Ensure that all Amazon Trusted Advisor checks (also known as best practices) found within your AWS account are inspected and resolved. Trusted Advisor is an AWS service that provides real-time guidance to help you provision and manage your cloud resources following AWS best practices. Trusted Advisor scans your AWS environment, compare it to AWS best practices available in 5 categories (security, fault tolerance, performance, cost optimisation and service limits) and provides recommended actions in order to help you secure and optimise your AWS infrastructure and save money. A Trusted Advisor check contains a detailed description of the recommended best practice, a set of alert criteria described using color coding: Green (no issues), Yellow (an investigation is required) and Red (an action is required), guidelines for action, and a list with links to useful resources on the topic. AWS Trusted Advisor integrates seamlessly with Cloud Conformity so that you can receive the checks (for one or more AWS accounts) on your Cloud Conformity dashboard. Also, Cloud Conformity automatically generates tickets in your preferred task management system ensuring risks are not only identified, but also actioned using your current business workflow.
With Amazon Trusted Advisor and Cloud Conformity you can analyze your AWS environment and get recommendations when opportunities exist to reduce costs, improve infrastructure/system availability and performance, or help close security gaps. Note: As example, this conformity rule demonstrates how to examine and solve an AWS Trusted Advisor check. The selected check, named "MFA on Root Account", recommends the use of Multi-Factor Authentication (MFA) for your root account in order to improve security by requiring additional authentication data from a secondary device.
To find and examine Trusted Advisor checks within your AWS account, perform the following:
To fix the issue(s) highlighted by the selected AWS Trusted Advisor check (i.e. enable Multi-Factor Authentication for the AWS root account), perform the following actions:Note 1: As example, this section will use Google Authenticator as MFA device since is one of the most popular MFA virtual applications used by AWS customers. To use a hardware device to enable Multi-Factor Authentication (MFA) for your root account, see this conformity rule.