1
00:00:00,150 --> 00:00:03,010
‫So now let's discuss Trusted Advisor.

2
00:00:03,010 --> 00:00:05,270
‫So Trusted Advisor is a service that just runs out of the

3
00:00:05,270 --> 00:00:07,300
‫bucks. You don't need to install anything,

4
00:00:07,300 --> 00:00:10,750
‫and it gives you a high level AWS account assessments.

5
00:00:10,750 --> 00:00:12,700
‫So it will just run a bunch of checks

6
00:00:12,700 --> 00:00:15,310
‫and tell you if the checks are passing or not passing.

7
00:00:15,310 --> 00:00:17,287
‫And here's an example of the checks does, for example,

8
00:00:17,287 --> 00:00:20,400
‫Amazon EBS public snapshots, zero found,

9
00:00:20,400 --> 00:00:23,020
‫okay good. The check is passing and so on.

10
00:00:23,020 --> 00:00:25,020
‫So it's going to analyze your accounts and provide

11
00:00:25,020 --> 00:00:26,790
‫recommendations on five categories.

12
00:00:26,790 --> 00:00:29,380
‫And you need to remember these five categories so please

13
00:00:29,380 --> 00:00:33,810
‫learn them. We have cost optimization performance, security,

14
00:00:33,810 --> 00:00:36,370
‫fault tolerance and service limits.

15
00:00:36,370 --> 00:00:38,330
‫Remember these five categories because the exam

16
00:00:38,330 --> 00:00:39,163
‫will ask you,

17
00:00:39,163 --> 00:00:42,890
‫"Hey, what are two of the Trusted Advisor categories?"

18
00:00:42,890 --> 00:00:45,540
‫So remember these five so that you can identify the ones

19
00:00:45,540 --> 00:00:47,930
‫that are going to be correct in the question.

20
00:00:47,930 --> 00:00:50,030
‫The second thing that the exam will ask you on for

21
00:00:50,030 --> 00:00:52,970
‫Trusted Advisor is around the support plans.

22
00:00:52,970 --> 00:00:57,390
‫So we have by default seven core checks available to us

23
00:00:57,390 --> 00:01:01,640
‫if we are on the basic and developer support plan. So again,

24
00:01:01,640 --> 00:01:03,850
‫something to remember seven core checks on the basic

25
00:01:03,850 --> 00:01:05,330
‫and developer support plan.

26
00:01:05,330 --> 00:01:07,790
‫And you need to remember them what these core checks are,

27
00:01:07,790 --> 00:01:09,377
‫because again, the exam will ask you,

28
00:01:09,377 --> 00:01:12,860
‫"Hey, what are some of the core checks of Trusted Advisor?"

29
00:01:12,860 --> 00:01:14,930
‫So we have seven, we have S3 bucket permissions,

30
00:01:14,930 --> 00:01:17,740
‫making sure bucket is not public. Security group,

31
00:01:17,740 --> 00:01:20,360
‫making sure that some ports are not unrestricted,

32
00:01:20,360 --> 00:01:21,800
‫such as SSH.

33
00:01:21,800 --> 00:01:24,300
‫IAM Use so making sure that we have at least one,

34
00:01:24,300 --> 00:01:27,440
‫IAM user in our accounts. MFA on root accounts

35
00:01:27,440 --> 00:01:29,390
‫so making sure that we have enabled

36
00:01:29,390 --> 00:01:30,950
‫multifactor authentication

37
00:01:30,950 --> 00:01:32,550
‫for the root accounts,

38
00:01:32,550 --> 00:01:33,870
‫ensuring we don't have any EBS

39
00:01:33,870 --> 00:01:36,850
‫public snapshots, ensuring we do not have any RDS

40
00:01:36,850 --> 00:01:37,720
‫public snapshots.

41
00:01:37,720 --> 00:01:41,780
‫And finally looking at service limits in AWS.

42
00:01:41,780 --> 00:01:44,630
‫These are the seven core checks. Please remember them.

43
00:01:44,630 --> 00:01:46,300
‫And the fact that it is for the basic

44
00:01:46,300 --> 00:01:48,430
‫and developers support plan.

45
00:01:48,430 --> 00:01:50,570
‫The other thing you need to know about Trusted Advisor is

46
00:01:50,570 --> 00:01:51,910
‫around the full checks.

47
00:01:51,910 --> 00:01:53,980
‫So this is available for your business

48
00:01:53,980 --> 00:01:55,620
‫and enterprise support plan.

49
00:01:55,620 --> 00:01:57,480
‫Yet nother thing to remember.

50
00:01:57,480 --> 00:01:59,160
‫And is going to give you access to

51
00:01:59,160 --> 00:02:01,930
‫all the checks in the five categories I showed you before

52
00:02:01,930 --> 00:02:03,200
‫you can set CloudWatch alarms

53
00:02:03,200 --> 00:02:06,060
‫when reaching these limits and you have very important

54
00:02:06,060 --> 00:02:07,720
‫as well from an exam perspective,

55
00:02:07,720 --> 00:02:12,070
‫you get programmatic access using the AWS support API.

56
00:02:12,070 --> 00:02:15,260
‫You do not have access to the API if you are on the basic

57
00:02:15,260 --> 00:02:17,780
‫and developer support plan. Okay?

58
00:02:17,780 --> 00:02:20,663
‫So let's have a look at Trusted Advisor now in the console.

59
00:02:21,500 --> 00:02:25,020
‫So let me go into the Trusted Advisor service.

60
00:02:25,020 --> 00:02:27,940
‫Here we go. So currently there's zero actions,

61
00:02:27,940 --> 00:02:30,200
‫zero investigations and zero excluded items,

62
00:02:30,200 --> 00:02:31,470
‫and you can refresh all checks

63
00:02:31,470 --> 00:02:33,840
‫if you want to have a run of all the checks

64
00:02:33,840 --> 00:02:35,310
‫of Trusted Advisor.

65
00:02:35,310 --> 00:02:37,330
‫And as we can see, there's a recommended action.

66
00:02:37,330 --> 00:02:40,090
‫It says you need to upgrade your support plan to get access

67
00:02:40,090 --> 00:02:41,700
‫to all Trusted Advisor checks.

68
00:02:41,700 --> 00:02:44,950
‫Because right now I am just on the basic support plan.

69
00:02:44,950 --> 00:02:47,169
‫So let's go into cost optimization. As you can see,

70
00:02:47,169 --> 00:02:50,310
‫we have none because we don't have the support plan needed

71
00:02:50,310 --> 00:02:53,860
‫for that. Same for performance, same for security.

72
00:02:53,860 --> 00:02:55,340
‫I'm sorry, same for fault tolerance.

73
00:02:55,340 --> 00:02:58,640
‫And for security, we have access to six checks.

74
00:02:58,640 --> 00:03:02,850
‫So we have EBS public snapshots, RDS public snapshots,

75
00:03:02,850 --> 00:03:05,590
‫IAM Use, S3 bucket permissions,

76
00:03:05,590 --> 00:03:07,944
‫MFA on root accounts and security groups

77
00:03:07,944 --> 00:03:10,070
‫specific ports unrestricted.

78
00:03:10,070 --> 00:03:13,810
‫So this is six free core checks available to me.

79
00:03:13,810 --> 00:03:15,730
‫And then on service limits,

80
00:03:15,730 --> 00:03:18,500
‫we have access to a bunch of service limits in here to check

81
00:03:18,500 --> 00:03:20,810
‫for example, whether or not we're using the limits

82
00:03:20,810 --> 00:03:23,890
‫of EC2 on-demand instances and so on.

83
00:03:23,890 --> 00:03:24,760
‫And for tolerance as well

84
00:03:24,760 --> 00:03:26,380
‫we don't have access with the checks.

85
00:03:26,380 --> 00:03:27,310
‫So what I want you to see

86
00:03:27,310 --> 00:03:29,290
‫is that if you go to cost optimization,

87
00:03:29,290 --> 00:03:30,730
‫we can have a look at, for example,

88
00:03:30,730 --> 00:03:33,550
‫this is a low utilization. Amazon is two instances check,

89
00:03:33,550 --> 00:03:36,020
‫but we don't have access to this check unless we upgrade our

90
00:03:36,020 --> 00:03:37,550
‫support plan. Okay?

91
00:03:37,550 --> 00:03:39,140
‫So you've seen everything you need to see

92
00:03:39,140 --> 00:03:40,520
‫from the exam perspective.

93
00:03:40,520 --> 00:03:42,840
‫It's not very interesting to look at Trusted Advisor on

94
00:03:42,840 --> 00:03:44,910
‫the core checks when nothing's running on my accounts,

95
00:03:44,910 --> 00:03:48,000
‫obviously. But I find it very, very good, for example,

96
00:03:48,000 --> 00:03:50,099
‫to have a check for EBS public snapshots

97
00:03:50,099 --> 00:03:51,860
‫or RDS public snapshots,

98
00:03:51,860 --> 00:03:55,530
‫because this could be a data leak or your Amazon S3 bucket

99
00:03:55,530 --> 00:03:59,020
‫permissions that are too open to the public. Okay?

100
00:03:59,020 --> 00:04:00,180
‫So that's it for this lecture.

101
00:04:00,180 --> 00:04:02,853
‫I hope you liked it and it will see you in the next lecture.