AWS Trusted Advisor security checks 

The AWS Trusted Advisor customer support service provides best practices or checks across the following four categories:

• Cost optimization
• Fault tolerance
• Security
• Performance

Let us look at alerts provided by the AWS Trusted Advisor for security categories. If there are ports open for your servers in cloud, that opens up possibilities of unauthorized access or hacking; if there are internal users without IAM accounts, or S3 buckets in your account are accessible to the public, or if AWS CloudTrail is not turned on for logging all API requests or if MFA is not enabled on your AWS root account, then AWS Trusted Advisor will raise an alert. AWS Trusted Advisor can also be configured to send you an email every week automatically for all your security alert checks. 

The AWS Trusted Advisor service provides checks for four categories; these is, cost optimization, performance, fault tolerance, and security for free of cost to all users, including the following three important security checks:

• Specific ports unrestricted
• IAM use
• MFA on root account

There are many more checks available for each category, and these are available when you sign up for the business or enterprise level AWS support. Some of these checks are as follows:

• Security groups-Unrestricted access
• Amazon S3 bucket permissions
• AWS CloudTrail logging
• Exposed access keys

The following figure depicts the AWS Trusted Advisor checks for an AWS account. We will take a deep dive into the Trusted Advisor security checks later in this book: