Reviewing Deviations Using Trusted Advisor – AWS Security Fundamentals – SCS-C02 Study Guide

Reviewing Deviations Using Trusted Advisor

As you use Trusted Advisor, over time, you will see that the service begins to highlight potential issues within your account. This section will cover how to review these deviations and how to interpret the severity of the issues found.

From within the AWS Management Console, select Trusted Advisor from the Management & Governance category list. This will then present you with the following summary:

Figure 2.8: Trusted Advisor Checks summary

Even if the checks summary shows zero actions recommended, you can manually refresh the checks to see if your items are compliant. Do this by following the steps below:

Starting from the Trusted Advisor home page, in the top-left menu under the Trusted Advisor heading, click on the submenu labeled Security.

Figure 2.9: Security menu item highlighted in Trusted Advisor

Now, on the security checks page, see if you can find one of the basic checks that still need to be completed. This is signified by an icon that looks like a circle with a line in the middle of it. (An example is shown in the following screenshot of the Security Groups – Specific Ports Unrestricted window.)

Figure 2.10: Incomplete security groups check with a gray circle

On the right side of the check, click on the circular arrow icon to refresh the check. If the check passes on your account, the gray circle with the arrow will be replaced with a green circle with a check inside it. If the check fails, however, the gray circle will be replaced by a red circle with an x in the middle, signifying that a critical check has failed, or a yellow triangle with an exclamation point if any other port besides the critical ports has been left unrestricted.

Figure 2.11: Security check that has a non-critical finding

Dig deeper into this deviation with the following steps to see what else Trusted Advisor can tell you.

Click the triangle to the left of the yellow arrow to expose more information regarding the finding. You can see that 6 out of 55 security groups currently allow unrestricted access to non-critical ports without revealing additional information.

Scroll down to see a list of the six security groups in question. The details provided by Trusted Advisor include Region, Security Group Name, Security Group ID, Protocol, and Port Range. And now that you know which security groups are in violation, you have two options: create an exception right here so that it will no longer cause a Trusted Advisor alert or remediate the anomalies using the information provided by Trusted Advisor.

Figure 2.12: Trusted Advisor details of security group violations

With the conclusion of this topic, you should now understand the Trusted Advisor service, how to use it to check for security vulnerabilities, and how to use the details of those checks to help you remediate those vulnerabilities. Next is a quick recap of what you have learned in this chapter.