logo
All blog posts
AWS

AWS Trusted Advisor: Basics, Benefits and Best Practices

Originally Published June, 2025

By:

Matt Stellpflug

Senior FinOps Specialist

AWS Trusted Advisor Basics, Benefits and Best Practices

Cloud operations are full of blind spots. Unused resources keep running quietly in the background. Security vulnerabilities go unnoticed until flagged by an audit. Teams launch fast, but no one circles back to verify if workloads are aligned with best practices for cost, performance, or resilience.

At scale, these small gaps become expensive. A forgotten snapshot here, an oversized database there, and multiplied across hundreds of accounts and services. Engineering teams are focused on shipping products. Finance teams struggle to connect spend with efficiency. Leadership lacks a clear, ongoing view into how well cloud infrastructure aligns with business and technical goals.

That is why visibility and continuous assessment are no longer optional. Businesses need structured, ongoing feedback on how to improve their cloud environment across cost, security, reliability, and more. 

In this guide, we explore how AWS Trusted Advisor helps fill that need. We will break down its features, pricing, alignment with AWS’s six pillars of architecture, and the best practices for using it effectively.

What Is AWS Trusted Advisor?

AWS Trusted Advisor is a built-in service that provides real-time, actionable  insights to help AWS customers improve the health and efficiency of their cloud environments. It acts as a centralized dashboard that continuously scans your infrastructure and flags issues across key areas like cost, performance, security, and reliability.

Rather than offering generic advice, Trusted Advisor delivers targeted recommendations based on actual usage. It can surface idle EC2 instances, unattached EBS volumes, underutilized Reserved Instances, and other common inefficiencies that lead to waste or risk.

The tool evaluates your environment against AWS best practices across six foundational pillars: cost optimization, performance, security, fault tolerance, operational excellence and service limits. These pillars reflect the same principles used in the AWS Well-Architected Framework.

When integrated into regular workflows, Trusted Advisor becomes a continuous checkpoint that supports smarter scaling, proactive budgeting, and more reliable infrastructure planning as your environment evolves.

How Does AWS Trusted Advisor Work?

AWS Trusted Advisor functions as a continually updated assessment tool that scans your deployed resources across active regions. It evaluates your environment against AWS best practices by surfacing insights from its own checks as well as from integrated services like AWS Config, Compute Optimizer, and the Well-Architected Tool. While not real time, its recommendations are based on regularly refreshed data using a variable lookback period.

When it identifies deviations or potential inefficiencies, it provides recommendations for improvement. Each recommendation comes categorized based on its level of importance or severity:

  • Red = Immediate action recommended
  • Yellow = Further investigation recommended
  • Green = No problems detected

For each flagged issue, Trusted Advisor provides contextual insights, including the affected resources, the rationale behind the recommendation, and suggested remediation steps. 

This makes it easier for FinOps teams to incorporate Trusted Advisor into routine reviews and optimization sprints, ensuring your AWS infrastructure remains cost-effective, secure, resilient, and compliant at every stage of growth.

Six Pillars of AWS Trusted Advisor

Trusted Advisors utilizes a series of system checks when monitoring for cloud improvements, categorized into six key pillars:

  • Security and compliance
  • Performance optimization
  • Cost optimization
  • Resilience and fault tolerance
  • Service limits monitoring
  • Operational Excellence

Each of these pillars aligns with established best practices for creating safe and sustainable cloud deployments across their AWS accounts.

1. Security and compliance

Security missteps in AWS often go unnoticed until they lead to breaches, compliance failures, or costly downtime. Trusted Advisor helps surface these risks early by continuously assessing access controls, network settings, and data protection practices. This helps reduce the burden on engineering teams while improving audit readiness.

Key tasks

  • Ensures proper configuration of IAM users, groups, roles, and MFA
  • Flags use of the root user or lack of MFA
  • Identifies security groups with unrestricted access
  • Detects public S3 buckets and exposed RDS snapshots
  • Verifies VPC and firewall configuration integrity
  • Confirms CloudTrail is active for secure logging and compliance tracking
  • Checks for gaps in encryption settings across storage and database services

2. Performance optimization

Performance issues in the cloud can be subtle but costly. Under-provisioned resources can create latency and downtime, while over-provisioned ones waste money. Trusted Advisor helps identify configuration improvements that increase application responsiveness, reduce bottlenecks, and ensure infrastructure scales with demand.

By analyzing real-time and historical usage data, it flags resources that may be misaligned with actual workloads and enables proactive tuning without manual guesswork.

Key tasks

  • Flags underperforming or underutilized EC2 instances
  • Recommends Auto Scaling adjustments based on usage patterns
  • Identifies load balancers with low traffic or misconfiguration
  • Suggests improved instance types or additional resources to support performance
  • Highlights regions or availability zones better suited for latency-sensitive workloads

3. Cost optimization

In most AWS environments, a significant portion of cloud spend is driven by idle, oversized, or misaligned resources. Trusted Advisor plays a central role in identifying these inefficiencies and helping teams take action before costs spiral.

It continuously analyzes resource usage to uncover underutilized instances, unattached volumes, idle load balancers, and more. These insights help FinOps and engineering teams reduce waste, make informed purchasing decisions, and track opportunities for cost reduction across accounts.

Key tasks

  • Detects idle or low-utilization EC2, RDS, and ELB resources
  • Flags unattached EBS volumes, idle Elastic IPs, and unassociated load balancers
  • Recommends opportunities to purchase or adjust Reserved Instances and Savings Plans
  • Provides early alerts on cost anomalies or unusual spend patterns
  • Surfaces resources that can be downsized or rightsized for more efficient usage

4. Resilience and fault tolerance

Availability issues and service disruptions can damage customer trust and impact revenue. Trusted Advisor helps teams identify single points of failure in their infrastructure that could compromise availability or delay recovery during an outage.

It assesses whether your workloads are distributed across multiple Availability Zones, checks backup configurations, and verifies whether recovery mechanisms like snapshots and failover settings are in place. These checks help ensure that your infrastructure can withstand failures and recover quickly without data loss.

Key tasks

  • Evaluates deployment across Availability Zones to prevent single points of failure
  • Verifies presence and frequency of EBS snapshots and RDS backups
  • Flags missing or outdated backup configurations
  • Identifies lacking logging and health check configurations across services
  • Assesses failover readiness for high-availability systems
  • Recommends redundancy improvements based on service architecture, such as ELB target balancing and VPN tunnel redundancy

5. Service limits monitoring

Every AWS service has account-level limits that, if reached unexpectedly, can block critical operations. Whether launching new instances, adding load balancers, or provisioning storage, hitting a quota can cause outages or deployment failures.

Trusted Advisor monitors your current status against these predefined limits, helping teams stay ahead of capacity or operational constraints. It surfaces alerts when thresholds are approaching, giving you time to request limit increases or adjust plans proactively.

Key tasks

  • Tracks service usage against AWS account-level quotas
  • Flags resources nearing their limits (e.g., EC2 instances, Elastic IPs, VPCs)
  • Provides actionable alerts to prevent disruption during scaling events
  • Offers recommendations for infrastructure planning as demand grows

6. Operational excellence

Operational Excellence focuses on maintaining healthy, well-managed cloud environments by improving visibility, automation, and process consistency. Trusted Advisor helps organizations adopt best practices around infrastructure hygiene, change tracking, and day-to-day operations. These insights support smoother deployments, faster incident response, and a more stable cloud foundation over time.

Key tasks

  • Surfaces unmonitored or unlogged services that hinder observability
  • Supports standardized operations by aligning with Well-Architected best practices
  • Encourages use of automation for repeatable operational tasks and governance
  • Checks for latest versions for things like RDS DB and Fargate compute platform
  • Deletion protection for resources like Load Balancers and RDS DB Clusters

Key Features and Benefits of AWS Trusted Advisor

Trusted Advisor provides several benefits and features to help businesses scale their cloud infrastructure, including:

Comprehensive automated checks

Manually reviewing infrastructure for inefficiencies is time-consuming and often reactive. Teams either wait for cost spikes or scramble during audits to identify gaps. Trusted Advisor solves this by automatically scanning your environment against AWS best practices across cost, performance, security, resilience, and service limits.

It runs in the background and flags risks as they emerge. For example, it can detect idle compute resources, open security vulnerabilities, or workloads approaching account-level quotas. This ensures optimization and compliance are not one-off exercises but ongoing checks built into your cloud operations.

By surfacing issues early, it helps reduce manual oversight, speeds up remediation, and enables better decision-making before inefficiencies escalate.

Real-time monitoring and alerts

Most cloud issues are discovered too late, either after a service fails, a budget threshold is breached, or an internal review catches something that should have been flagged earlier. Trusted Advisor addresses this by enabling real-time alerts through integrations with Amazon EventBridge and CloudWatch.

Teams can create targeted rules that trigger alerts when specific changes occur. For example, if a service limit is about to block a deployment or a security misconfiguration is detected, alerts are routed immediately to the right owners. You can also track shifts in recommendation priority, so when an issue becomes more severe, it is escalated without manual oversight.

These alerting workflows help teams stay proactive, reduce operational risk, and ensure no critical recommendation is missed or delayed.

Usage-aware recommendations

Generic advice does not move the needle when infrastructure is complex and evolving. Trusted Advisor avoids this problem by tailoring its recommendations to each organization’s actual AWS usage. It evaluates how services are configured, how resources are consumed, and where inefficiencies are most likely to appear.

This allows teams to focus only on what matters. For instance, instead of a broad suggestion to review compute usage, Trusted Advisor might flag a specific EC2 instance with consistently low utilization or an underused Savings Plan that could be exchanged. These targeted insights save time and reduce the guesswork involved in optimization efforts.

For teams managing large, multi-account environments, personalized recommendations help prioritize fixes, align spend with actual demand, and ensure that resources scale efficiently as the business grows.

Customizable reports and insights

Trusted Advisor enables businesses to generate custom reports on performance across all of AWS’s cloud optimization pillars. Users can access these reports through the AWS Management Console and filter them by recommendation statuses and specific suggestion categories.

These reports are also customizable and can exclude certain AWS resources from checks as needed. This is helpful when businesses want to minimize false alerts surrounding purposeful deviations from standard AWS frameworks.

In addition to viewing Trusted Advisor reports online, AWS users can also download their reports in .xls format. This allows them to incorporate usage insights into their internal reporting processes, making it easier to conduct more in-depth analyses and share optimization recommendations with internal stakeholders.

Trusted Advisor checks are also accessible via API, allowing teams to automate reporting, integrate with internal dashboards, or trigger workflows based on recommendation data.

Integration with AWS Management Console

AWS simplifies access to Trusted Advisor recommendations through seamless integration with the AWS Management Console. This provides businesses with a single, central location to manage all cloud configurations and easily reference suggested improvements.

Users can access their Trusted Advisor dashboard for a clear overview of their cloud environments and any open recommendations requiring attention. From this dashboard, they can quickly filter suggestions by category and review each summarized action item.

In most situations, Trusted Advisor also provides “Action Links” embedded in the recommended optimization suggestions. These links direct users to an AWS service console page, where they can follow the listed steps to address any open issues. This simplifies acting on suggestions and allows businesses to quickly benefit from the changes.

Pricing for AWS Trusted Advisor

To get the most value from Trusted Advisor, users will need to be on an AWS Support Plan tier based on their unique needs. Below is the pricing structure for these tiers:

Developer Support

This entry-level plan includes only basic Trusted Advisor checks related to service quotas and core security configurations. Pricing starts at $29 per month as minimum spend or 3 percent of total monthly AWS charges, whichever is higher.

Business Support

The Business plan provides full access to all Trusted Advisor checks across cost, security, performance, fault tolerance, and service limits. It starts at $100 per month as minimum spend or pay a percentage based on the total amount spent, broken down as:

  • 10% on the first $0 – $10,000
  • 7% on the next $10,000 – $80,000
  • 5% on the next $80,000 – $250,000
  • 3% on charges over $250,000

Enterprise On-Ramp Support

This plan offers full Trusted Advisor coverage and is designed for organizations that need enterprise-level support but with fewer add-ons. It costs $5,500 per month as minimum spend or 10 percent of total AWS charges, whichever is greater.

Enterprise Support

The highest tier includes complete access to Trusted Advisor along with the most advanced AWS support features. Pricing begins at $15,000 per month for usage up to $150,000. Additional usage is charged as:

  • $15,000 flat for usage up to $150,000
  • 7% on the next $150,000 – $500,000
  • 5% on the next $500,000 – $1,000,000
  • 3% on charges over $1,000,000

Improve Your AWS Cost Optimization With ProsperOps

AWS Trusted Advisor offers valuable cost-saving insights, but acting on them requires manual effort, ongoing monitoring, and cloud cost expertise.

For true cost optimization, automation is key. This is where ProsperOps comes in!

ProsperOps delivers cloud savings-as-a-service, automatically blending discount instruments to maximize your savings while lowering Commitment Lock-In Risk. Using our Autonomous Discount Management platform, we optimize the hyperscaler’s native discount instruments to reduce your cloud spend and place you in the 98th percentile of FinOps teams.

  • Full support for compute services like EC2, Fargate, and Lambda
  • Coverage for complex non-compute RIs such as RDS, ElastiCache, OpenSearch, MemoryDB, and Redshift
  • Portfolio diversification across Savings Plans and Reserved Instances
  • Continuous laddering that adapts commitment amounts and timing with no manual intervention.

In addition to autonomous rate optimization, ProsperOps now supports usage optimization through its resource scheduling feature, ProsperOps Scheduler. Our customers of Autonomous Discount Management™ (ADM) can now automate resource state changes on weekly schedules to reduce waste and lower cloud spend.

Additionally, we support automated commitment and cost optimization across all three hyperscalers i.e. AWS, Azure, and Google Cloud. Your teams stay focused on strategic FinOps goals, while ProsperOps automates rate and usage optimization behind the scenes.

Make the most of your cloud spend with ProsperOps. Schedule your free demo today!

Get Started for Free

Sign Up

Latest from our blog

Amazon EC2 Cost Optimization Guide For 2025
AWS

Amazon EC2 Cost Optimization Guide For 2025

Read More
FinOps Is Expanding to Intersecting Disciplines The Cloud+ FinOps Era
FinOps

FinOps Is Expanding to Intersecting Disciplines: The Cloud+ FinOps Era

Read More
Spot Instances vs. Reserved Instances Key Differences
FinOps

Spot Instances vs. Reserved Instances: Key Differences

Read More

Request a Free Savings Analysis

3 out of 4 customers see at least a 50% increase in savings.

Get a deeper understanding of your current cloud spend and savings, and find out how much more you can save with ProsperOps!

  • Visualize your savings potential
  • Benchmark performance vs. peers
  • 10-minute setup, no strings attached

Submit the form to request your free cloud savings analysis.

prosperbot