AWS CloudTrail, a service that captures specific API calls and delivers log files to an Amazon S3 bucket, now includes logging for the AWS Support API. This allows you to track API calls made from the AWS Support console or from your code to the AWS Support APIs. Log information includes the API action, the date and time of the request, and the IP address and user name of the requester. 

For more information, see Logging AWS Support API Calls with AWS CloudTrail.  

A new set of review, guidance and reporting activities have been formalized to help customers prepare, manage, and optimize their cloud operations. Included with the Enterprise support plan, Operations Support enables customers to work with their Technical Account Manager to gain:

- Operational insight: Operations assessments and analysis to identify gaps across the operations lifecycle, as well as recommendations based on best practices.

- Event Reporting: Detailed reporting on customer-impacting events, including AWS remediation steps and recommended customer actions to help mitigate future risk.

Operations Support adds to the growing set of services provided through the Enterprise support plan, focused on the success and continuous service improvement of our customers.

Learn more about Operations Support, as well as the full features and benefits of the Enterprise support plan.

Four new checks have been added to Trusted Advisor to provide recommendations related to Amazon S3, Amazon Redshift, Amazon EC2 Reserved Instances, and security. Additionally, the service limits check now includes IAM. These checks provide further guidance to help provision your resources based on AWS best practices.

  - Amazon S3 Bucket Versioning (New): Checks for Amazon Simple Storage Service buckets that do not have versioning enabled, or have versioning suspended.

  - Underutilized Amazon Redshift Clusters (New): Checks your Amazon Redshift configuration for clusters that appear to be underutilized.

  - Exposed Access Keys (New): Checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key.

  - EC2 Reserved Instance Lease Expiration (New): Checks for Amazon EC2 Reserved Instances that are scheduled to expire within the next 30 days or have expired in the preceding 30 days.

  - Service Limits (Updated): Added Identity and Access Management (IAM) limits to the service limits check, to include items such as number of instance profiles, roles, server certificates, groups, or users in an AWS account.

For more information, as well as descriptions of the full set of checks, visit AWS Trusted Advisor.

Four new checks have been added to Trusted Advisor to provide guidance related to EBS, CloudFront, and IAM access keys, with two updates released for existing S3 and service limit checks. These checks provide additional guidance to help provision your resources to improve system performance and reliability, increase security, and optimize cost.

Checks available to all Trusted Advisor customers:

- Service Limits (Updated): EC2 On-demand Service Limit has been added to the service limit check

Checks available to AWS Support Business and Enterprise plan customers:

- Amazon EC2 to EBS Throughput Optimization (New): Checks for Amazon EBS volumes whose performance might be affected by the maximum throughput capability of the Amazon EC2 instance they are attached to.

- CloudFront Alternate Domain Names (New): Checks CloudFront distributions for alternate domain names with incorrectly configured DNS settings.

- CloudFront SSL Certificate on the Origin Server (New): Checks your origin server for SSL certificates that are expired, about to expire, or that use outdated encryption.

- Amazon S3 Bucket Logging (Updated): A check has been added to identify whether server access logging is enabled for the configuration of Amazon Simple Storage Service (Amazon S3) buckets.

- IAM Access Key Rotation (New): With a best practice to rotate access keys on a regular basis, this check identifies active IAM access keys that have not been rotated in the last 90 days.

For more information on AWS Trusted Advisor and descriptions of the full set of checks, visit AWS Trusted Advisor.

AWS Support announces two new AWS Trusted Advisor checks that offer best practices for using CloudFront, focusing on security enhancement and performance improvement:

- CloudFront Header Forwarding and Cache Hit Ratio (Performance category): Checks for HTTP request headers that CloudFront forwards to the origin that might significantly reduce the cache hit ratio and increase the load on the origin.

- CloudFront Custom SSL Certificates in the IAM Certificate Store (Security category): Checks for SSL certificates for CloudFront alternate domain names in the IAM certificate store that are expired, will soon expire, use outdated encryption, or are not configured correctly for the distribution.

For more information on Trusted Advisor and descriptions of all 43 checks, visit AWS Trusted Advisor.

    

AWS Support announces four new AWS Trusted Advisor checks that offer best practices for using Elastic Load Balancing (ELB), focusing on security and fault tolerance:

- ELB Connection Draining (Fault Tolerance category): Checks for load balancers that do not have connection draining enabled. When connection draining is enabled, the load balancer keeps the connection open until active requests have been served.

- Cross-Zone Load Balancing (Fault Tolerance category): Checks for load balancers that do not have cross-zone load balancing enabled. Cross-zone load balancing makes it easier to deploy and manage applications across multiple Availability Zones.

- ELB Listener Security (Security category): Checks for load balancers with listeners that do not use recommended security configurations: a secure protocol, the latest version of a predefined security policy, and only recommended ciphers and protocols.

- ELB Security Groups (Security category): Checks for load balancers configured with a missing security group or a security group that allows access to ports that are not configured for the load balancer. This helps to make sure the load balancer works as expected and reduces the risk of loss of data or malicious attacks.

For more information on Trusted Advisor and descriptions of all 41 checks, visit AWS Trusted Advisor.

    

AWS Trusted Advisor is pleased to announce the expanded availability of the Action Link feature. Action links are hyperlinks to the AWS Management Console, where you can take action on the Trusted Advisor recommendations. Action links were introduced in July 2014 on a limited number of checks. Action links are now available on all checks where links are supported by the relevant service.

For example, the Amazon EBS Snapshots check lists Amazon EBS volumes whose snapshots are missing or more than 7 days old. In each row of the report, the volume ID is a hyperlink to that volume in the Amazon EC2 console, where you can take action to create a snapshot with just a couple of clicks. To try out the new feature, visit Trusted Advisor today!