Links

AWS - Trusted Advisor Enum

AWS - Trusted Advisor Enum

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

AWS Trusted Advisor Overview

Trusted Advisor is a service that provides recommendations to optimize your AWS account, aligning with AWS best practices. It's a service that operates across multiple regions. Trusted Advisor offers insights in four primary categories:
  1. 1.
    Cost Optimization: Suggests how to restructure resources to reduce expenses.
  2. 2.
    Performance: Identifies potential performance bottlenecks.
  3. 3.
    Security: Scans for vulnerabilities or weak security configurations.
  4. 4.
    Fault Tolerance: Recommends practices to enhance service resilience and fault tolerance.
The comprehensive features of Trusted Advisor are exclusively accessible with AWS business or enterprise support plans. Without these plans, access is limited to six core checks, primarily focused on performance and security.

Notifications and Data Refresh

  • Trusted Advisor can issue alerts.
  • Items can be excluded from its checks.
  • Data is refreshed every 24 hours. However, a manual refresh is possible 5 minutes after the last refresh.

Checks Breakdown

CategoriesCore

  1. 1.
    Cost Optimization
  2. 2.
    Security
  3. 3.
    Fault Tolerance
  4. 4.
    Performance
  5. 5.
    Service Limits
  6. 6.
    S3 Bucket Permissions

Core Checks

Limited to users without business or enterprise support plans:
  1. 1.
    Security Groups - Specific Ports Unrestricted
  2. 2.
    IAM Use
  3. 3.
    MFA on Root Account
  4. 4.
    EBS Public Snapshots
  5. 5.
    RDS Public Snapshots
  6. 6.
    Service Limits

Security Checks

A list of checks primarily focusing on identifying and rectifying security threats:
  • Security group settings for high-risk ports
  • Security group unrestricted access
  • Open write/list access to S3 buckets
  • MFA enabled on root account
  • RDS security group permissiveness
  • CloudTrail usage
  • SPF records for Route 53 MX records
  • HTTPS configuration on ELBs
  • Security groups for ELBs
  • Certificate checks for CloudFront
  • IAM access key rotation (90 days)
  • Exposure of access keys (e.g., on GitHub)
  • Public visibility of EBS or RDS snapshots
  • Weak or absent IAM password policies
AWS Trusted Advisor acts as a crucial tool in ensuring the optimization, performance, security, and fault tolerance of AWS services based on established best practices.

References

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: