運用管理

AWS Trusted Advisor

A service that automatically inspects your AWS environment across five categories - cost optimization, security, performance, fault tolerance, and service limits - and provides improvement recommendations based on best practices

About 4 min read

Overview

AWS Trusted Advisor automatically scans your running AWS environment and detects deviations from best practices across five perspectives: cost optimization, security, performance, fault tolerance, and service limits. With a Business support plan or higher, you gain access to all check items and can retrieve check results via API to integrate them into automated remediation pipelines. The Trusted Advisor Priority feature, introduced in 2024, allows AWS account teams to assign priorities to risks in customer environments and send notifications, enabling efficient triage of actionable items even in large-scale environments.

How Five-Category Diagnostics Prevent Oversights

The strength of Trusted Advisor lies in its cross-cutting evaluation of your environment across five axes - cost, security, performance, fault tolerance, and service limits - rather than a single perspective. In the cost optimization category, for example, it detects EC2 instances with CPU utilization below 10% over the past 14 days and unassociated Elastic IP addresses. The security category warns about S3 bucket public access settings, unrestricted port openings in security groups, and IAM root accounts without MFA enabled. The service limits category is often overlooked, but it alerts you when resource counts such as VPCs or EIPs reach 80% of the regional limit, preventing unexpected resource creation failures. Basic and Developer support plans have limited check items available, so subscribing to Business support or higher is effectively essential for production workloads.

Operational Automation with Priority and API

In multi-account environments, the volume of Trusted Advisor findings becomes too large to review manually. Trusted Advisor Priority is a feature where AWS account teams and Technical Account Managers (TAMs) analyze customer environments and assign priorities to items that need attention. It is available with the Enterprise support plan and integrates with AWS Organizations to provide a unified view of risks across the entire organization. By leveraging the API, you can periodically retrieve check results, trigger Lambda functions via EventBridge, and build workflows for automatic shutdown of unused resources or automatic remediation of security groups. Azure offers Azure Advisor as a similar diagnostic service, but while Trusted Advisor progressively unlocks check items based on your support plan tier, Azure Advisor makes all items available for free. Related books on AWS operations (Amazon) cover design examples for these automation patterns.

Practical Approaches to Cost Reduction

The area where Trusted Advisor delivers the most value is cost optimization. In practice, the standard approach is to export the list of unused and underutilized resources detected by the cost category and run a monthly process of confirming each resource with its owner. Development and testing environments are particularly prone to RDS instances and NAT Gateways left running after tests, accumulating charges of hundreds of dollars per month. However, Trusted Advisor recommendations are based on generic thresholds, so mechanically deleting resources without considering workload-specific factors (such as bursty load patterns) can lead to outages. It is critical to verify actual usage patterns with CloudWatch metrics before acting on recommendations. Additionally, Trusted Advisor check results display stale data unless refreshed, so scheduling periodic API refreshes ensures you always have the latest status.

共有するXB!

Related Terms

AWS Cost ExplorerAWS ConfigAWS OrganizationsAmazon CloudWatchAWS IAM

Related Services

AWS Cost ExplorerAWS ConfigAWS OrganizationsAmazon CloudWatch

Related Articles

Tag Design Determines Operations - Trivia and Practical Naming Conventions for AWS Resource Tagging StrategyWe explain why AWS resource tags are not just labels but the foundation for cost allocation, access control, and automation, covering tag key naming conventions, how to use the 50-tag limit, and governance through tag policies.Retrieving Compliance Reports with AWS Artifact - Audit Response and Agreement ManagementLearn how to retrieve SOC, PCI DSS, and ISO audit reports on demand and apply BAA and GDPR DPA agreements across your entire AWS Organizations structure.Cloud Cost Budget Management - Spending Controls and Alerts with AWS BudgetsLearn how to set budgets, configure cost alerts, and automate actions with AWS Budgets. This article covers choosing budget types, comparing Budgets with Cost Explorer, and managing organization-wide budgets through Organizations integration.Continuous Compliance Monitoring with AWS Config - Rule Evaluation and Auto-RemediationLearn how to record resource configurations with AWS Config, evaluate compliance using Config rules, and set up auto-remediation actions.Building a Multi-Account Environment with AWS Control Tower - Landing Zone and GuardrailsEstablish governance for your multi-account environment with automated landing zone construction and guardrail-based policy enforcement. Also covers automated account creation with Account Factory.

Similar Terms and Articles

Optimizing Your AWS Environment - Best Practice Checks with Trusted AdvisorLearn how to use AWS Trusted Advisor for automated environment diagnostics. This article covers the check items and usage across five categories: cost optimization, security, fault tolerance, performance, and service limits.Automated Best Practice Checks with AWS Trusted Advisor - Cost Reduction and Security ImprovementAutomatically check account health across five categories: cost optimization, performance, security, fault tolerance, and service limits. Learn about Priority for organization-wide best practice management and API integration.AWS Trusted AdvisorA service that checks your AWS environment for cost optimization, performance, security, and resilience improvementsAWS Cost Management Tools - Native Integration of Cost Explorer, Budgets, and Compute OptimizerAWS natively integrates cost management tools such as Cost Explorer, Budgets, Compute Optimizer, and Trusted Advisor. We analyze the advantages of AWS's cost visibility and optimization compared to Azure Cost Management and GCP's billing management.AWS Compute OptimizerA service that uses machine learning to analyze CloudWatch metrics and provide rightsizing recommendations for EC2, EBS, Lambda, and ECS resources