Trusted Advisor is an AWS service that delivers real-time directions to help you review, provision and manage your cloud resources according to AWS best practices. Trusted Advisor is your virtual cloud expert to implement best AWS practices.
The Trusted Advisor is a vital part of the AWS Management Console. AWS engineers have standardized the UI to unravel route and to make it considerably less demanding for you to learn and to follow up on recommendations and to examine through proposals that you never again wish to see.
Areas of Recommendations
1. Cost Optimization
Suggestions that can possibly save money by emphasizing idle resources and opportunities to decrease your bill.
2. Security
Recommendations for better security implementation to have risk free and secure AWS services.
3. Fault Tolerance
Suggestions to improve availability of AWS services and Infrastructure.
4. Performance
Recommendations to have better output and productivity in usage of AWS services.
5. Service Limits
Recommendations to identify limit criteria related AWS services.
Core Checks
All AWS customer has access to seven core Trusted Advisor checks, suggestions and recommendations to assist with observing the security and performance of their AWS environment. These seven checks are:
• S3 Bucket Permissions
• Security Groups – Specific Ports Unrestricted
• IAM Use
• MFA on Root Account
• EBS Public Snapshots
• RDS Public Snapshots
• Service Limits
For companies hosted on AWS, Trusted Advisor is a service that can be considered an integral component of any security and compliance program. There are numerous security checks, including core checks and extra checks accessible under the business or enterprise support plans, which should be checked on a recurrent basis, as they deliver understanding into important security best practices.
General Checks
Trusted Advisor also checks following areas in AWS:
• Amazon EC2 Reserved Instances Optimization
• Amazon Route 53 Latency Resource Record Sets
• Low Utilization Amazon EC2 instances
• Check the password policy for your account and receive warnings when a password policy is not enabled, or if password content requirements have not been met.
• Underutilized Amazon Redshift Clusters
• Unassociated Elastic IP Addresses
• Check for load balancers with listeners that do not use recommended security configurations for encrypted communication.Idle Load Balancers
• Underutilized Amazon EBS Volumes
• Amazon EC2 Reserved Instance Lease Expiration
• Check for your use of AWS CloudTrail
• Check security group configurations for Amazon Relational Database Service (RDS) and warn when a Security Group rule might grant overly permissive access to your database.
• Recommends that if you anticipate exceeding a service limit, open a case in Support Center to request a limit increase.
• Amazon RDS Idle DB Instances