Great AWS Trusted Advisor

I have to say AWS Trusted Advisor is a great tool! AWS keeps improving it by adding more useful new checks. Here is one that I got this morning:


I setup health checks for some new records, but forgot to decrease TTL to a low value (it is 300 seconds by default). Now trusted advisor reminds that it is better set a value lower than 60 seconds to allow the old DNS records expire soon. How sweet it is 🙂


3 thoughts on “Great AWS Trusted Advisor

  1. You can also automate many tasks using CLI version of Trusted Adviser:

    Here are all the checks:
    aws support describe-trusted-advisor-checks –language en –output json –region us-east-1 | jq -r ‘.checks[] | “\(.category),\(.id),\(.description)”‘ | egrep “^security,|^fault_tolerance,|^cost_optimizing,|^performance,” | cut -c1-220 | sort

    Example commands:
    Rotation of IAM keys:
    aws support describe-trusted-advisor-check-result –language en –check-id DqdJqYeRm5 –output json –region us-east-1 | jq -r ‘.result.flaggedResources[] | “\(.status),\(.resourceId),\(.metadata)”‘

    S3 buckets open:
    aws support describe-trusted-advisor-check-result –language en –check-id Pfx0RwqBli –output json –region us-east-1 | jq -r ‘.result.flaggedResources[] | “\(.status),\(.resourceId),\(.region),\(.metadata)”‘

    1. Hey Zoran, it would be nice if AWS can make Trust Advisor event driven – instead of executing all those check jobs by ourselves, we only need to subscribe to the TA SNS. An alert will be triggered if TA found something abnormal.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s