Operations Management

Automated Best Practice Checks with AWS Trusted Advisor - Cost Reduction and Security Improvement

Automatically check account health across five categories: cost optimization, performance, security, fault tolerance, and service limits. Learn about Priority for organization-wide best practice management and API integration.

約 3 分で読めます

Trusted Advisor Overview

Trusted Advisor is a service that provides best practice checks across five categories: cost, performance, security, fault tolerance, and service limits. It automatically scans your AWS account's resource configurations and presents improvement recommendations. It automatically identifies unused resources and security misconfigurations, and provides estimated cost savings.

Check Categories and Usage

Cost optimization detects unused Elastic IPs, underutilized EC2 instances (CPU usage below 10% for 14 consecutive days), and unattached EBS volumes, displaying estimated monthly savings. Security detects S3 bucket public access, security groups open to 0.0.0.0/0, and root account MFA not enabled. All check items become available with Business support plan or higher, while the Basic plan only includes 6 core security checks. EventBridge integration detects changes in check results, and Lambda can execute automated remediation actions.

Priority and Organization-Level Usage

Trusted Advisor Priority is available with the Enterprise Support plan and provides prioritized recommendations curated by your AWS Technical Account Manager (TAM). It displays organization-wide risks in priority order, allowing you to address the highest-impact improvement items first. Integration with Organizations aggregates check results from all member accounts and visualizes them in an organization-level dashboard. EventBridge integration detects check result changes in real time, enabling you to build workflows that execute automated remediation actions via Lambda (such as releasing unused EIPs or blocking publicly accessible S3 buckets). For a systematic understanding of best practices, related books on Amazon are also helpful.

Trusted Advisor Pricing

The number of available Trusted Advisor checks depends on your support plan. Basic and Developer plans include only 6 core security checks, while Business plan and above unlock all checks (100+). Trusted Advisor Priority is available exclusively with the Enterprise Support plan. API access (AWS Support API) is available with Business plan and above, enabling programmatic retrieval of check results for automation. By regularly reviewing recommended cost savings and taking action on them, you can achieve ROI that exceeds the cost of your support plan.

Summary

Trusted Advisor is a service that automatically checks your AWS account for best practice compliance. It maintains account health through estimated cost savings and security risk detection, and automates actions like releasing unused EIPs and blocking public S3 buckets via EventBridge integration. The Priority feature provides TAM-curated prioritized recommendations, and Organizations aggregates results across all accounts.

Related Services

AWS Trusted AdvisorA service that checks your AWS environment for cost optimization, performance, security, and resilience improvementsAWS OrganizationsA service for centrally managing multiple AWS accountsAmazon CloudWatchA service that provides monitoring, log management, and alarms for AWS resources and applications

Related Articles

Visualizing and Analyzing Costs with AWS Cost Explorer - Tag Strategy and Savings PlansVisualize AWS spending with cost analysis by service, account, and tag, plus ML-based anomaly detection and cost forecasting. Learn how to optimize costs using Reserved Instance and Savings Plans purchase recommendations.Resource Optimization with AWS Compute Optimizer - Instance RightsizingAnalyze CloudWatch metrics with ML to generate rightsizing recommendations for EC2, Lambda, EBS, and ECS Fargate. Learn about Graviton migration recommendations and improving accuracy with enhanced metrics.Reviewing Workloads with the AWS Well-Architected Tool - Architecture Improvement Based on Six PillarsQuantify risks through architecture reviews based on six pillars, add organization-specific best practices with custom lenses, and track improvement progress with milestones.

More on This Topic

How AWS Keeps Time Internally - Amazon Time Sync Service and Leap Second Smearing DesignLearn how Amazon Time Sync Service works, how GPS and atomic clocks provide high-precision time sources, the design decision to absorb leap seconds through smearing, and why time synchronization matters in distributed systems.Centralizing SaaS Audit Logs with AWS AppFabric - OCSF Standardization and Security Lake IntegrationLearn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.Implementing Feature Flags with AWS AppConfig - Safe Configuration Deployment and RollbackRoll out configuration changes independently from code deployments using Linear and Exponential strategies. Ensure safety with automatic rollback triggered by CloudWatch alarms.Architecture Review - Systematically Evaluate Workloads with the AWS Well-Architected ToolLearn about architecture reviews using the AWS Well-Architected Tool. Covers evaluation based on the six pillars, improvement planning, and custom lens usage.Audit Log Design and Operations - Complete API Activity Recording with CloudTrailLearn how to design audit logs using AWS CloudTrail, including recording API activity, long-term storage in S3, and compliance automation through integration with AWS Config.Lessons from AWS Incident Reports (COE) - How Past Major Outages Shaped Design PrinciplesAnalyze the root causes of past major incidents including the S3 outage, us-east-1 DNS failure, and Kinesis outage from AWS's published Correction of Errors (COE) and incident reports, and explain how they changed AWS's design principles.Tag Design Determines Operations - Trivia and Practical Naming Conventions for AWS Resource Tagging StrategyWe explain why AWS resource tags are not just labels but the foundation for cost allocation, access control, and automation, covering tag key naming conventions, how to use the 50-tag limit, and governance through tag policies.Why AWS Service Quotas Exist - Multi-Tenant Design That Protects Shared InfrastructureExplain how AWS service quotas (formerly service limits) are not mere restrictions but a design to protect other customers in a multi-tenant environment, covering the noisy neighbor problem, soft vs hard limits, and what happens behind quota increase requests.

Similar Articles and Services

Optimizing Your AWS Environment - Best Practice Checks with Trusted AdvisorLearn how to use AWS Trusted Advisor for automated environment diagnostics. This article covers the check items and usage across five categories: cost optimization, security, fault tolerance, performance, and service limits.AWS Trusted AdvisorA service that automatically inspects your AWS environment across five categories - cost optimization, security, performance, fault tolerance, and service limits - and provides improvement recommendations based on best practicesAWS Cost Management Tools - Native Integration of Cost Explorer, Budgets, and Compute OptimizerAWS natively integrates cost management tools such as Cost Explorer, Budgets, Compute Optimizer, and Trusted Advisor. We analyze the advantages of AWS's cost visibility and optimization compared to Azure Cost Management and GCP's billing management.Security Posture Management - Building a Unified Security Monitoring Foundation with AWS Security HubLearn about unified security monitoring with AWS Security Hub and automated threat detection through GuardDuty integration. This guide covers visualizing compliance with security best practices and security governance for multi-account environments.