1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. An Overview of AWS Trusted Advisor

Course Summary

The course is part of these learning paths

DevOps Engineer – Professional Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 18 quiz-steps 2 description 3
Solutions Architect – Professional Certification Preparation for AWS
course-steps 45 certification 6 lab-steps 19 quiz-steps 5 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 34 certification 5 lab-steps 30 quiz-steps 4 description 5
Security - Specialty Certification Preparation for AWS
course-steps 22 certification 2 lab-steps 12 quiz-steps 5
more_horiz See 1 more


Start course
star star star star star-half


Course Description:

Trying to ensure that your AWS infrastructure remains optimized at all times can be a daunting task.  By the very nature of AWS, your infrastructure is likely to be very fluid with the different resources used across your entire AWS account.  As this infrastructure grows within your organization, the management of it can get harder and harder.  How can you ensure that you are deploying your resources in the best way to ensure your costs are kept low, you're not over or under-provisioning instances, that your security is tight and that you are implementing the correct level of resiliency should a failure occur? The simple answer would be to use AWS Trusted Advisor.

The main function of AWS Trusted Advisor is to recommend improvements across your AWS account to help optimise and hone your environment based on AWS best practices. These recommendations cover four distinct categories:
Cost optimization - which helps to identify ways in which you could optimise your resources
Performance - this scans your resources to highlight any potential performance issues across multiple services
Security - this category analyses your environment for any potential security weaknesses or vulnerabilities
Fault Tolerance - which suggests best practices to maintain service operations by increasing resiliency, should a fault or incident occur across your resources

This course dives into the service to explain how it works and how you can use it to benefit your AWS account 

Learning Objectives

  • Understand the purpose and benefits of AWS Trusted Advisor
  • Learn how to navigate the AWS Trusted Advisor Console
  • Understand how to use AWS Trusted Advisor to optimize your AWS resources and account
  • Understand how to take actionable steps with AWS Trusted Advisor to improve your AWS infrastructure
  • Learn how to configure different methods of granting access to AWS Trusted Advisor using IAM policies
  • Understand how Amazon CloudWatch can monitor and react to changes within AWS Trusted Advisor

Intended Audience

This course would be of benefit to:

  • Security Professionals & Security Auditors
  • Systems Engineers and Administrators
  • CIO, CTO, IT Managers & Technical Business Leads
  • Compliance Managers
  • Anyone looking to learn more about AWS Security


I recommend that you have a basic understanding and awareness of AWS and common services. It would also be advantageous if you have an understanding of IAM Policies, although this is not essential

This course includes

  • 6 lectures
  • 3 demonstrations


If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.


Hello, and welcome to this short lecture, where I want to summarize some of the key elements of what we have covered for this course.

I started off by explaining what the service is and does, and here I explain that it can be found within the Management Tools category in the Management Console. The main function of Trusted Advisor is to recommend improvements across your AWS account, to help optimize your environment based on AWS best practices. Trusted Advisor focuses on four categories, with a list of best practice checks in each. Cost optimization, performance, security, and fault tolerance. There are currently 50 plus different checks between the different categories.

Your list of checks are very dependent on your AWS support plan. And Business and Enterprise support can take full advantage of all the checks available. All other AWS accounts only have access to six free core checks. These being, service limits, Security Groups Specific Ports Unrestricted, Amazaon EBS Public Snapshots, Amazon RDS Public Snapshots, IAM Use, and MFA on root account.

There are a number of useful features within Trusted Advisor these being Trusted Advisor Notifications. This tracks your resource check changes and cost saving estimates over the course of a week, and e-mails you a report. Exclude Items: This allows you to select specific resources to be excluded from appearing in the console within a specific check. Action Links: Action Links lead you on to remediate any issues identified. Access Management: Using IAM you can grant different levels of access to Trusted Advisor. And Refresh: You can perform a manual refresh five minutes after the previous refresh against either individual checks or against all checks.

Following this I focused on reviewing checks and taking the appropriate action. This lecture included a demonstration where I provided an overview of the Dashboard and performed the following steps: I looked at the Dashboard itself. I drilled down into the Trusted Advisor Checks. I identified and rectified the issues that were displayed. I refreshed the Trusted Advisor Checks to ensure the issues had been resolved. And I downloaded the status of the checks as an Excel file for offline review. Also provided an overview of the six core checks.

Following this lecture I focused on how to control access to Trusted Advisor, by demonstrating how to create a number of different IAM policies that could be used to grant access based on the following level of privileges: Full Access, Read Only access, access to specific categories, access to specific checks, and access to specific actions within Trusted Advisor.

Finally I covered how you can use Amazon CloudWatch to monitor and react to changes within AWS Trusted Advisor. Using CloudWatch Events, I performed a demonstration that showed you how to create a new rule within events of CloudWatch, with an associated SNS target.

That has now brought me to the end of this lecture, and to the end of this course. You should now have a greater understanding of what AWS Trusted Advisor is and does, and how you can use it within your environment to optimize your infrastructure. It is a powerful tool, especially if you do have a business or enterprise support plan, to fully maximize its potential.

If you have any feedback on this course, positive or negative please do leave a comment on the Course Landing Page. We do look at the comments and your feedback is greatly appreciated.

Thank you for your time, and good luck with your continued learning of Cloud computing.

Thank you.

About the Author

Learning paths34

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.

To date Stuart has created over 40 courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.