Skip to content

Latest commit

 

History

History
50 lines (45 loc) · 2.41 KB

trusted-advisor.md

File metadata and controls

50 lines (45 loc) · 2.41 KB

AWS Trusted Advisor

  • Provides real time guidance to provision resources against AWS best practices
  • It is an account level product, requires no agent to be installed
  • Provides a number of checks and recommendations in 5 major areas:
    • Cost Optimization & Recommendations
    • Performance
    • Security
    • Fault Tolerance
    • Service Limit
  • Trusted Advisor is not a free service, at least if we want to get out the most of it
  • The free version is available if the account has basic or developer support plans
  • The free version provides 7 basic core checks (Remember them for EXAM) :
    • S3 bucket permissions (open access permissions)
    • Security Groups - specific ports unrestricted
    • IAM use
    • MFA on Root Account
    • EBS Public Snapshots
    • RDS Public Snapshots
    • 50 service limit checks: checks the 50 most common service limits and identifies any where we are over 80% of that limit
  • Anything beyond these basic checks requires business or enterprise support plans
  • With business and enterprise support we get further 115 checks
  • We also get access to the AWS Support API
  • AWS Support API allows for programmatic access for AWS support functions:
    • We can get the names and identifiers for the checks AWS offers
    • We can request a Trusted Adviser check runs against accounts and resources
    • Allows to get summaries and detailed information programmatically
    • Allows request for Truster Advisor refresh
  • AWS Support API allows to programmatically open support ticket, and manage them
  • With business and enterprise support we get CloudWatch integration => we can define event driven responses to actions

AWS Support Plans

  • Basic Support:
    • Is included for AWS customers and it is free
    • For Trusted Advisor with this support plan we get 7 core checks (see them above)
  • Developer:
    • For Trusted Advisor we get the same 7 base core checks (see them above)
  • Business:
    • We ge the full set of checks and recommendation
    • We get programmatic access to Trusted Advisor
  • Enterprise:
    • Same as business

Good to Know

  • We can check if an S3 bucket is made public, but we cannot check if objects are public in a bucket. Monitoring this we might use CloudWatch Events/S3 Events instead
  • Service Limits:
    • Limits can only be monitored in Trusted Advisor
    • Cases have to be created manually in AWS Support Centre to increase limits