How It Works
Trusted Advisor uses the service-linked role named AWSServiceRoleForTrustedAdvisor—which allows Trusted Advisor to access AWS services on your behalf.
The AWSServiceRoleForTrustedAdvisor service-linked role trusts the following services to assume the role:
The role permissions policy allows Trusted Advisor to complete the following actions on the specified resources:
- Action: Read-only access on all AWS resources
You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role.