AWS Trusted Advisor - AWS GovCloud (US)

AWS Trusted Advisor

An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices.

How AWS Trusted Advisor Differs for AWS GovCloud (US)

  • Email notifications are not yet enabled in Trusted Advisor in the AWS GovCloud (US) Regions.

The following tables list the Trusted Advisor checks that are available in the AWS GovCloud (US) Regions and the required support level:

Cost optimization

The following table lists the Trusted Advisor checks for cost optimization that are available in the AWS GovCloud (US) Regions.

Check Support level
Amazon RDS Idle DB Instances Business and Enterprise
Idle Load Balancers Business and Enterprise
Low Utilization Amazon EC2 Instances Business and Enterprise
Unassociated Elastic IP Addresses Business and Enterprise
Underutilized Amazon EBS Volumes Business and Enterprise

Fault tolerance

The following table lists the Trusted Advisor checks for fault tolerance that are available in the AWS GovCloud (US) Regions.

Check Support level
Amazon Aurora DB Instance Accessibility Business and Enterprise
Amazon EBS Snapshots Business and Enterprise
Amazon EC2 Availability Zone Balance Business and Enterprise
Amazon RDS Backups Business and Enterprise
Amazon RDS Multi-AZ Business and Enterprise
Amazon S3 Bucket Logging Business and Enterprise
Amazon S3 Bucket Versioning Business and Enterprise
Auto Scaling Group Resources Business and Enterprise
Auto Scaling Group Health Check Business and Enterprise
ELB Connection Draining Business and Enterprise
ELB Cross-Zone Load Balancing Business and Enterprise
Load Balancer Optimization Business and Enterprise
VPN Tunnel Redundancy Business and Enterprise

Performance

The following table lists the Trusted Advisor checks for performance that are available in the AWS GovCloud (US) Regions.

Check Support level
Amazon EBS Provisioned IOPS (SSD) Volume Attachment Configuration Business and Enterprise
Amazon EC2 to EBS Throughput Optimization Business and Enterprise
High Utilization Amazon EC2 Instances Business and Enterprise
Large Number of EC2 Security Group Rules Applied to an Instance Business and Enterprise
Large Number of Rules in an EC2 Security Group Business and Enterprise
Overutilized Amazon EBS Magnetic Volumes Business and Enterprise
Service Limits All support levels

Security

The following table lists the Trusted Advisor checks for security that are available in the AWS GovCloud (US) Regions.

Check Support level
Amazon EBS Public Snapshots All support levels
Amazon RDS Security Group Access Risk Business and Enterprise
Amazon RDS Public Snapshots All support levels
Amazon S3 Bucket Permissions All support levels
AWS CloudTrail Logging Business and Enterprise
ELB Security Groups Business and Enterprise
ELB Listener Security Business and Enterprise
IAM Access Key Rotation All support levels
IAM Use All support levels
IAM Password Policy Business and Enterprise
Security Groups - Specific Ports Unrestricted All support levels
Security Groups - Unrestricted Access Business and Enterprise

Service quotas

The following table lists the checks for Trusted Advisor service quotas, formerly known as limits, that are available in the AWS GovCloud (US) Regions.

Check Support level
Auto Scaling Groups All support levels
Auto Scaling Launch Configurations All support levels
CloudFormation Stacks All support levels
DynamoDB Read Capacity All support levels
DynamoDB Write Capacity All support levels
EBS Active Snapshots All support levels
EBS Active Volumes All support levels
EBS Cold HDD (sc1) Volume Storage All support levels
EBS General Purpose SSD (gp2) Volume Storage All support levels
EBS Magnetic (standard) Volume Storage All support levels
EBS Provisioned IOPS (SSD) Volume Aggregate IOPS All support levels
EBS Provisioned IOPS SSD (io1) Volume Storage All support levels
EBS Throughput Optimized HDD (st1) Volume Storage All support levels
EC2 Elastic IP Addresses All support levels
EC2 Reserved Instance Leases All support levels
ELB Active Load Balancers All support levels
ELB Network Load Balancers All support levels
ELB Application Load Balancers All support levels
IAM Group All support levels
IAM Instance Profiles All support levels
IAM Policies All support levels
IAM Roles All support levels
IAM Server Certificates All support levels
IAM Users All support levels
Kinesis Shards per Region All support levels
RDS Cluster Parameter Groups All support levels
RDS Cluster Roles All support levels
RDS Clusters All support levels
RDS DB Instances All support levels
RDS DB Parameter Groups All support levels
RDS DB Security Groups All support levels
RDS DB Manual Snapshots All support levels
RDS Event Subscriptions All support levels
RDS Max Auths per Security Group All support levels
RDS Option Groups All support levels
RDS Read Replicas per Master All support levels
RDS Reserved Instances All support levels
RDS Subnet Groups All support levels
RDS Subnets per Subnet Group All support levels
RDS Total Storage Quota All support levels
VPC All support levels
VPC Elastic IP Address All support levels
VPC Internet Gateways All support levels

The following table lists the Trusted Advisor checks that are not available in the AWS GovCloud (US) Regions.

Category Check Support Level
Cost optimization Amazon EC2 Reserved Instance Optimization Business and Enterprise
Amazon EC2 Reserved Instance Lease Expiration Business and Enterprise
Amazon Route 53 MX Resource Record Sets and Sender Policy Framework Business and Enterprise
Amazon Route 53 Latency Resource Record Sets Business and Enterprise
Fault tolerance Amazon Route 53 Name Server Delegations Business and Enterprise
Amazon Route 53 High TTL Resource Record Sets Business and Enterprise
Amazon Route 53 Failover Resource Record Sets Business and Enterprise
Amazon Route 53 Deleted Health Checks Business and Enterprise
AWS Direct Connect Connection Redundancy Business and Enterprise
AWS Direct Connect Location Redundancy Business and Enterprise
AWS Direct Connect Virtual Interface Redundancy Business and Enterprise
EC2Config Service for EC2 Windows Instances Business and Enterprise
ENA Driver Version for EC2 Windows Instances Business and Enterprise
NVMe Driver Version for EC2 Windows Instances Business and Enterprise
PV Driver Version for EC2 Windows Instances Business and Enterprise
Performance Amazon Route 53 Alias Resource Record Sets Business and Enterprise
Amazon CloudFront Alternate Domain Names Business and Enterprise
Amazon CloudFront Content Delivery Optimization Business and Enterprise
Amazon CloudFront Header Forwarding and Cache Hit Ratio Business and Enterprise
Security MFA on Root Account All support levels
Amazon Route 53 MX Resource Record Sets and Sender Policy Framework Business and Enterprise
Amazon CloudFront Custom SSL Certificates in the IAM Certificate Store Business and Enterprise
Amazon CloudFront SSL Certificate on the Origin Server Business and Enterprise
Exposed Access Keys All support levels
Service quotas SES Daily Sending Quota All support levels
Route 53 Traffic Policies All support levels
Route 53 Traffic Policy Instances All support levels
Route 53 Reusable Delegation Sets All support levels
Route 53 Max Health Checks All support levels
Route 53 Hosted Zones All support levels
EC2 On-Demand Instances All support levels
EBS Active Volumes All support levels

Documentation for AWS Trusted Advisor

AWS Trusted Advisor documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • Not applicable

  • Not applicable