How do I start using Trusted Advisor?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
(upbeat music) - [Arun] Hello, I'm Arun a product manager for AWS Trusted Advisor. Today, I'm gonna introduce the Trusted Advisor service and walk you through the key features of the console. Let's get started. After logging in to the AWS Management Console, navigate to AWS Trusted Advisor. Trusted Advisor inspects your AWS infrastructure and provides best practice recommendations when opportunities exist to save money, improve system availability, and performance, or help close security gaps. You can see these are reflected here as five pillars with a specific set of checks in each pillar. The checks are based on best practices identified by experts in each AWS service, as well as learnings from serving customers over time. For each check Trusted Advisor Provides recommendations typically based on the specific resources that are inspected. The infographic provides a pillar level summary of check results. For each pillar the check summary includes a roll up of check status sorted by Okay, or green warning, or yellow, an error or red. The specific criteria and implication of a check state depends on the check. For the cost optimization pillar the potential monthly savings represents the total amount you can save each month If you act on all the recommendations across all checks in the pillar. Using this account as an example you can save over 7000 dollars each month. You can also see the number of checks in error states in the security pillar, with 12 checks, fault tolerance pillar with five checks and the service limits pillar with one check. This summary is a high level snapshot that shows you where to investigate first, and how your environment is faring in each pillar. Keep in mind that this is a check level summary and does not represent the number of recommendations, which depends on the number of impacted resources. Check level status shows up as error or red If a single resource is flagged as error, check level status shows up as warning or yellow If a single resource is in warning state and no resource is in error state. Check level status shows up as okay or green only if there are no underlying resources in error Or warning state. Trusted Advisor inspects your resources across all regions and presents aggregated results. For example, in this account, if I look at the idle load balances check in cost optimization pillar, I can see that the region column represents multiple regions. In my console trusted advisor currently shows a total of 110 checks with nine checks and cost optimization 10 checks in performance 17 checks in security 24 checks and fault tolerance and 50 checks in the service limit to pillar. Accounts that are subscribed to AWS business or enterprise support plans have access to all these checks. Additionally, these accounts get access to the AWS support API and Amazon CloudWatch integration and their check status is automatically refreshed once a week. I'll dig deeper into check refresh later in this video. Accounts that are subscribed to the AWS developer support plan or that are on the basic support plan, have access to six security checks, and all checks in the service limits pillar via the console only. Trusted Advisor Service adds new checks, new features, updates existing checks and expands to new regions on an ongoing basis. The what's new section shows batched information on these additions and changes. The recent changes section highlights recent check status changes and links directly to the specific check. Using the console you can access recommendations for individual checks using the drill down mechanism that we just reviewed with idle load balances. Or, you can download an Excel sheet with the same level of detail. This excel sheet has a tab for each check with the check level metadata, including summary status, number of resources parsed and flagged and the full resource level table of check results. To reflect the latest check status, click the Refresh button. This action can take some time, depending on the number of resources to be scanned. Logging into the console automatically refreshes all available checks. In the console, you can initiate a refresh yourself by choosing the refresh icon for all checks or for an individual check. You can set up weekly email notification as an option in preferences. The notifications can be configured to be sent to the billing, operations and security contact that are a part of your account. You can also choose language preference. The email notification won't include resource level recommendations. It will provide a summary of the number of checks in each status, the total monthly cost savings, and recent check status changes. You can use the console, support API, or CloudWatch to access resource level check results. You can choose to disable Trusted Advisor from accessing your resource information and providing check status updates. The preferences section allows you to do this with the click of a button. Let's look at a few checks to understand in more detail how Trusted Advisor analyzes, alerts and provides recommendations. First, I'll choose cost optimization. This pillar includes reservation under utilized instances and service specific checks such as inefficiently configured Amazon route 53 latency record sets. The low utilization Amazon easy to check for example, inspects every easy to instance in your account across regions, and warns you if the CPU utilization for the past 14 days was below 10%. Or if the network IO was less than or equal to five MB over the past four days. Recommended action for such resources is to either stop or terminate them or use auto scaling to scale instances based on your business need. Trusted Advisor also allows you to filter recommendations based on resource tags. If you want to focus on resources for a specific application, business unit, or production environment that is identifiable via a tag You can filter results for a pillar by that tag. You can also select specific view filtering based on the status of check result for a pillar. You might want specific instances to be turned on by design, despite low utilization. In such cases, you can choose to ignore the recommendation for a resource. To do this, you can select the desired resource and then choose exclude and refresh. I won't perform this action here because the refresh can take some time to execute as Trusted Advisor will refresh the check results across all resources in the account. This is a reversible option, and you can view excluded items and re-include them by choosing include and refresh. The AWS cloud trail logging check in the security pillar checks for the status of cloud trail in every region, it flags an error state for a region if cloud trail logging has not been created, or if logging is turned off. The recommended action is to turn on and enable cloud trail logging in that region. It flags a warning state for a region if cloud trail logging is turned on, but there are log delivery errors. The recommended action is to debug the issue by confirming that the Amazon simple storage service bucket exists and then checking your S3 bucket access permissions. As another example, the Amazon S3 bucket permissions checks for all S3 buckets in the account that have open access permissions or allow access to any authenticated AWS user and flags error or warning depending on the level and type of exposure. For example, it shows the error status red if the bucket ACL allows upload or delete access for everyone, or any authenticated AWS user. In addition to console options, Trusted Advisor provides support API access and CloudWatch integration. Note that API access and cloud watch integration is available only to accounts that are subscribed to AWS business, or enterprise support plan. The support API provides actions to obtain check summary data list all available checks, see recommendations for a specific check refresh the status of a specific check and get the status of the refresh of a specific check. The support API can be used to pull relevant check result data into your own tools for personalized analysis and tracking. You can use Amazon CloudWatch events to detect and react to changes in the status of trusted advisor checks. Then, based on the rules that you create CloudWatch events invokes one or more target actions when a check status changes to the value that you specify in a rule. As an example, you can use an AWS lambda function to pass a notification to a Slack channel when check status changes. When using CloudWatch or API, you can rely on the automatic weekly refresh performed by the service. Or you can initiate your own refresh using the support API or console. Thanks for watching, and happy cloud computing from all of us here at AWS. (upbeat music)
Info
Channel: Amazon Web Services
Views: 3,906
Rating: 4.9344263 out of 5
Keywords: AWS, Amazon Web Services, Cloud, AWS Cloud, Cloud Computing, AWS Knowledge Center Videos
Id: i0IkKN9NoPk
Channel Id: undefined
Length: 11min 56sec (716 seconds)
Published: Fri Apr 17 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.