logging is enabled for the configuration of Amazon Simple Storage Service (Amazon S3) buckets.

- IAM Access Key Rotation (New): With a best practice to rotate access keys on a regular basis, this check identifies active IAM access keys that have not been rotated in the last 90 days.

For more information on AWS Trusted Advisor and descriptions of the full set of checks, visit AWS Trusted Advisor.

AWS Support announces two new AWS Trusted Advisor checks that offer best practices for using CloudFront, focusing on security enhancement and performance improvement:

- CloudFront Header Forwarding and Cache Hit Ratio (Performance category): Checks for HTTP request headers that CloudFront forwards to the origin that might significantly reduce the cache hit ratio and increase the load on the origin.

- CloudFront Custom SSL Certificates in the IAM Certificate Store (Security category): Checks for SSL certificates for CloudFront alternate domain names in the IAM certificate store that are expired, will soon expire, use outdated encryption, or are not configured correctly for the distribution.

For more information on Trusted Advisor and descriptions of all 43 checks, visit AWS Trusted Advisor.


AWS Support announces four new AWS Trusted Advisor checks that offer best practices for using Elastic Load Balancing (ELB), focusing on security and fault tolerance:

- ELB Connection Draining (Fault Tolerance category): Checks for load balancers that do not have connection draining enabled. When connection draining is enabled, the load balancer keeps the connection open until active requests have been served.

- Cross-Zone Load Balancing (Fault Tolerance category): Checks for load balancers that do not have cross-zone load balancing enabled. Cross-zone load balancing makes it easier to deploy and manage applications across multiple Availability Zones.

- ELB Listener Security (Security category): Checks for load balancers with listeners that do not use recommended security configurations: a secure protocol, the latest version of a predefined security policy, and only recommended ciphers and protocols.

- ELB Security Groups (Security category): Checks for load balancers configured with a missing security group or a security group that allows access to ports that are not configured for the load balancer. This helps to make sure the load balancer works as expected and reduces the risk of loss of data or malicious attacks.

For more information on Trusted Advisor and descriptions of all 41 checks, visit AWS Trusted Advisor.


AWS Trusted Advisor is pleased to announce the expanded availability of the Action Link feature. Action links are hyperlinks to the AWS Management Console, where you can take action on the Trusted Advisor recommendations. Action links were introduced in July 2014 on a limited number of checks. Action links are now available on all checks where links are supported by the relevant service.

For example, the Amazon EBS Snapshots check lists Amazon EBS volumes whose snapshots are missing or more than 7 days old. In each row of the report, the volume ID is a hyperlink to that volume in the Amazon EC2 console, where you can take action to create a snapshot with just a couple of clicks. To try out the new feature, visit Trusted Advisor today!


AWS Support Center is the hub for managing your Support cases. The newly designed Support Center is moving to the AWS Management Console, providing both federated access support and an improved case management experience. The new Support Center location is

With the federated access support, you can now sign in to Support Center as a federated user. If you have given your users single sign-on (SSO) access to the AWS Management Console (after authenticating them with your identity and authorization system), they can now use Support Center without providing additional credentials.

We have also improved the case creation process to allow up to 10 service limit increase requests (for a single service) in one case. We have reduced the number of steps required to request a phone callback (phone support is available to Business and Enterprise-level support customers). Additionally, customers with many cases can now easily filter cases based on case type, severity, and status.

All Developer-level and higher Support customers can open a Technical Support case online through the Support Center. Business and Enterprise-level customers can ask Support to call at a convenient phone number or strike up a conversation with one of our engineers via chat. Enterprise-level customers can have direct access to their dedicated Technical Account Manager. To explore more support plan options, visit AWS Support.


The AWS Support API allows programmatic access to AWS Support and Trusted Advisor for Business and Enterprise Support customers and allows you to integrate your internal error and ticketing systems with AWS Support.

Today, we are enhancing the AWS Support API with the addition of two new features:

- Support for attachments: You can now include file attachments when you create a new case or add communication to an existing case. You create an attachment set and include the AttachmentSetId when you use the CreateCase or AddCommunicationToCase operations.

- Lightweight case monitoring: You now have an option for monitoring the status of your existing cases without retrieving the detailed case communication. The DescribeCases operation now has a Boolean IncludeCommunications parameter that you can set to false if you are interested only in case status or other case metadata.

These new features are available now for Business and Enterprise Support customers, and you can start using them today. For more information about AWS Support and the AWS Support API, see the AWS Support User Guide.