Trusted Remediator in AMS Accelerate
Trusted Remediator is an AWS Managed Services solution that automates the remediation of AWS Trusted Advisor
Topics
- Trusted Remediator key benefits
- How Trusted Remediator works
- Key terms for Trusted Remediator
- Get started with Trusted Remediator in AMS
- Trusted Advisor checks supported by Trusted Remediator
- Configure Trusted Advisor check remediation in Trusted Remediator
- Execution mode decision workflow
- Configure remediation tutorials
- Work with remediations in Trusted Remediator
- Remediation logs in Trusted Remediator
- Trusted Remediator integration with Amazon QuickSight
- Best practices in Trusted Remediator
- Trusted Remediator FAQs
Trusted Remediator key benefits
The following are the key benefits of Trusted Remediator:
Improved security, performance, and cost optimization: Trusted Remediator helps you to enhance your accounts' overall security posture, optimize resource utilization, and reduce operational costs.
Self-service setup and configuration: You can configure Trusted Remediator to align with your requirements and preferences.
Automated Trusted Advisor check remediation: After configuration, Trusted Remediator automatically runs the remediation actions for selected Trusted Advisor checks. This automation eliminates the need for manual intervention.
Best practice implementation: Remediation actions are based on established best practices, so issues are addressed in a standardized and effective manner.
Scheduled execution: You can choose the remediation schedule that aligns with your day-to-day operational workflows.
Trusted Remediator empowers you to proactively address identified issues in your AWS environments, helping you to adhere to best practices and maintain secure, high-performing, and cost-effective cloud infrastructure.
How Trusted Remediator works
The following is an illustration of the Trusted Remediator workflow:
Trusted Remediator assesses Trusted Advisor recommendations for your AWS accounts and creates AWS Systems Manager OpsItems in OpsCenter. Then, you can use Trusted Remediator automation documents to remediate the OpsItems automatically or manually. The following are details for each type of remediation:
Automated remediation: Trusted Remediator runs the automation document and monitors the run. After the automation document completes, Trusted Remediator resolves the Opsitem.
Manual remediation: Trusted Remediator creates the OpsItem for you to review. After you review, you start the automation document.
Remediation logs are stored in an Amazon S3 bucket. You can use the data in the S3 bucket to build custom Amazon QuickSight dashboards for reporting. AMS also provides on-request reports for Trusted Remediator. To receive these reports, contact your CSDM. For more information, see Trusted Remediator reports.
Key terms for Trusted Remediator
The following are terms that are useful to know when you use Trusted Remediator in AMS:
AWS Trusted Advisor: A cloud optimization service provided by AWS. Trusted Advisor inspects your AWS environment and provides recommendations based on best practices in the following six categories:
Cost optimization
Performance
Security
Fault tolerance
Operational excellence
Service limits
For more information, see AWS Trusted Advisor.
Trusted Remediator: An AMS remediation solution for Trusted Advisor checks
. Trusted Remediator helps you to safely remediate Trusted Advisor checks with known best practices to improve security, performance, and reduce costs. Trusted Remediator is easy to setup and configure. You configure once, and Trusted Remediator runs remediations on your preferred schedule (daily or weekly). AWS Systems Manager SSM document: A JSON or YAML file that defines the actions that AWS Systems Manager performs on your AWS resources. The SSM document serves as a declarative specification to automate operational tasks across multiple AWS resources and instances.
AWS Systems Manager OpsCenter OpsItem: A cloud operational issue management resource that helps you track and resolve operational issues in your AWS environment. OpsItems provide a centralized view and management system for operational data and issues across AWS services and resources. Each OpsItem represents an operational issue, such as a potential security risk, a performance problem, or an operational incident.
Configuration: A configuration is a set of attributes stored in AWS AppConfig, a capability of AWS Systems Manager. The Trusted Remediator application in AWS AppConfig helps to configure remediations at the account level. You can use the AWS AppConfig console or the API to edit configurations.
Execution mode: Execution mode is a configuration attribute that determines how to run the remediation for each Trusted Advisor check result. There are four supported execution modes: Automated, Manual, Conditional, Inactive.
Resource override: This feature uses resource tags to override a configuration for specific resources.
Remediation item log: A log file in the Trusted Remediator remediation S3 log bucket. The remediation item log is created when remediation OpsItems are created. This log file contains manual execution remediation OpsItems and automated execution remediation OpsItems. Use this log file to track all remediation items.
Automated remediation execution log: A log file in the Trusted Remediator remediation S3 log bucket. The automated remediation execution log is created when automated an SSM document run completes. This log contains SSM execution details for automated execution remediation OpsItems. Use this log file to track automated remediations.