AWS Management Tools

AWS Trusted Advisor

5 min read
Updated June 23, 2025
4,728 characters

AWS Trusted Advisor Cheat Sheet

AWS Trusted Advisor is an online tool that acts as your personalized cloud expert. It inspects your AWS environment against best practices and provides real-time guidance to help you optimize your resources for cost, performance, security, and fault tolerance, as well as monitor your service quotas.

The Five Pillars of Trusted Advisor

Trusted Advisor provides checks and recommendations across five distinct categories.

1. Cost Optimization

This category focuses on identifying idle or underutilized resources to help you reduce your AWS bill.

  • Examples of Checks:

    • Idle Load Balancers

    • Underutilized Amazon EC2 Instances

    • Unassociated Elastic IP Addresses

    • Idle Amazon RDS DB Instances

    • Amazon S3 Bucket Versioning without Lifecycle Policies

2. Performance

This category provides recommendations to improve the speed, responsiveness, and overall performance of your applications.

  • Examples of Checks:

    • High Utilization Amazon EC2 Instances

    • Overutilized EBS Magnetic Volumes

    • Amazon S3 Bucket Performance (e.g., suggests using Amazon CloudFront)

    • Large Number of EC2 Security Group Rules

3. Security

This category focuses on identifying security vulnerabilities and provides recommendations to help you secure your AWS environment.

  • Examples of Checks:

    • MFA on Root Account (checks if Multi-Factor Authentication is enabled)

    • Security Groups - Unrestricted Access (e.g., port 22 or 3389 open to the world)

    • Exposed Access Keys

    • S3 Bucket Permissions (checks for publicly accessible buckets)

    • IAM Password Policy

4. Fault Tolerance

This category provides recommendations to increase the resiliency and availability of your applications.

  • Examples of Checks:

    • Amazon EC2 Availability Zone Balance

    • ELB Health Checks

    • RDS Backups (checks if automated backups are enabled)

    • RDS Multi-AZ Deployment

    • Auto Scaling Group Health Check Configuration

5. Service Quotas (formerly Service Limits)

This category monitors your usage of AWS services and alerts you when you are approaching a service quota (limit). This helps you proactively request quota increases to avoid service interruptions.

  • Examples of Checks:

    • VPC count

    • EBS Volume count

    • Auto Scaling Group count

    • IAM Roles and Users count

Support Plan and Access to Checks

The number of Trusted Advisor checks you can access depends on your AWS Support plan.

  • AWS Basic Support & AWS Developer Support:

    • Access to all Service Quotas checks.

    • Access to 6 core Security checks (MFA on Root Account, Security Groups unrestricted access, IAM Use, S3 Bucket Permissions, etc.).

  • AWS Business, AWS Enterprise On-Ramp, & AWS Enterprise Support:

    • Access to the full set of Trusted Advisor checks across all five categories.

Key Features and Integrations

  • Organizational View: If you use AWS Organizations, you can view Trusted Advisor reports for all member accounts from a single management or delegated administrator account. This provides a centralized view of compliance and optimization opportunities.

  • Actionable Recommendations: Each check provides a clear status:

    • Red (Action recommended): A significant issue that requires attention.

    • Yellow (Investigation recommended): A potential issue or deviation from best practice.

    • Green (No problems detected): The check has passed.

  • Automation with Amazon EventBridge: You can use EventBridge to detect changes in the status of Trusted Advisor checks. This allows you to build rules that trigger automated actions, such as sending an SNS notification or executing a Lambda function to remediate a finding.

  • API Access: You can interact with Trusted Advisor programmatically via the AWS Support API to refresh checks, get results, and integrate findings into your own applications or reporting tools.

  • Integration with AWS Security Hub: All security-related Trusted Advisor checks are automatically integrated into AWS Security Hub, giving you a single pane of glass for all your security findings.

  • Trusted Advisor Priority: For customers with an Enterprise Support plan, this feature provides proactive and prioritized recommendations from your AWS account team based on risks they identify in your environment.

Pricing

  • Access to the basic Trusted Advisor checks is included with all AWS accounts at no additional charge.

  • Full access to all checks requires a paid AWS Support plan (Business, Enterprise On-Ramp, or Enterprise).

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All