Use Trusted Advisor

Use AWS Trusted Advisor to continuously scan your accounts for cost, security, and resilience issues.

Why it matters

AWS environments change constantly: new resources are created, configurations drift, and limits get close to being hit.

AWS Trusted Advisor continuously evaluates your account against best practices for cost, performance, security, fault tolerance, and service limits, surfacing issues and savings opportunities without manual inspection.

Note: The full set of Trusted Advisor checks is not free—it requires a Business or Enterprise AWS Support plan. The basic checks available on lower-tier plans are useful, but more limited.

What Trusted Advisor checks

Trusted Advisor provides checks across several categories:

  • Cost optimization – Idle or underutilized EC2 instances, low-utilization EBS volumes, idle load balancers, underused Elastic IPs
  • Performance – High-utilization instances, configuration patterns that may impact performance
  • Security – Publicly accessible resources, weak security settings, missing MFA on root, and similar risks
  • Fault tolerance – Single-AZ deployments, missing backups, and other resilience issues
  • Service limits – Usage nearing AWS account or service-level quotas

Some checks are available to all customers, while the full set requires Business or Enterprise support plans.

How to enable and access it

  1. Open the AWS Trusted Advisor console from the AWS Management Console.
  2. For multi-account environments, enable Trusted Advisor organizational view from the management account to see findings across all member accounts.
  3. Ensure you have an appropriate AWS Support plan (Business or Enterprise) to unlock the full set of checks.

Trusted Advisor runs many checks automatically on a schedule; some can be refreshed on demand from the console.

How to use the findings

  • Filter by category (Cost, Security, Performance, Fault Tolerance, Service Limits) to focus on specific goals
  • Start with Cost Optimization checks that show clear savings with low risk
  • Treat Security and Service Limits findings as high priority to avoid outages and incidents
  • Assign owners (team or application) using tags and account structure, then track remediation as normal work

Trusted Advisor is most effective when integrated into regular review cycles and incident prevention processes.

Best practices

  • Enable organizational view so you can see findings across all accounts in one place
  • Combine Trusted Advisor with budgets, Cost Anomaly Detection, and Compute Optimizer for a complete cost-visibility stack
  • Review checks on a regular cadence (for example, monthly reviews plus ad hoc before major launches)
  • Automate notifications for critical findings using tools like AWS Health and EventBridge where applicable

Resources