Q: What is AWS Trusted Advisor?
AWS Trusted Advisor is an application that draws upon best practices learned from AWS’ aggregated operational history of serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps.
Q: How do I access Trusted Advisor?
Trusted Advisor is available in the AWS Management Console. All AWS users have access to the data for two checks. Users with Business- or Enterprise-level Support can access all checks. You can access the Trusted Advisor console directly https://console.amazonaws.cn/trustedadvisor/.
Q: What made you choose the current checks/recommendations over others?
Every check was vetted for accuracy, consistency, and usefulness to our customers. We gather data and research to ensure we are making the right recommendations based on best practices and historical values. We have identified many possible checks for future implementation, and we will continue to add them over time.
Q: Does Trusted Advisor monitor my usage? Can Amazon see what I’m doing with AWS?
Trusted Advisor respects your privacy just as all Amazon Web Services do. We will never have access to your data or the software running on your account without your consent.
Q: What does Trusted Advisor check?
Trusted Advisor includes an ever-expanding list of checks in the following four categories:
Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.
Security – identification of security settings that could make your AWS solution less secure.
Fault Tolerance – recommendations that help increase the resiliency of your AWS solution by highlighting redundancy shortfalls, current service limits, and overutilized resources.
Performance – recommendations that can help to improve the speed and responsiveness of your applications.
For more information on Trusted Advisor and an up-to-date listing of checks, see Meet AWS Trusted Advisor.
Q. What service limits do you check?
The following table shows the limits that Trusted Advisor checks.
|Amazon Elastic Compute Cloud
|Elastic IP addresses (EIPs)
Reserved Instances - purchase limit (monthly)
|Amazon Elastic Block Store
Provisioned IOPS volume aggregate size (GiB)
Provisioned IOPS volume IOPS
Volume aggregate size (GiB)
|Amazon Virtual Private Cloud
|Elastic IP addresses (EIPs)
|Elastic Load Balancing (ELB)||Active load balancers|
Trusted Advisor tracks the recent changes to your resource status on the console dashboard. The most recent changes over the past 30 days appear at the top to bring them to your attention. The system will track seven updates per page, and you can go to different pages to view all recent changes by clicking the forward or the backward arrow displayed on the top-right corner of the "Recent Changes" area.
Q: How does the "Exclude Items" function work?
If you don’t want to be notified about the status of a particular resource, you can choose to exclude (suppress) the reporting for that resource. You would normally do this after you have inspected the results of a check and decide not to make any changes to the AWS resource or setting that Trusted Advisor is flagging.
To exclude items, check the box to the left of the resource items, and then click the Exclude button. Excluded items appear in a separate view. You can restore (include) them at any time by selecting the items in the excluded items list and then clicking the Include button.
The "Exclude Items" function is available only at the resource level, not at the check level. We recommend that you examine each resource alert before excluding it to make sure that you can still see the overall status of your deployment without overlooking a certain area. For an example, see AWS Trusted Advisor for Everyone in the AWS Blog.
Q: What is an "Action Link"? Why is this a beta feature?
Some items in a Trusted Advisor report have hyperlinks to the AWS Management Console, where you can take action on the Trusted Advisor recommendations. Currently, all checks have the action links in the check description "Recommended Action" section; three checks have links directly to the AWS Management Console: Security Groups - Specific Ports Unrestricted, Security Ports - Unrestricted Access, and Service Limits. We will collect customer feedback and roll out this feature on all Trusted Advisor recommendations in the future.
Q: How do I manage the access to the Trusted Advisor console? What is the IAM policy?
For the Trusted Advisor console, access is controlled by IAM policies that use the trustedadvisor namespace, and access options include viewing and refreshing individual checks or categories of checks. For more information, see Controlling Access to the Trusted Advisor Console.
Q: How often can I refresh my Trusted Advisor result?
You can refresh a check 5 minutes after it was last refreshed. You can refresh individual checks or refresh all the checks at once by clicking the Refresh All button in the top-right corner of the summary dashboard.
Checks are periodically refreshed without user action, but the interval can vary considerably. You can always see the date and time of the last refresh to the right of the check title.
Q: Which Trusted Advisor checks and features are available to all AWS customers?
These two Trusted Advisor checks are available to all customers at no cost: Service Limits (Performance category; details at What service limits do you check?) and Security Groups - Specific Ports Unrestricted (Security category). Customers can access the remaining checks by upgrading to Business or Enterprise-level Support.
When you log into the Trusted Advisor console for the very first time, your information may not be up to date; click the 'Refresh' button on the top-right corner in the console pane to get the latest data.