Trusted Advisor examples using Amazon CLI - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.

Trusted Advisor examples using Amazon CLI

The following code examples show you how to perform actions and implement common scenarios by using the Amazon Command Line Interface with Trusted Advisor.

Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.

Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.

Topics

Actions

The following code example shows how to use get-organization-recommendation.

Amazon CLI

To get an organization recommendation

The following get-organization-recommendation example gets an organization recommendation by its identifier.

aws trustedadvisor get-organization-recommendation \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5

Output:

{ "organizationRecommendation": { "arn": "arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "name": "Lambda Runtime Deprecation Warning", "description": "One or more lambdas are using a deprecated runtime", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" } }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use get-recommendation.

Amazon CLI

To get a recommendation

The following get-recommendation example gets a recommendation by its identifier.

aws trustedadvisor get-recommendation \ --recommendation-identifier arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578

Output:

{ "recommendation": { "arn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "name": "MFA Recommendation", "description": "Enable multi-factor authentication", "awsServices": [ "iam" ], "checkArn": "arn:aws:trustedadvisor:::check/7DAFEmoDos", "id": "55fa4d2e-bbb7-491a-833b-5773e9589578", "lastUpdatedAt": "2023-11-01T15:57:58.673Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 1, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "error", "type": "standard" } }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use list-checks.

Amazon CLI

To list Trusted Advisor checks

The following list-checks example lists all Trusted Advisor checks.

aws trustedadvisor list-checks

Output:

{ "checkSummaries": [ { "arn": "arn:aws:trustedadvisor:::check/1iG5NDGVre", "awsServices": [ "EC2" ], "description": "Checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data)", "id": "1iG5NDGVre", "metadata": { "0": "Region", "1": "Security Group Name", "2": "Security Group ID", "3": "Protocol", "4": "Port", "5": "Status", "6": "IP Range" }, "name": "Security Groups - Unrestricted Access", "pillars": [ "security" ], "source": "ta_check" }, { "arn": "arn:aws:trustedadvisor:::check/1qazXsw23e", "awsServices": [ "RDS" ], "description": "Checks your usage of RDS and provides recommendations on purchase of Reserved Instances to help reduce costs incurred from using RDS On-Demand. AWS generates these recommendations by analyzing your On-Demand usage for the past 30 days. We then simulate every combination of reservations in the generated category of usage in order to identify the best number of each type of Reserved Instance to purchase to maximize your savings. This check covers recommendations based on partial upfront payment option with 1-year or 3-year commitment. This check is not available to accounts linked in Consolidated Billing. Recommendations are only available for the Paying Account.", "id": "1qazXsw23e", "metadata": { "0": "Region", "1": "Family", "2": "Instance Type", "3": "License Model", "4": "Database Edition", "5": "Database Engine", "6": "Deployment Option", "7": "Recommended number of Reserved Instances to purchase", "8": "Expected Average Reserved Instance Utilization", "9": "Estimated Savings with Recommendation (monthly)" "10": "Upfront Cost of Reserved Instances", "11": "Estimated cost of Reserved Instances (monthly)", "12": "Estimated On-Demand Cost Post Recommended Reserved Instance Purchase (monthly)", "13": "Estimated Break Even (months)", "14": "Lookback Period (days)", "15": "Term (years)" }, "name": "Amazon Relational Database Service (RDS) Reserved Instance Optimization", "pillars": [ "cost_optimizing" ], "source": "ta_check" }, { "arn": "arn:aws:trustedadvisor:::check/1qw23er45t", "awsServices": [ "Redshift" ], "description": "Checks your usage of Redshift and provides recommendations on purchase of Reserved Nodes to help reduce costs incurred from using Redshift On-Demand. AWS generates these recommendations by analyzing your On-Demand usage for the past 30 days. We then simulate every combination of reservations in the generated category of usage in order to identify the best number of each type of Reserved Nodes to purchase to maximize your savings. This check covers recommendations based on partial upfront payment option with 1-year or 3-year commitment. This check is not available to accounts linked in Consolidated Billing. Recommendations are only available for the Paying Account.", "id": "1qw23er45t", "metadata": { "0": "Region", "1": "Family", "2": "Node Type", "3": "Recommended number of Reserved Nodes to purchase", "4": "Expected Average Reserved Node Utilization", "5": "Estimated Savings with Recommendation (monthly)", "6": "Upfront Cost of Reserved Nodes", "7": "Estimated cost of Reserved Nodes (monthly)", "8": "Estimated On-Demand Cost Post Recommended Reserved Nodes Purchase (monthly)", "9": "Estimated Break Even (months)", "10": "Lookback Period (days)", "11": "Term (years)", }, "name": "Amazon Redshift Reserved Node Optimization", "pillars": [ "cost_optimizing" ], "source": "ta_check" }, ], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

  • For API details, see ListChecks in Amazon CLI Command Reference.

The following code example shows how to use list-organization-recommendation-accounts.

Amazon CLI

To list organization recommendation accounts

The following list-organization-recommendation-accounts example lists all account recommendation summaries for an organization recommendation by its identifier.

aws trustedadvisor list-organization-recommendation-accounts \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5

Output:

{ "accountRecommendationLifecycleSummaries": [{ "accountId": "000000000000", "accountRecommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "updateReason": "Resolved issue", "updateReasonCode": "valid_business_case", "lastUpdatedAt": "2023-01-17T18:25:44.552Z" }], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use list-organization-recommendation-resources.

Amazon CLI

To list organization recommendation resources

The following list-organization-recommendation-resources example lists all resources for an organization recommendation by its identifier.

aws trustedadvisor list-organization-recommendation-resources \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0

Output:

{ "organizationRecommendationResourceSummaries": [ { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/5a694939-2e54-45a2-ae72-730598fa89d0/bb38affc0ce0681d9a6cd13f30238ba03a8f63dfe7a379dc403c619119d86af", "awsResourceId": "database-1-instance-1", "id": "bb38affc0ce0681d9a6cd13f302383ba03a8f63dfe7a379dc403c619119d86af", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "208.79999999999998", "2": "database-1-instance-1", "3": "db.r5.large", "4": "false", "5": "us-west-2", "6": "arn:aws:rds:us-west-2:000000000000:db:database-1-instance-1", "7": "1" }, "recommendationArn": "arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0", "regionCode": "us-west-2", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/5a694939-2e54-45a2-ae72-730598fa89d0/51fded4d7a3278818df9cfe344ff5762cec46c095a6763d1ba1ba53bd0e1b0e6", "awsResourceId": "database-1", "id": "51fded4d7a3278818df9cfe344ff5762cec46c095a6763d1ba1ba53bd0e1b0e6", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "31.679999999999996", "2": "database-1", "3": "db.t3.small", "4": "false", "5": "us-west-2", "6": "arn:aws:rds:us-west-2:000000000000:db:database-1", "7": "20" }, "recommendationArn": "arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0", "regionCode": "us-west-2", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/5a694939-2e54-45a2-ae72-730598fa89d0/f4d01bd20f4cd5372062aafc8786c489e48f0ead7cdab121463bf9f89e40a36b", "awsResourceId": "database-2-instance-1-us-west-2a", "id": "f4d01bd20f4cd5372062aafc8786c489e48f0ead7cdab121463bf9f89e40a36b", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "187.20000000000002", "2": "database-2-instance-1-us-west-2a", "3": "db.r6g.large", "4": "true", "5": "us-west-2", "6": "arn:aws:rds:us-west-2:000000000000:db:database-2-instance-1-us-west-2a", "7": "1" }, "recommendationArn": "arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0", "regionCode": "us-west-2", "status": "warning" }, ], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use list-organization-recommendations.

Amazon CLI

Example 1: To list organization recommendations

The following list-organization-recommendations example lists all organization recommendations and does not include a filter.

aws trustedadvisor list-organization-recommendations

Output:

{ "organizationRecommendationSummaries": [ { "arn": "arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }, { "arn": "arn:aws:trustedadvisor:::organization-recommendation/4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }, ], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

Example 2: To list organization recommendations with a filter

The following list-organization-recommendations example filters and returns a max of one organization recommendation that is a part of the "security" pillar.

aws trustedadvisor list-organization-recommendations \ --pillar security \ --max-items 100

Output:

{ "organizationRecommendationSummaries": [{ "arn": "arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

Example 3: To list organization recommendations with a pagination token

The following list-organization-recommendations example uses the "nextToken" returned from a previous request to fetch the next page of organization recommendations.

aws trustedadvisor list-organization-recommendations \ --pillar security \ --max-items 100 \ --starting-token <next-token>

Output:

{ "organizationRecommendationSummaries": [{ "arn": "arn:aws:trustedadvisor:::organization-recommendation/4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }] }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use list-recommendation-resources.

Amazon CLI

To list recommendation resources

The following list-recommendation-resources example lists all resources for a recommendation by its identifier.

aws trustedadvisor list-recommendation-resources \ --recommendation-identifier arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578

Output:

{ "recommendationResourceSummaries": [ { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/55fa4d2e-bbb7-491a-833b-5773e9589578/18959a1f1973cff8e706e9d9bde28bba36cd602a6b2cb86c8b61252835236010", "id": "18959a1f1973cff8e706e9d9bde28bba36cd602a6b2cb86c8b61252835236010", "awsResourceId": "webcms-dev-01", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "123.12000000000002", "2": "webcms-dev-01", "3": "db.m6i.large", "4": "false", "5": "us-east-1", "6": "arn:aws:rds:us-east-1:000000000000:db:webcms-dev-01", "7": "20" }, "recommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "regionCode": "us-east-1", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/55fa4d2e-bbb7-491a-833b-5773e9589578/e6367ff500ac90db8e4adeb4892e39ee9c36bbf812dcbce4b9e4fefcec9eb63e", "id": "e6367ff500ac90db8e4adeb4892e39ee9c36bbf812dcbce4b9e4fefcec9eb63e", "awsResourceId": "aws-dev-db-stack-instance-1", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "29.52", "2": "aws-dev-db-stack-instance-1", "3": "db.t2.small", "4": "false", "5": "us-east-1", "6": "arn:aws:rds:us-east-1:000000000000:db:aws-dev-db-stack-instance-1", "7": "1" }, "recommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "regionCode": "us-east-1", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/55fa4d2e-bbb7-491a-833b-5773e9589578/31aa78ba050a5015d2d38cca7f5f1ce88f70857c4e1c3ad03f8f9fd95dad7459", "id": "31aa78ba050a5015d2d38cca7f5f1ce88f70857c4e1c3ad03f8f9fd95dad7459", "awsResourceId": "aws-awesome-apps-stack-db", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "114.48000000000002", "2": "aws-awesome-apps-stack-db", "3": "db.m6g.large", "4": "false", "5": "us-east-1", "6": "arn:aws:rds:us-east-1:000000000000:db:aws-awesome-apps-stack-db", "7": "100" }, "recommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "regionCode": "us-east-1", "status": "warning" } ], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use list-recommendations.

Amazon CLI

Example 1: To list recommendations

The following list-recommendations example lists all recommendations and does not include a filter.

aws trustedadvisor list-recommendations

Output:

{ "recommendationSummaries": [ { "arn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "name": "MFA Recommendation", "awsServices": [ "iam" ], "checkArn": "arn:aws:trustedadvisor:::check/7DAFEmoDos", "id": "55fa4d2e-bbb7-491a-833b-5773e9589578", "lastUpdatedAt": "2023-11-01T15:57:58.673Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 1, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "error", "type": "standard" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation/8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "name": "RDS clusters quota warning", "awsServices": [ "rds" ], "checkArn": "arn:aws:trustedadvisor:::check/gjqMBn6pjz", "id": "8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "lastUpdatedAt": "2023-11-01T15:58:17.397Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "service_limits" ], "resourcesAggregates": { "errorCount": 0, "okCount": 3, "warningCount": 6 }, "source": "ta_check", "status": "warning", "type": "standard" } ], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

Example 2: To list recommendations with a filter

The following list-recommendations example lists recommendations and includes a filter.

aws trustedadvisor list-recommendations \ --aws-service iam \ --max-items 100

Output:

{ "recommendationSummaries": [{ "arn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "name": "MFA Recommendation", "awsServices": [ "iam" ], "checkArn": "arn:aws:trustedadvisor:::check/7DAFEmoDos", "id": "55fa4d2e-bbb7-491a-833b-5773e9589578", "lastUpdatedAt": "2023-11-01T15:57:58.673Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 1, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "error", "type": "standard" }], "nextToken": "REDACTED" }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

Example 3: To list recommendations with a pagination token

The following list-recommendations example uses the "nextToken" returned from a previous request to fetch the next page of filtered Recommendations.

aws trustedadvisor list-recommendations \ --aws-service rds \ --max-items 100 \ --starting-token <next-token>

Output:

{ "recommendationSummaries": [{ "arn": "arn:aws:trustedadvisor::000000000000:recommendation/8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "name": "RDS clusters quota warning", "awsServices": [ "rds" ], "checkArn": "arn:aws:trustedadvisor:::check/gjqMBn6pjz", "id": "8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "lastUpdatedAt": "2023-11-01T15:58:17.397Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "service_limits" ], "resourcesAggregates": { "errorCount": 0, "okCount": 3, "warningCount": 6 }, "source": "ta_check", "status": "warning", "type": "standard" }] }

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use update-organization-recommendation-lifecycle.

Amazon CLI

To update an organization recommendation lifecycle

The following update-organization-recommendation-lifecycle example updates the lifecycle of an organization recommendation by its identifier.

aws trustedadvisor update-organization-recommendation-lifecycle \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/96b5e5ca-7930-444c-90c6-06d386128100 \ --lifecycle-stage dismissed \ --update-reason-code not_applicable

This command produces no output.

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.

The following code example shows how to use update-recommendation-lifecycle.

Amazon CLI

To update a recommendation lifecycle

The following update-recommendation-lifecycle example updates the lifecycle of a recommendation by its identifier.

aws trustedadvisor update-recommendation-lifecycle \ --recommendation-identifier arn:aws:trustedadvisor::000000000000:recommendation/861c9c6e-f169-405a-8b59-537a8caccd7a \ --lifecycle-stage resolved \ --update-reason-code valid_business_case

This command produces no output.

For more information, see Get started with the Trusted Advisor API in the Amazon Trusted Advisor User Guide.