Trusted Remediator in AMS

Improved security, performance, and cost optimization: Trusted Remediator helps you to enhance your accounts' overall security posture, optimize resource utilization, and reduce operational costs.

Self-service setup and configuration: You can configure Trusted Remediator to align with your requirements and preferences.

Automated Trusted Advisor check remediation: After configuration, Trusted Remediator automatically runs the remediation actions for selected Trusted Advisor checks. This automation eliminates the need for manual intervention.

Best practice implementation: Remediation actions are based on established best practices, so issues are addressed in a standardized and effective manner.

Scheduled execution: You can choose the remediation schedule that aligns with your day-to-day operational workflows.

Automated remediation: Trusted Remediator runs the automation document and monitors the run. After the automation document completes, Trusted Remediator resolves the Opsitem.

Manual remediation: Trusted Remediator creates the OpsItem for you to review. After you review, you can create an automated RFC, Trusted Remediator | Finding | Remediate, change type to remediate the resource. For information on the manual remediation steps, see Run manual remediations in Trusted Remediator.

AWS Trusted Advisor: A cloud optimization service provided by AWS. Trusted Advisor inspects your AWS environment and provides recommendations based on best practices in the following six categories:

For more information, see AWS Trusted Advisor.

Trusted Remediator: An AMS remediation solution for Trusted Advisor checks. Trusted Remediator helps you to safely remediate Trusted Advisor checks with known best practices to improve security, performance, and reduce costs. Trusted Remediator is easy to setup and configure. You configure once, and Trusted Remediator runs remediations on your preferred schedule (daily or weekly).

AWS Systems Manager SSM document: A JSON or YAML file that defines the actions that AWS Systems Manager performs on your AWS resources. The SSM document serves as a declarative specification to automate operational tasks across multiple AWS resources and instances.

AWS Systems Manager OpsCenter OpsItem: A cloud operational issue management resource that helps you track and resolve operational issues in your AWS environment. OpsItems provide a centralized view and management system for operational data and issues across AWS services and resources. Each OpsItem represents an operational issue, such as a potential security risk, a performance problem, or an operational incident.

Configuration: A configuration is a set of attributes stored in AWS AppConfig, a capability of AWS Systems Manager. The Trusted Remediator application in AWS AppConfig helps to configure remediations at the account level.

Execution mode: Execution mode is a configuration attribute that determines how to run the remediation for each Trusted Advisor check result. There are four supported execution modes: Automated, Manual, Conditional, Inactive.

Resource override: This feature uses resource tags to override a configuration for specific resources.

Remediation item log: A log file in the Trusted Remediator remediation S3 log bucket. The remediation item log is created when remediation OpsItems are created. This log file contains manual execution remediation OpsItems and automated execution remediation OpsItems. Use this log file to track all remediation items.

Automated remediation execution log: A log file in the Trusted Remediator remediation S3 log bucket. The automated remediation execution log is created when automated an SSM document run completes. This log contains SSM execution details for automated execution remediation OpsItems. Use this log file to track automated remediations.