Change log for Amazon Trusted Advisor - Amazon Web Services Support
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Change log for Amazon Trusted Advisor

See the following topic for recent changes to Trusted Advisor checks.

Note

If you use the Trusted Advisor console or the Amazon Web Services Support API, checks that were removed won't appear in check results. If you use any of the removed checks such as specifying the check ID in an Amazon Web Services Support API operation or your code, you must remove these checks to avoid API call errors.

For more information about the available checks, see the Amazon Trusted Advisor check reference.

New check: Amazon RDS Continuous Backup Not Enabled

Trusted Advisor added the following check on December 23, 2024.

Check name Check category Check ID

Amazon RDS Continuous Backup Not Enabled

Fault tolerance

44fde09ab5

Checks if an Amazon RDS instance is enabled with automated backups using Amazon RDS or with continuous backups of Amazon Backup. Continuous backups reduce the risk of unexpected data loss and allow for point-in-time recovery.

For more information, see .

New check: Amazon CloudTrail Management Events Logging

Trusted Advisor added the following check on December 23, 2024.

Check name Check category Check ID

Amazon CloudTrail Management Events Logging

Security

c25hn9x03v

Checks your use of Amazon CloudTrail.

For more information, see .

Updated the Auto Scaling Group Resources check

Trusted Advisor updated the following check on December 23, 2024.

Check name Check category Check ID

Auto Scaling Group Resources

Fault tolerance

8CNsSllI5v

The description of this check is updated to include launch configurations and launch templates.

A new alert critera, Red: A launch template is associated with a deleted Amazon Machine Image (AMI). was added.

For more information, see Auto Scaling Group Resources.

Updated the IAM Access Analyzer External Access check

Trusted Advisor updated the following check on December 23, 2024.

Check name Check category Check ID

IAM Access Analyzer External Access

Security

07602fcad6

The description of this check is updated to indicate that it analyzes IAM access at the account level. For more information, see .

Added 1 new check

Trusted Advisor added 1 new check on November 22, 2024:

Updated 3 checks

Trusted Advisor updated 3 checks on November 7, 2024:

Added 4 checks

Trusted Advisor added 4 new checks on October 11, 2024:

  • 07602fcad6 - IAM Access Analyzer - external access

  • 528d6f5ee7 - GWLB - Endpoint AZ

  • c2vlfg0jp6 - Inactive VPC interface endpoints

  • c2vlfg0k35 - Inactive Gateway Load Balancer endpoints

Updated 3 checks

Trusted Advisor updated 3 checks on October 2, 2024:

  • Check ID 7040ea389a moved from Cost Optimization pillar to the Fault Tolerance pillar

  • Updated Check ID 7DAFEmoDos

  • Updated Check ID Cmsvnj8db2

Added 9 new checks

Trusted Advisor added 9 new checks on August 23, 2024:

  • c2vlfg0p86 - [IAM] - SAML 2.0 Identity Provider

  • 7040ea389a - Network Firewall endpoint Cross-AZ Data Transfer

  • c2vlfg0bfw - Low utilization Network Firewall

  • c2vlfg0gqd - Network Firewall Multi-AZ

  • c2vlfg0p1w - Application Load Balancer Target Groups encrypted protocol

  • c2vlfg022t - [NAT Gateway] - Underutilized Resource

  • c243hjzrhn - Amazon Outposts Single Rack deployment

  • b92b83d667 - ELB Target Imbalance

  • 90046ff5b5 - MSK availability is limited to two zones

For more information, see the Amazon Trusted Advisor check reference.

Updated 1 Security check and added 1 Security check

Trusted Advisor updated 1 Operational Excellence checks on August 22, 2024:

  • c1fd6b96l4

Trusted Advisor added 1 Security checks on August 22, 2024:

  • c2vlfg0f4h

For more information, see the Amazon Trusted Advisor check reference.

Updated 6 Security checks

Trusted Advisor updated 6 Security checks on August 20, 2024:

  • nNauJisYIT

  • c9D319e7sG

  • a2sEc6ILx

  • HCP4007jGY

  • 1iG5NDGVre

  • Yw2K9puPzl

For more information, see the Amazon Trusted Advisor check reference.

Updated 1 fault tolerance checks

Trusted Advisor updated the 1 fault tolerance check and 1 security on August 12, 2024:

  • VPN Tunnel Redundancy

  • Amazon RDS engine minor version upgrade is required

For more information, see the Amazon Trusted Advisor check reference.

Updated 9 checks

Trusted Advisor updated the 9 checks on July 21, 2024:

  • 7qGXsKIUw

  • ZRxQlPsb6c

  • N425c450f2

  • 7DAFEmoDos

  • Pfx0RwqBli

  • H7IgTzjTYb

  • C056F80cR3

  • Yw2K9puPzl

  • xSqX82fQu

For more information, see the Amazon Trusted Advisor check reference.

Removed 5 checks and added 1 check

Trusted Advisor deprecated 3 Fault Tolerance checks, 1 Perfomance check, and 1 Security check on May 15, 2024:

  • IAM Use

  • ELB Cross-Zone Load Balancing

  • Overutilized Amazon EBS Magnetic Volumes

  • Large Number of EC2 Security Group Rules Applied to an Instance

  • Large Number of Rules in an EC2 Security Group

Trusted Advisor added 1 new security check on May 15, 2024:

  • Amazon S3 Server Access Logs Enabled

For more information, see the Amazon Trusted Advisor check reference.

Removed fault tolerance checks

Trusted Advisor deprecated 3 Fault Tolerance check on April 25, 2024:

  • Amazon Direct Connect Connection Redundancy

  • Amazon Direct Connect Location Redundancy

  • Amazon Direct Connect Virtual Interface Redundancy

For more information, see the Amazon Trusted Advisor check reference.

New fault tolerance check

Trusted Advisor added 1 Fault Tolerance check on February 29, 2024:

  • NLB - Internet-facing resource in private subnet

For more information, see the Amazon Trusted Advisor check reference.

Updated fault tolerance and security checks

Trusted Advisor added 1 new Fault Tolerance check and amended 1 existing Fault tolerance and 1 Security check on March 28 2024:

  • Added Amazon Resilience Hub Application Component check

  • Updated Amazon Lambda VPC-enabled Functions without Multi-AZ Redundancy

  • Updated Amazon Lambda Functions Using Deprecated Runtimes

For more information, see the Amazon Trusted Advisor check reference.

New fault tolerance check

Trusted Advisor added 1 Fault Tolerance check on January 31, 2024:

  • Amazon Direct Connect Location Resiliency

For more information, see the Amazon Trusted Advisor check reference.

Updated fault tolerance check

Trusted Advisor amended 1 Fault Tolerance check on January 08, 2024:

  • Amazon RDS innodb_flush_log_at_trx_commit parameter is not 1

For more information, see the Amazon Trusted Advisor check reference.

Updated security check

Trusted Advisor amended 1 Security check on December 21, 2023:

  • Amazon Lambda Functions Using Deprecated Runtimes

For more information, see the Amazon Trusted Advisor check reference.

New security and performance checks

Trusted Advisor added 2 new Security checks and 2 new Performance checks on December 20, 2023:

  • Amazon EFS clients not using data-in-transit encryption

  • Amazon Aurora DB cluster under-provisioned for read workload

  • Amazon RDS instance under-provisioned for system capacity

  • Amazon EC2 instances with Ubuntu LTS end of standard support

For more information, see the Amazon Trusted Advisor check reference.

New security check

Trusted Advisor added 1 new Security check on December 15, 2023:

  • Amazon Route 53 mismatching CNAME records pointing directly to S3 buckets

For more information, see the Amazon Trusted Advisor check reference.

New fault tolerance and cost optimization checks

Trusted Advisor added 2 new Fault Tolerance checks and 1 new Cost Optimization check on December 07, 2023:

  • Amazon DocumentDB Single-AZ clusters

  • Amazon S3 Incomplete Multipart Upload Abort Configuration

  • Amazon ECS AmazonLogs driver in blocking mode

For more information, see the Amazon Trusted Advisor check reference.

Trusted Advisor check removal

Check name Check category Check ID

EBS volumes should be attached to EC2 instances

Security

Hs4Ma3G119

S3 buckets should have server-side encryption enabled

Security

Hs4Ma3G167

CloudFront distributions should have origin access identity enabled

Security

Hs4Ma3G195

Updates to the Trusted Advisor integration with Amazon Security Hub

Trusted Advisor made the following update on November 17, 2022.

If you disable Security Hub or Amazon Config for an Amazon Web Services Region, Trusted Advisor now removes your control findings for that Amazon Web Services Region within 7-9 days. Previously, the time frame to remove your Security Hub data from Trusted Advisor was 90 days.

For more information, see the following sections in the Troubleshooting topic:

Update to the Trusted Advisor console

Trusted Advisor added the following change on November 16, 2022.

The Trusted Advisor Dashboard in the console is now Trusted Advisor Recommendations. The Trusted Advisor Recommendations page still shows the check results and the available checks for each category for your Amazon Web Services account.

This name change only updates the Trusted Advisor console. You can continue to use the Trusted Advisor console and the Trusted Advisor operations in the Amazon Web Services Support API as usual.

For more information, see Get started with Trusted Advisor Recommendations.

Added Security Hub checks to Trusted Advisor

As of June 23, 2022, Trusted Advisor only supports Security Hub controls available through April 7, 2022. This release supports all controls in the Amazon Foundational Security Best Practices security standard except for controls in the Category: Recover > Resilience. For more information, see Viewing Amazon Security Hub controls in Amazon Trusted Advisor.

For a list of supported controls, see Amazon Foundational Security Best Practices controls in the Amazon Security Hub User Guide.

Added checks from Amazon Compute Optimizer

Trusted Advisor added the following checks on May 4, 2022.

Check name Check category Check ID

Amazon EBS over-provisioned volumes

Cost optimization

COr6dfpM03

Amazon EBS under-provisioned volumes

Performance

COr6dfpM04

Amazon Lambda over-provisioned functions for memory size

Cost optimization

COr6dfpM05

Amazon Lambda under-provisioned functions for memory size

Performance

COr6dfpM06

You must opt in your Amazon Web Services account for Compute Optimizer so that these checks can receive data from your Lambda and Amazon EBS resources. For more information, see Opt in Amazon Compute Optimizer for Trusted Advisor checks.

Updated checks for Amazon Direct Connect

Trusted Advisor updated the following checks on March 29, 2022.

Check name Check category Check ID

Amazon Direct Connect Connection Redundancy

Fault tolerance

0t121N1Ty3

Amazon Direct Connect Location Redundancy

Fault tolerance

8M012Ph3U5

Amazon Direct Connect Virtual Interface Redundancy

Fault tolerance

4g3Nt5M1Th

  • The value for the Region column now shows the Amazon Web Services Region code instead of the full name. For example, resources in US East (N. Virginia) will now have the us-east-1 value.

  • The value for the Time Stamp column now appears in the RFC 3339 format, such as 2022-03-30T01:02:27.000Z.

  • Resources that don't have any detected problems will now appear in the check table. These resources will have a check mark icon ( Green checkmark icon indicating success or approval. ) next to them.

    Previously, only resources that Trusted Advisor recommended that you investigate appeared in the table. These resources have a warning icon ( Warning triangle symbol with an exclamation mark inside. ) next to them.

Updated check name for Amazon OpenSearch Service

Trusted Advisor updated the name for the Amazon OpenSearch Service Reserved Instance Optimization check on September 8, 2021.

The check recommendations, category, and ID are the same.

Check name Check category Check ID

Amazon OpenSearch Service Reserved Instance Optimization

Cost optimization

7ujm6yhn5t

Note

If you use Trusted Advisor for Amazon CloudWatch metrics, the metric name for this check is also updated. For more information, see Creating Amazon CloudWatch alarms to monitor Amazon Trusted Advisor metrics.

Added checks for Amazon Elastic Block Store volume storage

Trusted Advisor added the following checks on June 8, 2021.

Check name Check category Check ID

EBS General Purpose SSD (gp3) Volume Storage

Service limits

dH7RR0l6J3

Added checks for Amazon Lambda

Trusted Advisor added the following checks on March 8, 2021.

Check name Check category Check ID

Amazon Lambda Functions with Excessive Timeouts

Cost optimization

L4dfs2Q3C3

Amazon Lambda Functions with High Error Rates

Cost optimization

L4dfs2Q3C2

Amazon Lambda Functions Using Deprecated Runtimes

Security

L4dfs2Q4C5

Amazon Lambda VPC-enabled Functions without Multi-AZ Redundancy

Fault tolerance

L4dfs2Q4C6

For more information about how to use these checks with Lambda, see Example Amazon Trusted Advisor workflow to view recommendations in the Amazon Lambda Developer Guide.

Trusted Advisor check removal

Trusted Advisor removed the following check for the China (Beijing) Region on March 8, 2021.

Check name Check category Check ID

EC2 Elastic IP Addresses

Service limits

aW9HH0l8J6

Updated checks for Amazon Elastic Block Store

Trusted Advisor updated the unit of Amazon EBS volume from gibibyte (GiB) to tebibyte (TiB) for the following checks on March 5, 2021.

Note

If you use Trusted Advisor for Amazon CloudWatch metrics, the metric names for these five checks are also updated. For more information, see Creating Amazon CloudWatch alarms to monitor Amazon Trusted Advisor metrics.

Check name Check category Check ID Updated CloudWatch metric for ServiceLimit

EBS Cold HDD (sc1) Volume Storage

Service limits

gH5CC0e3J9

Cold HDD (sc1) volume storage (TiB)

EBS General Purpose SSD (gp2) Volume Storage

Service limits

dH7RR0l6J9

General Purpose SSD (gp2) volume storage (TiB)

EBS Magnetic (standard) Volume Storage

Service limits

cG7HH0l7J9

Magnetic (standard) volume storage (TiB)

EBS Provisioned IOPS SSD (io1) Volume Storage

Service limits

gI7MM0l7J9

Provisioned IOPS (SSD) storage (TiB)

EBS Throughput Optimized HDD (st1) Volume Storage

Service limits

wH7DD0l3J9

Throughput Optimized HDD (st1) volume storage (TiB)

Trusted Advisor check removal

Note

Trusted Advisor removed the following checks on November 18, 2020.

Checks removed on November 18, 2020 Check category Check ID

EC2Config Service for EC2 Windows Instances

Fault tolerance

V77iOLlBqz

ENA Driver Version for EC2 Windows Instances

Fault tolerance

TyfdMXG69d

NVMe Driver Version for EC2 Windows Instances

Fault tolerance

yHAGQJV9K5

PV Driver Version for EC2 Windows Instances

Fault tolerance

Wnwm9Il5bG

EBS Active Volumes

Service limits

fH7LL0l7J9

Amazon Elastic Block Store no longer has a limit on the number of volumes that you can provision.

You can monitor your Amazon EC2 instances and verify they are up to date by using Amazon Systems Manager Distributor, other third-party tools, or write your own scripts to return driver information for Windows Management Instrumentation (WMI).

Trusted Advisor check removal

Trusted Advisor removed the following check on February 18, 2020.

Check name Check category Check ID

Service Limits

Performance

eW7HH0l7J9