AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices.


When Trusted Advisor is enabled for errors and warnings, it helps add one more layer of security.


How It Works


Service-linked role permissions for Trusted Advisor:

Trusted Advisor uses the service-linked role named AWSServiceRoleForTrustedAdvisor—which allows Trusted Advisor to access AWS services on your behalf.

The AWSServiceRoleForTrustedAdvisor service-linked role trusts the following services to assume the role:        


The role permissions policy allows Trusted Advisor to complete the following actions on the specified resources:

  • Action: Read-only access on all AWS resources

You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role.