AWS Trusted Advisor
AWS Trusted Advisor provides recommendations to follow best practices by checking your account. It helps to optimize your AWS account by checking the Fault Tolerance,improve performance and security, reduce cost and monitoring service quotas.
How the Trusted Advisor works
Detailed view of Best practices or recommendations:
Cost Optimiztion — It helps you to reduce the cost by analyse the usage and spended money for services. Ex: un-used resources,idle DB instances,under-utilized EBS volumes, excessive timeout in lambda functions.
Performance — It helps to improve the performance of services by analysing the usage and configurations. Ex: EBS throughput and latency, configurations on cloudfront,
Security — It helps to secure your AWS environment. Ex: securiy group risks, exposed access keys,unnecessary S3 bucket permissions.
Fault Tolerance — improve the reliablity of your AWS services.Ex: auto scaling, disabled availablity zones, deleted health checks on route 53,disabled RDS backups.
Service Quota — used to create more resources in your AWS account. Trusted Advisor will guide you when you reach more than 80% of quota.
Recommendations are grouped into 3 categories. They are “Green” means no problem detected, “Orange” means investigation recommended, “Red” means Action recommended.
The AWS console window may look like this
Organizational view in Trusted Advisor means provides recommendations to follow best practices by checking your management account (organization).
Enabling Organizational View in Trusted Advisor does not provide the same check for all the members in organization.
Refresh the check in Trusted Advisor means Before download the report AWS recommends to refresh all the checks, without refreshing the check you can download the report but it not contain the latest information.
Organizational View Reports means you can create upto 50 reports, if the report exceeds 50, then Trusted Advisor deletes the earliest report.Be sure that you can’t recover the deleted report.
Create Report Filter Options
When you download the report, you can create the filter by specifying download-format basis, Region basis, category basis, Resource status basis. The amount of the time to create the report based on number of accounts in organization and number of resources used in each account. To create another report you should wait for minimum 6 Hours.
Using Identity and Access Management policies to allow users and roles to access organization.
create bucket in Amazon S3 for store the download reports.When you upload the report in S3 you should rename the file.The file extension is .json. Ex: resources-timestamp.json, resources-timestamp2.json.
Use Amazon CloudFormation to create the resources in your account. after upload your report to S3 upload the following YAML template in cloudformation. For more details click here to view full details.
Use Amazon Athena to create queries and analysis the result of the report. Note that you want to specify US East (N. Virginia) region before run the query.
Use Amazon Quick Sight to create and visualize the report as dashboard.
Use Security Hub control feature to find the security vulnerablities in your account. It takes 2 hours for finding the resources and 24 hours for the data appears in Trusted Advisor console. The Organizational view supports the integraated feature of security hub.
Trusted Advisor Priority recommends the best practices to optimize your aws account. These recommendations are prioritizes and comes from aws services ( Trusted Advisor, Security Hub, well Architected) automatically and manually from your team.
For Monitoring and Logging you can use CloudTrail and EventBridge.
AWS Support helps customers on technical issues and additional guidelines to operate their infrastructure on AWS cloud. There are 4 types of plans namely Basic, Business,Enterprise,Enterprise on ramp. Below is the comparison of plans…
AWS Peronal Health Dashboard is the personalized view of health of services and alerts when your resources are impacted.