Let's now look at this next section here, which is Trusted Advisor. Trusted Advisor is a system that goes through and provides a bunch of checks for you. A few different things it does is it looks at cost optimization. That's one thing it can help you, it can tell you whether you can save money because you have instances that are spinning around idle, or whether you could use reserved instances. It also can give you performance, things as well, so it can give you hints about, for example, maybe you can improve the performance of a service by checking the service limits or making sure that you have provision throughput, or you have instances that are over utilized. Another one you can do, check with Trusted Advisor is security. This is a really big one as well, is there something that you're not doing from a security standpoint that you need to fix, like maybe open ports on a machine that you've launched. Then fault-tolerance. It also has the ability to help you in terms of, are you designing an architect in your system correctly and setting things like automatic scaling, health checks, multiple availability zones. Then finally, service limits. That's another one as well as is do you have something that's going through and it's triggering service limits, or you're using more than 80 percent. You've spun up more machines, you're about to spin up more machines than you actually have access to and so you need to go call support and get new services spun up. Also, lets talk about Cloud Trail as well. Cloud Trail is a very powerful service that is very underutilized. What this does is it's a tool that allows you to monitor and look at every single thing that's happening in your system. This would be a first spot that you would want to look for if you suspected there were some break-in, go look at Cloud Trail and see if anything's happening. In fact, I've seen this in situations where I've had a machine that was compromised or an account was compromised, you can look instantly the log files and you can see that there is unusual behavior happening like someone's trying to make API calls into your system, they've compromised an account, and then they're trying to escalate their privileges and delete maybe the administrative account or find the root account. Really this is an audit trail that can tell you exactly what's happening, who's doing it, when something has occurred, and even having the user name and also the timestamp. This is, I would say, one of the most valuable tools in terms of security that you must be looking at constantly in your account. Some of the benefits of it is it will give you access to user and resource activity, it helps with compliance, if you're working in an environment where they check that, it's always on. It's a way of doing analysis and troubleshooting and also automating security, so there's a lot of benefits to Cloud Trail. One other final thing that I want to talk about is AWS Config. AWS Config is a service that is fully managed, that allows you to do a few different things. One of them is it sets up continuous monitoring, it also goes through and it sets up assessment, and then it also goes through and it sets up change management. Also can go through and do operations troubleshooting. What this means is that this service is able to actually work with you and provides you a resource inventory, a configuration history, configuration change notifications and so this allows you to have an audit trail of what's actually happened in your system and these changes include anything from auditing and security analysis, resource change tracking and troubleshooting. With this, you can actually look at the different things that have occurred in your account and use it to handle change management. What this means is that you can track what resources have been configured, you can also get notifications with SNS, and you also get access to the configuration history, so like who made this change? When was this IP address different? Then finally, the thing to be aware of with this is that when you use this AWS Config system, that it's going to be having a history of the different configurations that have been used and then you can evaluate those changes and make sure that they're actually the changes that you want. In a nutshell, security is one of the most overlooked things on AWS or any Cloud environment, there's a lot of very powerful tools that you can use and it's really important to utilize those tools and follow the best practices so that you don't have a problem where you have exposed your company's data to a nefarious resource. Instead, if you follow these best practices, you'll be in good hands.
