Management of AWS Trusted Advisor
The course is part of these learning pathsSee 1 more
Trying to ensure that your AWS infrastructure remains optimized at all times can be a daunting task. By the very nature of AWS, your infrastructure is likely to be very fluid with the different resources used across your entire AWS account. As this infrastructure grows within your organization, the management of it can get harder and harder. How can you ensure that you are deploying your resources in the best way to ensure your costs are kept low, you're not over or under-provisioning instances, that your security is tight and that you are implementing the correct level of resiliency should a failure occur? The simple answer would be to use AWS Trusted Advisor.
The main function of AWS Trusted Advisor is to recommend improvements across your AWS account to help optimize and hone your environment based on AWS best practices. These recommendations cover four distinct categories:
- Cost Optimization - which helps to identify ways in which you could optimize your resources
- Performance - this scans your resources to highlight any potential performance issues across multiple services
- Security - this category analyses your environment for any potential security weaknesses or vulnerabilities
- Fault Tolerance - which suggests best practices to maintain service operations by increasing resiliency, should a fault or incident occur across your resources
This course dives into the service to explain how it works and how you can use it to benefit your AWS account.
- Understand the purpose and benefits of AWS Trusted Advisor
- Learn how to navigate the AWS Trusted Advisor Console
- Understand how to use AWS Trusted Advisor to optimize your AWS resources and account
- Understand how to take actionable steps with AWS Trusted Advisor to improve your AWS infrastructure
- Learn how to configure different methods of granting access to AWS Trusted Advisor using IAM policies
- Understand how Amazon CloudWatch can monitor and react to changes within AWS Trusted Advisor
This course would be of benefit to:
- Security Professionals & Security Auditors
- Systems Engineers and Administrators
- CIO, CTO, IT Managers & Technical Business Leads
- Compliance Managers
- Anyone looking to learn more about AWS Security
This Course Includes
- 6 lectures
- 3 demonstrations
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
Hello and welcome to this lecture. What is AWS Trusted Advisor? Where I'm going to explain what the service is and does and the different elements that make up this service.
So this is the service that has been within the AWS service library since 2013 and it plays an integral part in helping and aiding you to optimize your infrastructure across a number of key areas. The service itself can be found within the AWS Management console under Management Tools. Alongside services such as AWS Config, AWS CloudTrail, and Amazon CloudWatch, etc. The main function of Trusted Advisor is to recommend improvements across your AWS account to help optimize and hone your environment based on AWS best practices. These recommendations cover four distinct categories.
- Cost optimization, which helps to identify ways in which you could optimize your resources to save money.
- Performance. This scans your resources to highlight any potential performance issues across multiple services.
- Security. This category analyzes your environment for any potential security weaknesses or vulnerabilities.
- And fault tolerance. Which suggests best practices to maintain service operations by increasing resiliency should a fault or incident occur across your resources.
Within each of these four categories, Trusted Advisor has a list of checks based on AWS best practices. And it will use these checks to see how your account resources and architecture is implemented to determine if you're aligned with them or not. So it essentially acts as an automatic auditor across your account which can save you money, increase the efficiency of your resources, maintain a tighter and more secure environment, and help to ensure your resources remain operational should a failure occur.
Between the four categories and at the time of writing this course, there are over 50 different best practices that the service checks your resources against. Although there are a lot of these checks that Trusted Advisor can perform, not all of them are freely available to anyone with an AWS account. The list of checks that you have access to is very dependent on the support agreement you hold with AWS. The full power and potential of AWS Trusted Advisor is only really available if you have a business or enterprise support plan with AWS. Without either of these plans, then you will only have access to six core checks that are freely available to everyone. These free core checks are split between the performance and security categories, with the majority of them being related to security.
The six checks are as follows. Service limits, under the performance category. And then within the security category, we have security groups, specific ports unrestricted, Amazon EBS Public Snapshots, Amazon RDS Public Snapshots, IAM Use, and MFA on root account. Now if you compare this list to the full list of checks that are included with business and enterprise support plans you will see that this list can provide a huge wealth of valuable information to help you optimize your infrastructure.
In addition to these extra checks that these support plans offer, you will also get the additional benefit of being able to administer certain functions of Trusted Advisor using the AWS Support API. Such as retrieve, and refresh Trusted Advisor results. Also, you will have the added advantage of being able to track the most recent changes to your AWS account by bringing them to the top of your AWS Trusted Advisor dashboard.
There are also a number of other features that everyone has access to. Including those outside of the enterprise and business support plans.
These being Trusted Advisor notifications. This is is an opt-in or opt-out feature which is completely free to everyone, and can be configured within the preferences pane of the Trusted Advisor console. It tracks your resource check changes and cost saving estimates over the course of a week. And it will then email up to three recipients containing those details within a report.
Exclude items. This allows you to select specific resources to be excluded from appearing in the console within a specific check. You may want to do this if you are not interested in the reporting for that particular resource, and so you decide to exclude it. You can decide to include it again at any point if you do change your mind. This feature can make viewing and managing your checks easier by eliminating some resources within the console.
Action links. Many of the items identified within the checks against resources have hyperlinks associated. These are known as action links, which then lead you on to remediate the issue identified. For example, if you reached 80% of the number of VPCs within a region, the service limit check would highlight this as an issue. The action link against the resource would lead you to an AWS support center page to create a case to increase the quantity of VPCs you are allowed within a single region. Access management.
AWS Trusted Advisor is tightly integrated with Identity and Access Management by AM. You can grant different levels of access to Trusted Advisor including full access, read-only, or even restrict access down to a specific categories, checks and actions.
Refresh. The data within Trusted Advisor is automatically refreshed if the data is more than 24 hours old when you view it within the console. However, after any refresh, you can perform a manual refresh five minutes after the previous refresh. You can either choose to perform a refresh against individual checks, or against all the checks.
Before I finish this lecture, I just want to give a high level overview of how Trusted Advisor works in a few simple steps. Once you connect to AWS Trusted Advisor, the service will scan your infrastructure. It will then compare the state of your infrastructure against best practices defined within the four categories of cost optimization, security, performance, and fault tolerance. The output of this scan can generate a number of recommendations of how your infrastructure could be optimized. This then allows you to optimize your resources based on the recommendations. That brings me to the end of this lecture.
Coming up next, I want to expand more on the six core checks and discuss how to review the Trusted Advisor dashboard, and take the appropriate actions to remediate issues.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 60++ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.