AWS Trusted Advisor is your customized cloud expert! It helps you to observe best practices for the use of AWS by
inspecting your AWS environment with an eye toward saving money, improving system performance and reliability,
and closing security gaps. Since we launched Trusted Advisor in 2013, our customers have viewed over
1.7 million best-practice recommendations for cost optimization, performance improvement, security, and fault
tolerance and have reduced their costs by about 300 million dollars.
Today I have two big pieces of news for all AWS users. First, we are making a set of four Trusted Advisor
best practices available at no charge. Second, we are moving the Trusted Advisor into the AWS Management Console.
Four Best Practices at no Charge
The following Trusted Advisor checks are now available to all AWS users at no charge:
Service Limits Check – This check inspects your position with regard to
the most important service limits for each AWS product. It alerts you when you using
more than 80% of your allocation resources such as EC2 instances and EBS volumes.
Security Groups – Specific Ports Unrestricted Check – This
check will look for and notify you of overly permissive access to your EC2
instances and help you to avoid malicious activities such as hacking, denial-of-service attacks, and
loss of data.
IAM Use Check – This check alerts you if you are using
account-level credentials to control access to your AWS resources instead of
following security best practices by creating users, groups, and
roles to control access to the resources.
MFA on Root Account Check – This check recommends
the use of multi-factor authentication (MFA), to improve security by
requiring additional authentication data from a secondary device.
You can subscribe to the Business or Enterprise level of
AWS Support in order to gain access to
the remaining 33 checks (with more on the way).
Trusted Advisor in the Console
The Trusted Advisor is now an integral part of the AWS Management Console.
We have fine-tuned the user interface to simplify navigation and to make it even easier
for you to find and to act on recommendations and to filter out recommendations that you no longer
want to see.
Let’s take a tour of the Trusted Advisor, starting
from the Dashboard. I can see a top-level summary of all four categories of checks at a glance:
Each category actually contains four distinct links. If I click on the large icon associated with each
category I can see a summary of the checks without regard to their severity or status. Clicking on the
smaller green, orange, or red icons will take you to items with no problems, items where investigation
is recommended, and items where action is recommended, respectively. It looks like I have room for some
improvements in my fault tolerance:
I can use the menu at the top to filter the checks (this is equivalent to using the green, orange, and
If I sign up for the Business or Enterprise level of support, I can
also choose to tell Trusted Advisor to selectively exclude certain
resources from the checks. In the following case, I am running
several Amazon Relational Database Service (RDS) instances without Multi-AZ. They are test databases
and high-availability isn’t essential so I can exclude them from the
I can also download the results of each check for further analysis or distribution:
I can even ask Trusted Advisor to send me a status update each week:
With the introduction of the console, we are also introducing a new, IAM-based model to control access to
the results of each check and the actions associated with them in the console. To learn more about this
important new feature, read about
Controlling Access to the Trusted Advisor Console.
As always (I never get tired of saying this), these new features are available now and you can start using them today!