AWS Trusted Advisor now helps you better secure your data by alerting you whenever AWS Trusted Advisor detects a public snapshot of your Amazon EBS or Amazon RDS data.

For example, if an Amazon EBS volume snapshot is made public, AWS Trusted Advisor will identify that public snapshot and provide you with an alert so that you can investigate whether it was done intentionally.

These new checks are available to all AWS customers at no additional charge. Business and Enterprise support customers can use these new checks to enable automated actions via Trusted Advisor’s integration with CloudWatch Events

For more information about AWS Trusted Advisor, visit Trusted Advisor Best Practices (Checks).

The Trusted Advisor Service Limits check now provides visibility into additional utilization and limits across the following services, giving you the ability to more easily interpret your consumption of AWS resources:

Relational Database Service (RDS)
Subnet groups
Subnets per subnet group
Reserved Instances
Option groups
Event subscriptions
Cluster parameter groups
Cluster roles

Identity and Access Management (IAM)


For a complete list of the limits that Trusted Advisor checks, see the Trusted Advisor FAQs.

In addition, Trusted Advisor has added three new checks:

Amazon Aurora DB Instance Accessibility
Checks that your Aurora DB cluster has both private and public instances to help you ensure that your deployments are fault tolerant.

EC2Config Service for EC2 Windows Instances
Checks the EC2Config service for Amazon EC2 Windows instances and alerts you if the EC2Config agent is out of date or configured incorrectly.

PV Driver Version for EC2 Windows Instances
Checks the version of the PV driver for Amazon EC2 Windows instances and alerts you if the driver is not up to date.

The updated service limit check is available to all AWS customers. The Aurora DB Instance Accessibility, EC2Config Service, and PV Driver Version checks are available to Business and Enterprise support customers in the Fault Tolerance category.

For more information about Trusted Advisor, see AWS Trusted Advisor and Trusted Advisor Best Practices.

You can now receive notification and remediation guidance when AWS is experiencing events that may impact you. Available to all AWS customers, AWS Personal Health Dashboard provides a personalized view into the performance and availability of the AWS services you are using, as well as alerts that are automatically triggered by changes in the health of those services.

In addition to event-based alerts, Personal Health Dashboard provides proactive notifications of scheduled activities, such as any changes to the infrastructure powering your resources, enabling you to better plan for events that may affect you. These notifications can be delivered to you via email or mobile for quick visibility, and can always be viewed from within the AWS Management Console.

When you get an alert, it includes detailed information and guidance, enabling you to take immediate action to address AWS events impacting your resources. In addition to Personal Health Dashboard, we have launched the AWS Health API, available to Business and Enterprise Support plan customers, that enables seamless integration with your existing in-house or third party IT Management tools.

Learn more about AWS Personal Health Dashboard, or view your dashboard today.

You can now create configurable, rule-based events for notifications and automated actions based on AWS Trusted Advisor’s library of best-practice checks using Amazon CloudWatch Events. With this new integration, you can now more easily build workflows and processes that are triggered by the status of individual Trusted Advisor checks.

Events can trigger a variety of actions - AWS Lambda functions, Amazon Kinesis streams, Amazon SQS queues, CloudWatch built-in targets, and Amazon SNS topics – and can be reconfigured at any time. Learn more about Monitoring Trusted Advisor Check Results with Amazon CloudWatch Events

The full set of Trusted Advisor checks, including CloudWatch Events integration, is available to Business and Enterprise support plan customers.

Learn more about AWS Trusted Advisor and Amazon CloudWatch Events.

Enterprise Support customers now have access to a Well-Architected Review for business critical workloads. This review, delivered by an AWS Solutions Architect, provides guidance and best practices to help you design reliable, secure, efficient, and cost-effective systems in the cloud.

As a complement to the Cloud Operations review, Well-Architected Reviews add to the growing set of resources available to Enterprise Support customers to help optimize how you build and operate on AWS.

Learn more about these reviews and all of the benefits of Enterprise Support.

Enterprise Support customers will now have access to self-paced labs provided through an AWS training partner. These labs provide a hands-on learning environment based on real-world scenarios.

Through this entitlement, customers receive 500 credits annually, with a 30% discount on additional credits.

Learn more about self-paced training, and all of the benefits of Enterprise Support.

Three new checks have been added to Trusted Advisor that will identify and provide recommendations on your Direct Connect settings that can help you ensure redundancy in the event of device or location loss of connectivity.

- AWS Direct Connect Connection Redundancy: Checks for regions that have only one AWS Direct Connect connection.

- AWS Direct Connect Location Redundancy: Checks for regions with one or more AWS Direct Connect connections and only one AWS Direct Connect location.

- AWS Direct Connect Virtual Interface Redundancy: Checks for virtual private gateways with AWS Direct Connect virtual interfaces (VIFs) that are not configured on at least two AWS Direct Connect connections.

For more information on AWS Trusted Advisor and descriptions of the full set of checks, visit AWS Trusted Advisor.

A new pricing model for our Developer Support plan has been launched, reducing the entry cost from $49 per month to $29 per month, while providing the same level of customer service and support. As of July 26th, 2016 all new AWS accounts subscribing to the Developer Support plan will receive the new pricing, set at the greater of $29 or 3% of monthly AWS spend.

Learn more about the Developer Support plan, and compare all of the features and benefits available from AWS Support

Customers can now more easily identify opportunities to optimize their AWS infrastructure with Trusted Advisor. With tagging support enabled, customers can filter Trusted Advisor reports using existing resource tags, and view best practice recommendations based on the context of their applications or workloads. AWS resources are often shared across multiple solutions, and tag-based views provide customers the ability to optimize based on the unique attributes of each workload.

Learn more about tagging support, and the full set of best practice recommendation available with Trusted Advisor.

AWS CloudTrail, a service that captures specific API calls and delivers log files to an Amazon S3 bucket, now includes logging for the AWS Support API. This allows you to track API calls made from the AWS Support console or from your code to the AWS Support APIs. Log information includes the API action, the date and time of the request, and the IP address and user name of the requester. 

For more information, see Logging AWS Support API Calls with AWS CloudTrail.  

A new set of review, guidance and reporting activities have been formalized to help customers prepare, manage, and optimize their cloud operations. Included with the Enterprise support plan, Operations Support enables customers to work with their Technical Account Manager to gain:

- Operational insight: Operations reviews and analysis to identify gaps across the operations lifecycle, as well as recommendations based on best practices.

- Event Reporting: Detailed reporting on customer-impacting events, including AWS remediation steps and recommended customer actions to help mitigate future risk.

Operations Support adds to the growing set of services provided through the Enterprise support plan, focused on the success and continuous service improvement of our customers.

Learn more about Operations Support, as well as the full features and benefits of the Enterprise support plan.

Four new checks have been added to Trusted Advisor to provide recommendations related to Amazon S3, Amazon Redshift, Amazon EC2 Reserved Instances, and security. Additionally, the service limits check now includes IAM. These checks provide further guidance to help provision your resources based on AWS best practices.

  - Amazon S3 Bucket Versioning (New): Checks for Amazon Simple Storage Service buckets that do not have versioning enabled, or have versioning suspended.

  - Underutilized Amazon Redshift Clusters (New): Checks your Amazon Redshift configuration for clusters that appear to be underutilized.

  - Exposed Access Keys (New): Checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key.

  - EC2 Reserved Instance Lease Expiration (New): Checks for Amazon EC2 Reserved Instances that are scheduled to expire within the next 30 days or have expired in the preceding 30 days.

  - Service Limits (Updated): Added Identity and Access Management (IAM) limits to the service limits check, to include items such as number of instance profiles, roles, server certificates, groups, or users in an AWS account.

For more information, as well as descriptions of the full set of checks, visit AWS Trusted Advisor.

Four new checks have been added to Trusted Advisor to provide guidance related to EBS, CloudFront, and IAM access keys, with two updates released for existing S3 and service limit checks. These checks provide additional guidance to help provision your resources to improve system performance and reliability, increase security, and optimize cost.

Checks available to all Trusted Advisor customers:

- Service Limits (Updated): EC2 On-demand Service Limit has been added to the service limit check

Checks available to AWS Support Business and Enterprise plan customers:

- Amazon EC2 to EBS Throughput Optimization (New): Checks for Amazon EBS volumes whose performance might be affected by the maximum throughput capability of the Amazon EC2 instance they are attached to.

- CloudFront Alternate Domain Names (New): Checks CloudFront distributions for alternate domain names with incorrectly configured DNS settings.

- CloudFront SSL Certificate on the Origin Server (New): Checks your origin server for SSL certificates that are expired, about to expire, or that use outdated encryption.

- Amazon S3 Bucket Logging (Updated): A check has been added to identify whether server access logging is enabled for the configuration of Amazon Simple Storage Service (Amazon S3) buckets.

- IAM Access Key Rotation (New): With a best practice to rotate access keys on a regular basis, this check identifies active IAM access keys that have not been rotated in the last 90 days.

For more information on AWS Trusted Advisor and descriptions of the full set of checks, visit AWS Trusted Advisor.

AWS Support announces two new AWS Trusted Advisor checks that offer best practices for using CloudFront, focusing on security enhancement and performance improvement:

- CloudFront Header Forwarding and Cache Hit Ratio (Performance category): Checks for HTTP request headers that CloudFront forwards to the origin that might significantly reduce the cache hit ratio and increase the load on the origin.

- CloudFront Custom SSL Certificates in the IAM Certificate Store (Security category): Checks for SSL certificates for CloudFront alternate domain names in the IAM certificate store that are expired, will soon expire, use outdated encryption, or are not configured correctly for the distribution.

For more information on Trusted Advisor and descriptions of all 43 checks, visit AWS Trusted Advisor.