AWS - Trusted Advisor Enum

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

AWS Trusted Advisor Overview

Trusted Advisor is a service that provides recommendations to optimize your AWS account, aligning with AWS best practices. It's a service that operates across multiple regions. Trusted Advisor offers insights in four primary categories:

Cost Optimization: Suggests how to restructure resources to reduce expenses.
Performance: Identifies potential performance bottlenecks.
Security: Scans for vulnerabilities or weak security configurations.
Fault Tolerance: Recommends practices to enhance service resilience and fault tolerance.

The comprehensive features of Trusted Advisor are exclusively accessible with AWS business or enterprise support plans. Without these plans, access is limited to six core checks, primarily focused on performance and security.

Notifications and Data Refresh

Trusted Advisor can issue alerts.
Items can be excluded from its checks.
Data is refreshed every 24 hours. However, a manual refresh is possible 5 minutes after the last refresh.

Checks Breakdown

CategoriesCore

Cost Optimization
Security
Fault Tolerance
Performance
Service Limits
S3 Bucket Permissions

Core Checks

Limited to users without business or enterprise support plans:

Security Groups - Specific Ports Unrestricted
IAM Use
MFA on Root Account
EBS Public Snapshots
RDS Public Snapshots
Service Limits

Security Checks

A list of checks primarily focusing on identifying and rectifying security threats:

Security group settings for high-risk ports
Security group unrestricted access
Open write/list access to S3 buckets
MFA enabled on root account
RDS security group permissiveness
CloudTrail usage
SPF records for Route 53 MX records
HTTPS configuration on ELBs
Security groups for ELBs
Certificate checks for CloudFront
IAM access key rotation (90 days)
Exposure of access keys (e.g., on GitHub)
Public visibility of EBS or RDS snapshots
Weak or absent IAM password policies

AWS Trusted Advisor acts as a crucial tool in ensuring the optimization, performance, security, and fault tolerance of AWS services based on established best practices.

References

https://cloudsecdocs.com/aws/services/logging/other/#trusted-advisor

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - Shield Enum NextAWS - WAF Enum

Last updated 2 months ago