Profile Applicability:

  • Level 1

Description:

This control ensures that AWS Trusted Advisor is regularly reviewed for any reported errors, warnings, or recommendations. Trusted Advisor provides real-time guidance to help organizations follow AWS best practices in the areas of cost optimization, performance, security, fault tolerance, and service limits. Regularly checking Trusted Advisor ensures that potential misconfigurations, security risks, or inefficiencies are identified and addressed promptly.


Rationale:
AWS Trusted Advisor continuously monitors your AWS environment and provides actionable recommendations. Regularly reviewing and addressing Trusted Advisor findings helps organizations:

  • Identify and remediate security vulnerabilities (e.g., open S3 buckets, overly permissive IAM roles).
  • Optimize costs by identifying underutilized resources.
  • Improve reliability and performance.
    By implementing this control, organizations can maintain a well-architected and secure cloud environment aligned with AWS best practices.


Impact:
Positive Impact: Improves operational efficiency, security posture, and cost management through proactive issue detection.
Negative Impact: Requires periodic review effort by the operations or security team.


Default Value:
By default, AWS Trusted Advisor is available to all AWS accounts. However, the level of checks available depends on the support plan:

  • Basic/Developer Support: Limited core checks only.
  • Business/Enterprise Support: Full set of checks across all categories.


Pre-Requisite:

  • AWS account must have an active Trusted Advisor service.
  • Business or Enterprise support plan for access to all Trusted Advisor checks.
  • IAM permissions required: trustedadvisor:DescribeChecks, trustedadvisor:DescribeCheckResult, support:DescribeTrustedAdvisorChecks, and support:DescribeTrustedAdvisorCheckResult.


Remediation

Test Plan

Using AWS Console:

  1. Sign in to the AWS Management Console.
  2. Navigate to AWS Trusted Advisor.
  3. In the navigation pane, select Dashboard.
  4. Review all available categories:
    • Cost Optimization
    • Performance
    • Security
    • Fault Tolerance
    • Service Limits
  5. Check for any items listed under Error or Warning status.
  6. Document identified findings and verify that corresponding remediation actions are tracked in the incident or change management system.


Implementation Plan

Using AWS Console:

  1. Sign in to the AWS Management Console.
  2. Open Trusted Advisor from the Support section.
  3. Review the Summary Dashboard for any checks marked as Warning or Error.
  4. Click on each affected check to view detailed information.
  5. Implement the recommended actions provided by Trusted Advisor for each issue.
  6. Schedule a periodic review (e.g., weekly or monthly) to ensure the Trusted Advisor dashboard remains clear of unresolved warnings and errors.
  7. Optionally, use AWS Security Hub or AWS Config to aggregate and monitor Trusted Advisor findings centrally.


Backout Plan

Using AWS Console:

  1. If changes made based on Trusted Advisor recommendations cause operational impact, revert the specific change using:
    • CloudFormation rollback if infrastructure was modified via IaC.
    • Manual configuration reversion through the AWS Console for directly modified settings (e.g., restoring security group rules, re-enabling services).
  2. Re-run the Trusted Advisor check to confirm that the reverted configuration no longer appears as a warning or error.


References: