The AWS (Amazon Web Services) Trusted Advisor provides recommendations for security and infrastructure optimization. These recommendations help you follow AWS best practices, so you can reduce costs, improve security, enhance performance, and optimize your infrastructure.
You can follow the AWS Trusted Advisor to optimize your resources and services. Every AWS user has access to the Trusted Advisor core checks and recommendations. There are recommendations for the following categories:
You can rely on the Trusted Advisor to improve your cloud environment in the above categories.
The Trusted Advisor performs the following checks to enhance your security:
The AWS Trusted Advisor searches for S3 buckets with open access permissions. These buckets often result in higher charges, as objects in them access at a higher frequency.
Also, buckets that permit upload/delete access can lead to various security vulnerabilities, as unauthorized users can add, modify, or remove objects.
The S3 bucket permissions check also examines associated bucket policies that may override existing permissions.
The Trusted Advisor monitors and notifies organizations of any permissive access to EC2 Instances. It checks security group rules that allow unrestricted access to specific ports (0.0.0.0/0).
The AWS Trusted Advisor scans the root account to identify whether multi-factor authentication (MFA) is enabled. Accounts without MFA are easy to compromise and can be the gateway for attackers.
This check examines how you use Identity and Access Management (IAM). It checks if you are using account-level credentials to control access to your AWS resources. Upon checking, it recommends security best practices such as creating roles, groups, and users to control access to resources.
AWS Trusted Advisor helps you protect crucial business data by monitoring your RDS and EBS. It provides alerts upon detecting any public snapshot or RDS or EBS Data. A public snapshot is available to all users and accounts.
Trusted Advisor identifies the snapshot and alerts you in real-time so you can investigate it.
The CloudTrail logs information for all activity in your AWS account. These logs help you determine the activities of each particular user, on which resources, and at what time. These logs files deliver to an S3 bucket, which CloudTrail should have written permissions for. The Trusted Advisor checks if there are trials (configurations for delivering log files to S3) are enabled.
Here are some of the checks the AWS Trusted Advisor performs to help optimize your costs:
The Trusted Advisor provides recommendations on how to use Reserved Instances (RIs) to reduce cloud spending. It analyzes your On-Demand usage and categorizes them for reservations. Also, it stimulates different combinations of the reservation to identify optimization opportunities.
The Trusted Advisor checks how you configure your RDS, and if there are any idle Instances. It recommends deleting ant RDS Instances that have been idle, helping cut costs.
The Trusted Advisor alerts you of any underutilized EC2 Instances (with CPU utilization of below 10%. You can then manage the size and number of Instances to reduce hourly usage charges.
The Trusted Advisor service limit check allows you to monitor resource usage and how close you are to reaching your service limits. It’s an essential part of managing deployments in AWS. Once you reach the service limit, you can request an increase or shut down the resources before you reach the limit.
Once a service limit is about to be reached, the AWS Trusted Advisor sends notifications via Slack or email, which enables you to request a quota increase or shut down immediately.
The AWS Trusted Advisor provides recommendations on run fault-tolerant systems that can remain in operation in the event of failures.
The Trusted Advisor recommends the distribution of EC2 Instances across different Availability Zones in a region. Since the failure in one Availability Zone doesn’t affect the other, you can protect a single point of failure by launching in multiple zones in the same region.
Other ways in which the Trusted Advisor ensure fault tolerance include:
The AWS Trusted Advisor allows you to optimize the performance of your cloud environment by checking your service quotas and providing recommendations where necessary. Optimization of services allows you to take detect any unused resources, monitor for overutilized instances, and utilize provisioned throughput.
While these are the core checks and recommendations, there are over 60 additional checks that you can perform. It’s best to determine how many Trusted Advisor checks are available for your cloud.
The AWS Trusted Advisor is a robust service that can help you run an optimized cloud environment. With this service, you can minimize cost, run fault-tolerant services, optimize performance in your AWS, and more.
At nOps, we provide advanced monitoring capabilities to help you monitor AWS. nOps has a wide range of capabilities, including cost optimization, change management, security enhancement, and more.