Using AWS Trusted Advisor to Monitor for Underutilized Resources


DOP-C02 Introduction
Amazon CloudWatch
Anomaly Detection
PREVIEW14m 35s
Advanced CloudFormation Skills
State Machines
Data Flow
19m 36s
AWS OpsWorks
Parameter Store vs. Secrets Manager
AWS Service Catalog
AWS Service Catalog
PREVIEW10m 34s
AWS Control Tower
AWS Control Tower
PREVIEW19m 56s
Managing Product Licenses
Amazon Managed Grafana
Amazon Managed Service for Prometheus
AWS Proton
AWS Resilience Hub

The course is part of this learning path

Start course
7h 24m

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets

One of the easiest ways to monitor for underutilized or idle resources is to have AWS do it for you by using AWS Trusted Advisor. This service helps you optimize your AWS resources with AWS best practices by using built-in checks across categories like Security, Fault Tolerance, Performance, Service Limits, and Cost Optimization. 

Since we’re mainly talking about detecting underutilized resources, I’ll be mainly referring to the cost optimization checks in this video. These are designed to provide recommendations to reduce the cost of your AWS environment. I won’t go through every Trusted Advisor cost optimization check, but I will touch on some of the important ones. 

For example, with Trusted Advisor, you get built-in checks for idle resources, allowing you to easily find idle load balancers, RDS idle database instances, and unassociated IP addresses. It enables you to check for underutilized resources, such as low utilization EC2 instances, underutilized EBS volumes, underutilized Redshift clusters and Amazon comprehend underutilized endpoints. 

And it also enables you to check for over-provisioned resources, such as Amazon EBS over-provisioned volumes, AWS Lambda over-provisioned functions for memory size, AWS Lambda functions with excessive timeouts, and misconfigured resources like AWS Lambda functions with a high error rate. 

Note that these last four checks require you to opt-in to AWS Compute Optimizer before you get access to recommendations. Once these checks are performed, each check will be summarized into three main responses: 

  1. Either it determines that an action is recommended, which shows as a red check
  2. Or it detects that there may be an issue, and recommends Investigation, marking the check as yellow
  3. Or it will signify that there are no problems detected and everything is good to go which will mark the check as green

With each check, you can view the recommended action and see AWS documentation that may help you better understand or fix the issue. 

For example, let’s say Trusted advisor runs the low utilization EC2 instances check. It then determines one of your instances only uses say 10% of its daily CPU utilization. In that case, it might recommend an action of stopping or terminating the instance, or using Auto Scaling to scale in instances when they’re not fully utilized. Note that it does not provide recommendations to modify or change the size of the instance - it only makes recommendations to delete. You can use AWS Compute Optimizer and AWS Cost Explorer Right Sizing recommendations to get modification recommendations instead. 

So who can use these AWS Trusted Advisor cost optimization checks? These checks are only available to those who pay for AWS Business Support, AWS Enterprise On-Ramp Support, or AWS Enterprise Support. 

If you use the basic or developer-level support plan, you do receive some checks on service limits and a few security checks - but you won’t have access to any of the other checks, including the cost optimization checks we talked about in this video. That being said, if you have at least the business support plan, using Trusted Advisor is one of the easiest ways to monitor for underutilized or idle resources.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.