AWS Trusted Advisor provides a real-time guidance to provision resources based on AWS best practices.
Features
- Check your accounts and make recommendations
- reduce cost
- increase performance
- and improve security
- Check the service limits
- Help you to understand best practices
- Workflows
- Run the Trusted Advisor check
- Using the EventBridge rule
- capture and filter the event
- Perform the action
- Lambda function
- Send result to CloudWatch Logs
- Slack notification
- Kinesis Data Stream
- SNS
- SQS
- Lambda function
- The Trust Advisor built-in notification feature
- weekly email notification only
- You need to set up EventBridge rule for quick notification
Use Cases
AWS Trusted Advisor analyzes your account and provide recommendations in the following 6 categories:
- Performance
- Security
- Cost Optimization
- Fault Tolerance
- Operational Excellence
- Service Limits
Support Plans
- Free Checks with Basic Support
- Security
- Security groups – Unrestricted access (0.0.0.0/0) to spicific ports
- S3 bucket polices for public access (bucket-level only)
- EBS Public Snapshots
- MFA on the root account
- Using IAM (at least 1 user)
- RDS public snapshots
- Service Limits
- 80% of service limit reached
- Security
- Checks with Enterprise or Business support
- Full Access
- IAM password policy
- Exposed access keys
- CloudFront content delivery optimization
- Programmatic Access via AWS Support API
- Full Access
Use Cases
Notify Operations managers when the resources reach the service limit:
Automatically stopping EC2 instances with underutilized EBS Volums:
- Create a Lambda function that refreshes AWS Trusted Advisor checks
- Create an EventBridge rule on schedule
- Run the Lambda function
- Create another EventBridge rule filter events from Trusted Advisor
- Notify operations managers via SNS
- Trigger a Lambda function to stop the idle instances
Scriptorium 