AWS: Trusted Advisor

One of the common pitfalls when transitioning to Cloud environment is having to worry over several factors like if your current Cloud architecture if it is efficient and performing well, is your current utilized services are cost optimized and if your current design is well suited for today’s security standards. One of the services that AWS is offering is the so called Trusted Advisor. In this article I will briefly discussed on what is it all about and how we can leverage it to our advantage.

What is AWS Trusted Advisor?

AWS Trusted Advisor is a service that examines all of the resources in your AWS account and recommends changes to bring them into compliance with AWS best practices.

When you initially start using AWS, keeping track of what you have operating is quite simple; but, as your account footprint expands, sub-optimal scenarios in terms of cost management and performance may emerge that go unreported.

Orphaned resources, unused or obsolete snapshots, storage volumes that are no longer in use, resources that are not tied to instances, and the list goes on, all of which are costing your company money. It’s also possible that you’ve configured resources that aren’t optimized for security, performance, or fault tolerance.

By identifying cost savings, Trusted Advisor has saved AWS clients significant amount of money in unnecessary cloud spending. Over provisioned instance sizes or underutilized resources like EBS volumes are common examples. The mechanism utilized by the trusted adviser to produce the savings is to eliminate wasted resources, offer more efficient configurations, and right-size computation and storage.

Benefits of AWS Trusted Advisor

The AWS Trusted Advisor focuses on 5 different areas when analyzing your current AWS services that you are using:

Cost Optimizing

By assessing usage, settings, and spend, Trusted Advisor may help you save money with practical advice. Idle RDS DB instances, unused EBS volumes, unassociated Elastic IP addresses, and excessive timeouts in Lambda operations are just a few examples that the Trusted Advisor can analyze for you.


By studying usage and settings, Trusted Advisor can assist enhance the performance of your services by providing actionable advice.
Analyzing EBS traffic and latency, compute utilization of EC2 instances, and CloudFront setups are just a few examples.


By recommending core security best practices curated by security experts, Trusted Advisor may assist improve the security of your AWS environment.
Identifying RDS security group access risk, exposed access keys, and unneeded S3 bucket permissions are just a few examples.

Fault Tolerance

Trusted Advisor can assist you in increasing the dependability of your services.
Examining Auto scaling EC2 groups, deleting health checks on Route 53, disabling Availability Zones, and disabling RDS backups are just a few examples.

Service Limits

The maximum amount of resources you can generate in an AWS account is determined by service quotas. AWS uses quotas to offer all customers with highly available and dependable service while also protecting you from unintended spending. When you exceed more than 80% of a service quota, Trusted Advisor will notify you. You can then eliminate resources or seek a quota increase based on the recommendations.

How it Works?

Trusted Advisor works by aggregating the best practices acquired from supporting hundreds of thousands of AWS customers which are included into it. When possibilities to save money, improve system availability and performance, or help eliminate security vulnerabilities occur, Trusted Advisor inspects your AWS infrastructure and gives recommendations.

There are about 115 separate checks between the five categories at the time of writing this course. Please note that the number of these checks is continually changing, so please visit this link for the latest up-to-date data.

Support Plans for AWS Trusted Advisor

Although Trusted Advisor may run many of these tests, not all of them are publicly available to anyone with an AWS account. The set of checks you have access to is heavily influenced by the support agreement you have with AWS.

Only AWS Business or Enterprise Support Plans provide you access to the full power and potential of AWS Trusted Advisor. You will only have access to 6 core security checks and all Service Limits if you do not have one of these plans.

The following are the six security checks:

  • Permissions for S3 buckets
  • Specific Ports Unrestricted – Security Groups
  • Snapshots from the EBS
  • Snapshots from the RDS
  • IAM Use
  • MFA on the main account

Features for Enterprise and Business Plan

Trusted Advisor Notifications – This is an opt-in or opt-out option that is available to everyone and may be configured in the Trusted Advisor console’s preferences pane. It keeps track of your resource check changes and cost savings predictions for a week and then sends a report to up to three recipients for billing, operations, and security notifications.

Exclude Items – This option allows you to choose which resources should not appear in the console during a given check. You might want to do this if you don’t care about the reporting for that particular resource and wish to keep it out. If you change your mind, you can elect to include it again at any time. By removing some resources from the console, this feature can make reading and managing your checks easier.

Action Links – Many of the things detected in the Checks against resources have hyperlinks connected with them; these are known as Action Links, and they offer easy access to the resource in question, allowing you to resolve the issue. The ‘VPC’ Service Limit Check, for example, would identify an issue if you surpassed 80% of the number of VPCs within a Region. The resource’s Action Link will take you to an AWS Support Center page where you can file a case to expand the number of VPCs you can have in a single region.

Access Management – Is intimately linked with AWS Trusted Advisor. You can give Trusted Advisor various levels of access, such as Full Access, Read Only, or even restrict access to certain Categories, Checks, and Actions. The following IAM policy, for example, grants access to AWS Trusted Advisor but prevents the user from refreshing or changing notification choices.

Refresh – If the data in Trusted Advisor is more than 24 hours old when you examine it in the console, it will be immediately refreshed. You can, however, execute a manual refresh 5 minutes after any refresh.
You have the option of refreshing individual checks or all checks.

Sample Report for AWS Trusted Advisor

Above is an actual snapshot of my basic/free account in AWS which was mentioned earlier that I have access only on Service Limits as well as Security checks like account security and AWS service securities but with limitations.

Above snapshot is the Recommended actions based on your Dashboard report from AWS Trusted Advisor, one specific Account security example is turning on the Multi-Factor Authentication for your root account. Another example above is the Specific ports are unrestricted like port 80, 25 and 443.


In this article we’ve managed to discuss the overview of AWS Trusted Advisor, it’s main features, the applicable subscriptions based on usage and a sample actual data from a basic account perspective on what are the actual checks being conducted by AWS Trusted Advisor.

Happy Coding 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s