Ensure that all Amazon Trusted Advisor checks (also known as best practices) found within your AWS account are inspected and resolved. Trusted Advisor is an AWS service that provides real-time guidance to help you provision and manage your cloud resources following AWS best practices. Trusted Advisor scans your AWS environment, compare it to AWS best practices available in 5 categories (security, fault tolerance, performance, cost optimisation and service limits) and provides recommended actions in order to help you secure and optimise your AWS infrastructure and save money. A Trusted Advisor check contains a detailed description of the recommended best practice, a set of alert criteria described using color coding: Green (no issues), Yellow (an investigation is required) and Red (an action is required), guidelines for action, and a list with links to useful resources on the topic. AWS Trusted Advisor integrates seamlessly with Cloud Conformity so that you can receive the checks (for one or more AWS accounts) on your Cloud Conformity dashboard. Also, Cloud Conformity automatically generates tickets in your preferred task management system ensuring risks are not only identified, but also actioned using your current business workflow.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
optimisation
With Amazon Trusted Advisor and Cloud Conformity you can analyze your AWS environment and get recommendations when opportunities exist to reduce costs, improve infrastructure/system availability and performance, or help close security gaps.
Note: As example, this conformity rule demonstrates how to examine and solve an AWS Trusted Advisor check. The selected check, named "MFA on Root Account", recommends the use of Multi-Factor Authentication (MFA) for your root account in order to improve security by requiring additional authentication data from a secondary device.
Audit
To find and examine Trusted Advisor checks within your AWS account, perform the following:
Remediation / Resolution
To fix the issue(s) highlighted by the selected AWS Trusted Advisor check (i.e. enable Multi-Factor Authentication for the AWS root account), perform the following actions:
Note 1: As example, this section will use Google Authenticator as MFA device since is one of the most popular MFA virtual applications used by AWS customers. To use a hardware device to enable Multi-Factor Authentication (MFA) for your root account, see this conformity rule.Note 2: Installing and activating an MFA device for the AWS root account via Command Line Interface (CLI) is not currently supported.
References
- AWS Documentation
- AWS Trusted Advisor
- Trusted Advisor Best Practices (Checks)
- Trusted Advisor FAQs
- Controlling Access to the Trusted Advisor Console
- Multi-Factor Authentication
- IAM Best Practices
- Using Multi-Factor Authentication (MFA) in AWS
- AWS Command Line Interface (CLI) Documentation
- support
- describe-trusted-advisor-checks
- refresh-trusted-advisor-check
- describe-trusted-advisor-check-refresh-statuses
- describe-trusted-advisor-check-result
- AWS Blog(s)
- AWS Trusted Advisor For Everyone