Architecture Overview - AWS Trusted Advisor Explorer

Architecture Overview

Deploying this solution builds the following environment in the AWS Cloud.


        AWS Trusted Advisor Explorer architecture

Figure 1: AWS Trusted Advisor Explorer overview

The AWS CloudFormation template must be deployed in your AWS Organization’s Primary (Master) account. The Primary account is the AWS account you use to create your organization. For more information, see the AWS Organizations terminology and concepts in the AWS Organizations User Guide.

The template creates four essential building blocks for this solution:

  • The scheduler block

  • The extract account information block

  • The extract Trusted Advisor & tag data block

  • The Trusted Advisor Recommendations data lake block

The scheduler block is an Amazon CloudWatch Events rule that triggers the solution based on a schedule defined by user.

The extract account information block contains an AWS Lambda function that extracts the list of accounts from the existing organization in the account or from a CSV file input.

The extract Trusted Advisor & tag data block contains four AWS Step Functions. These four Step Functions are composed of five AWS Lambda functions that work in parallel to extract AWS Trusted Advisor cost recommendations and tag data from all of the member accounts and store them in an Amazon Simple Storage Service (Amazon S3) bucket.

The Trusted Advisor Recommendations data lake block contains Amazon S3, AWS Glue crawlers, Amazon Athena, AWS Lambda, and CloudWatch Events rules. The workflow is triggered by a time-based CloudWatch Events rule on a schedule defined by the user.

The template deploys two Amazon S3 buckets, one for storing the raw Trusted Advisor cost recommendations and tag data, and the other for access logging. It also deploys two Glue crawlers that crawl the raw data from the Amazon S3 bucket to create tables in an Amazon Athena database. When the AWS Glue crawler finishes, another event-based CloudWatch Events rule triggers which invokes an AWS Lambda function to create the required Amazon Athena views.

The solution leverages AWS Trusted Advisor cost optimization recommendations and AWS Resource Groups Tag Editor data to build a data lake that can be queried using Amazon Athena and visualized using Amazon QuickSight or any other visualization platform.

For more information and a detailed solution workflow, see Appendix B.