New AWS Premium Support Features: Third-Party Software Support and AWS Trusted Advisor

We have added two new benefits to the Gold and Platinum levels of AWS Premium Support. The following features are now in beta testing:

• We now offer third-party support for popular operating systems running on Amazon EC2. We also support a number of pieces of system software.
• The AWS Trusted Advisor monitors your use of AWS and recommends configuration changes and new services that may help save you money, improve system performance, and close security gaps.

Third-Party Support
If you have Gold or Platinum Premium Support, you can now ask questions related to a number of popular operating systems including Microsoft Windows, Ubuntu, Red Hat Linux, SuSE Linux, and the Amazon Linux AMI. You can ask us about system software including the Apache and IIS web servers, the Amazon SDKs, Sendmail, Postfix, and FTP. A team of AWS support engineers is ready to help with setup, configuration, and troubleshooting of these important infrastructure components.

We are also enabling the use of desktop sharing software, giving you the option to share your desktop with a support engineer as needed.

AWS Trusted Advisor
AWS Trusted Advisor draws upon best practices learned from AWS’ aggregated operational history of serving hundreds of thousands of AWS customers. The AWS Trusted Advisor inspects your AWS environment and makes recommendations when opportunities exist  to save money, improve system performance, or close security gaps. The initial release of the AWS Trusted Advisor includes eight separate checks; we'll be adding more throughout 2012.

The checks are grouped into three families: fault tolerance checks, security audits, and cost optimizations. Here is the initial set of eight checks performed by AWS Trusted Advisor:

1. Security Group - Open Ports - This check inspects your security groups and classifies each open port into one of three categories. Green ports for common protocols such as SSH and HTTP, Red ports for protocols that don't usually need to be open on internet-facing servers (e.g. port 1443 for Microsoft SQL Server), and Yellow for all others.
2. Security Group - CIDR Rules - This check inspects your security groups for rules that have errors which might allow more access than may be intended. Some people (me included) often confuse "/0"and "/32" addresses.
3. Reserved Instance Recommendations - This check looks at your billing and instance utilization history and recommends optimizations that could be achieved by the purchase of Reserved Instances.
4. Unused Elastic IP Addresses - Elastic IP Addresses that are not attached to an Amazon EC2 instance will be flagged since you pay for them if you don't use them.
5. EBS Snapshots - This check looks for EBS volumes that don't have a snapshot, or which have only aged snapshots. The Red/Yellow/Green model is also used here: Red if there is no snapshot at all or if the most recent one is very old; Yellow if the most recent snapshot is somewhat old, and Green if the most recent snapshot is reasonably recent (we're still fine tuning the thresholds for these checks).
6. Amazon EC2 Availability Zone Balance - This check identifies situations where Amazon EC2 instances are not evenly distributed across Availability Zones, or if (even worse) they are all in the same Availability Zone. The Red/Yellow/Green model is used to characterize the situation.
7. Elastic Load Balancer Optimization - This check determines whether instance allocation across Availability Zones for each Load Balancer is balanced.
8. Service Limits - This check gives you visibility into the per-account limits and usage of things like instances, Elastic IP addresses, and other resources (in almost every case, limits can be raised using the appropriate online form).

AWS Trusted Advisor does not have access to customer data. Recommendations are made by analyzing information gathered using a constrained set of internal and documented AWS API calls.

Here's a diagram to show you how it works:

Advice from the AWS Trusted Advisor is made available in several different forms. For certain issues, we will proactively create support cases and notify you that a given check has identified an opportunity for improvement. The AWS Support Engineers are also available to review AWS Trusted Advisor recommendations any time you call in for support. In the future a regular scorecard report will be available, as will an AWS Trusted Advisor Console with support for viewing, running, customizing, and even opting out of certain checks as desired.

These new features are available for all Gold and Platinum customers. What do you think? Leave a comment and let me know.

-- Jeff;

Comments

You can follow this conversation by subscribing to the comment feed for this post.

This sounds as a very good move. How do you select who can provide 3rd party support?
Is there anyway to signup for that?

Thanks,
Ivan
----
www.OrganizedDocs.com - EC2 backed online DMS

Posted by: Ivan | January 31, 2012 at 12:44 AM

Hi,

First observations are that the AWS Trusted Advisor really should be available to all AWS customers regardless of whether they have signed up for support.

As the AWS Trusted Advisor is an automated thing why would you not make it available to all customers? If it helps customers it will make their use of AWS more successful which is what AWS and customers alike would want.

You could even make AWS Trusted Advisor available for a small extra cost per month. Or make a subset of the recommendations of it avaibable for free and the rest an extra cost like the way "detailed monitoring" of EC2 is priced.

Normally AWS make good decisions about pricing and offering extra AWS features but this one doesnt seem right.

Niall

Posted by: Niall | January 31, 2012 at 12:53 AM

I would expect such an automated test feature to be available to all AWS customers, not just Gold and Platinum customers. Is it not in Amazon's interest to provide secure and reliable services without the possible security issues that they could easily document? If a service is compromised due to information withheld then that client is not going to view Amazon's offering as completely professional.

Posted by: Bruce Carroll | January 31, 2012 at 01:35 AM

Hi Jeff,
this looks like a great service offering for customers, specifically around regulatory compliance. Quick questions:
1. Is this offered in the GovCloud?
2. Does this service offering support configuration management?
3. Does this service offering support DISA STIG/SCAP guidance and specification.

I could see this offering being leveraged in GovCloud for Continuous Monitoring.

Thanks.

-ln

Posted by: Luis Nuñez | January 31, 2012 at 05:48 AM

Does the AWS Trusted Advisor allow for setting alarms on total cost and instance cost? I'd much rather pay Amazon a small fee for this type of monitoring instead of providing access to my account to a third party.

Posted by: A. Bradley | February 06, 2012 at 04:36 PM

Pretty Diagrams you have here, how did you construct them?

Posted by: Company IT Support | April 10, 2012 at 06:21 AM