Description: 

AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices.


Rationale: 

When Trusted Advisor is enabled for errors and warnings, it helps add one more layer of security.


Audit: 

How It Works


Remediation:

Service-linked role permissions for Trusted Advisor:


Trusted Advisor uses the service-linked role named AWSServiceRoleForTrustedAdvisor—which allows Trusted Advisor to access AWS services on your behalf.


The AWSServiceRoleForTrustedAdvisor service-linked role trusts the following services to assume the role:        

  • trustedadvisor.amazonaws.com


The role permissions policy allows Trusted Advisor to complete the following actions on the specified resources:

  • Action: Read-only access on all AWS resources


You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role. 


Resources: 

https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/