(upbeat music) - [Arun] Hello, I'm Arun a product manager for AWS Trusted Advisor. Today, I'm gonna introduce
the Trusted Advisor service and walk you through the
key features of the console. Let's get started. After logging in to the
AWS Management Console, navigate to AWS Trusted Advisor. Trusted Advisor inspects
your AWS infrastructure and provides best practice recommendations when opportunities exist to save money, improve system availability, and performance, or help close security gaps. You can see these are reflected here as five pillars with a specific set of
checks in each pillar. The checks are based on best
practices identified by experts in each AWS service, as well as learnings from
serving customers over time. For each check Trusted Advisor Provides recommendations typically based on the specific resources that are inspected. The infographic provides a pillar level
summary of check results. For each pillar the check summary includes
a roll up of check status sorted by Okay, or green warning, or yellow, an error or red. The specific criteria and
implication of a check state depends on the check. For the cost optimization pillar the potential monthly savings represents the total amount
you can save each month If you act on all the recommendations across all checks in the pillar. Using this account as an example you can save over 7000 dollars each month. You can also see the number
of checks in error states in the security pillar, with 12 checks, fault tolerance pillar with five checks and the service limits pillar with one check. This summary is a high level snapshot that shows you where to investigate first, and how your environment is faring in each pillar. Keep in mind that this
is a check level summary and does not represent the
number of recommendations, which depends on the number
of impacted resources. Check level status
shows up as error or red If a single resource is flagged as error, check level status shows
up as warning or yellow If a single resource is in warning state and no resource is in error state. Check level status shows
up as okay or green only if there are no
underlying resources in error Or warning state. Trusted Advisor inspects your
resources across all regions and presents aggregated results. For example, in this account, if I look at the idle load balances check in cost optimization pillar, I can see that the region column
represents multiple regions. In my console trusted advisor currently
shows a total of 110 checks with nine checks and cost optimization 10 checks in performance 17 checks in security 24 checks and fault tolerance and 50 checks in the
service limit to pillar. Accounts that are subscribed to AWS business or enterprise support plans have access to all these checks. Additionally, these accounts get access to the AWS support API and Amazon CloudWatch integration and their check status is automatically refreshed once a week. I'll dig deeper into check
refresh later in this video. Accounts that are subscribed to the AWS developer support plan or that are on the basic support plan, have access to six security checks, and all checks in the
service limits pillar via the console only. Trusted Advisor Service adds new checks, new features, updates existing checks and expands to new regions
on an ongoing basis. The what's new section shows batched information on
these additions and changes. The recent changes section highlights recent check status changes and links directly to the specific check. Using the console you can access recommendations
for individual checks using the drill down mechanism that we just reviewed
with idle load balances. Or, you can download an Excel sheet with the same level of detail. This excel sheet has a tab for each check with the check level metadata, including summary status, number of resources parsed and flagged and the full resource level
table of check results. To reflect the latest check status, click the Refresh button. This action can take some time, depending on the number of
resources to be scanned. Logging into the console automatically refreshes
all available checks. In the console, you can initiate a refresh yourself by choosing the refresh
icon for all checks or for an individual check. You can set up weekly email notification as an option in preferences. The notifications can be configured to be sent to the billing, operations and security contact that are a part of your account. You can also choose language preference. The email notification won't include resource
level recommendations. It will provide a summary of the number of checks in each status, the total monthly cost savings, and recent check status changes. You can use the console, support API, or CloudWatch to access resource level check results. You can choose to disable Trusted Advisor from accessing your resource information and providing check status updates. The preferences section
allows you to do this with the click of a button. Let's look at a few checks to understand in more detail how Trusted Advisor analyzes, alerts and provides recommendations. First, I'll choose cost optimization. This pillar includes reservation under utilized instances and service specific checks such as inefficiently configured Amazon route 53 latency record sets. The low utilization Amazon
easy to check for example, inspects every easy to
instance in your account across regions, and warns you if the CPU utilization for the
past 14 days was below 10%. Or if the network IO was less than or equal to five MB over the past four days. Recommended action for such resources is to either stop or terminate them or use auto scaling to scale instances based
on your business need. Trusted Advisor also allows
you to filter recommendations based on resource tags. If you want to focus on resources for a specific application, business unit, or production environment that is identifiable via a tag You can filter results
for a pillar by that tag. You can also select
specific view filtering based on the status of
check result for a pillar. You might want specific instances
to be turned on by design, despite low utilization. In such cases, you can choose to ignore the
recommendation for a resource. To do this, you can select the desired resource and then choose exclude and refresh. I won't perform this action here because the refresh can
take some time to execute as Trusted Advisor will refresh the check results across all resources in the account. This is a reversible option, and you can view excluded items and re-include them by choosing include and refresh. The AWS cloud trail logging check in the security pillar checks for the status of
cloud trail in every region, it flags an error state for a region if cloud trail logging has not been created, or if logging is turned off. The recommended action is to turn on and enable cloud
trail logging in that region. It flags a warning state for a region if cloud trail logging is turned on, but there are log delivery errors. The recommended action is to debug the issue by confirming that the Amazon simple storage
service bucket exists and then checking your S3
bucket access permissions. As another example, the Amazon S3 bucket permissions checks for all S3 buckets in the account that have open access permissions or allow access to any
authenticated AWS user and flags error or warning depending on the level
and type of exposure. For example, it shows the error status red if the bucket ACL allows upload or delete access for everyone, or any authenticated AWS user. In addition to console options, Trusted Advisor provides support API access and CloudWatch integration. Note that API access and
cloud watch integration is available only to accounts that are subscribed to AWS business, or enterprise support plan. The support API provides actions to obtain check summary data list all available checks, see recommendations for a specific check refresh the status of a specific check and get the status of the
refresh of a specific check. The support API can be used to pull
relevant check result data into your own tools for personalized analysis and tracking. You can use Amazon CloudWatch events to detect and react to changes in the status of trusted advisor checks. Then, based on the rules that you create CloudWatch events invokes
one or more target actions when a check status changes to the value that you specify in a rule. As an example, you can use an AWS lambda function to pass a notification to a Slack channel when check status changes. When using CloudWatch or API, you can rely on the
automatic weekly refresh performed by the service. Or you can initiate your own refresh using the support API or console. Thanks for watching, and happy cloud computing from all of us here at AWS. (upbeat music)
