Understanding AWS Trusted Advisor

Lab Steps

Logging in to the Amazon Web Services Console
Understanding AWS Trusted Advisor
Following Security Group Best Practices
Following Identity and Access Management Best Practices
Enabling Multi-Factor Authentication on Your AWS Account
Following Snapshot Best Practices
Following Service Limits Best Practices
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.


AWS Trusted Advisor is a cross-region service that inspects your AWS environments. Trusted Advisor makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps. Trusted Advisor performs checks to identify the opportunities. 

The type of AWS account support plan in place determines how many checks AWS Trusted Advisor will perform. All AWS accounts benefit from six Trusted Advisor checks, while accounts with Business or Enterprise support plans have access to over 50 Trusted Advisor checks. Business support plans start at $100 per month.

In this lab step, you will navigate the Trusted Advisor website. You will see what checks are included with all AWS accounts and see what checks are available with Business or Enterprise support plans. 



1. In the AWS Management Console, in the search bar at the top, enter Trusted Advisor, and click the Trusted Advisor result:


You will see the Trusted Advisor Recommendations:


From here you get a quick snapshot of Trusted Advisor's recommendations in each of the four categories checked by Trusted Advisor. The six checks included without a support plan fall under the Performance and Security categories. Under each category, the number of checks that fall into each recommendation status category are shown. The recommendation statuses by color are:

  • Red: Action recommended
  • Yellow: Investigation recommended
  • Gray : Excluded items


2. The navigation pane contains all the different check categories:



3. Scroll down to Recommended Actions. Observe that each check has download result and refresh check buttons on the right:


Refresh operations can only be performed once every five minutes. Trusted Advisor will automatically refresh all checks when you load the Trusted Advisor website. As a result, your refresh buttons may be inoperable for up to five minutes.


4. Click the download result button for the Security Groups - Specific Ports Unrestricted check and open the downloaded .xls file:


The downloaded check result spreadsheet shows the number of resources checked and lists individual flagged resources. Flagged resources are those with a yellow or red status.


5. Click the refresh button for the Security Groups - Specific Ports Unrestricted check.

Trusted Advisor will begin performing the check in response. The checks can be performed once every five minutes this way. After a minute the check will complete. The amount of time since the latest check will be listed.


6. Scroll to the top of the Dashboard page and notice the "Refresh All" and "Download All" results buttons available:


Trusted Advisor will automatically perform all of the checks without manual intervention. This feature is useful because you can trigger CloudWatch Events to send you emails when the status of a check changes. However, the intervals for each check vary greatly. You can easily get the latest check results in the AWS Management Console by clicking the refresh all button.

Similarly, if you want to export a report with all check results at once, the download all results button is available to you.

Note: CloudWatch Events for Trusted Advisor requires a Business or Enterprise support plan.


7. Navigate to Recommendations > Cost Optimization.

Although Trusted Advisor doesn't perform the checks without a support plan, you can see all of the checks included in each category this way. If you have extra time at the end of the Lab, you can review the checks included with a Business or Enterprise support plan. With such a support plan in place, the cost optimization category will also include an estimate of the savings you can achieve by implementing Trusted Advisor's recommendations. 


8. Navigate to Recommendations > Performance and Recommendations > Fault Tolerance and briefly review the types of checks available with a Business or Enterprise support plan.


9. Click on Preferences in the left navigation pane.

This is where you can set notification preferences for receiving weekly Trusted Advisor emails for your account. The email messages will include the most recent check results, and cost-savings estimate if you have a Business or Enterprise support plan. In this Lab, you don't have the required access to billing to set the email addresses, so there is no further action to take.



In this lab step, you learned about Trusted Advisor checks, categories, and check status categories. You also learned Trusted Advisor behaves differently depending on the level of your AWS support plan.