Trusted Advisor

AWS Trusted Advisor, a service from Amazon Web Services (AWS), offers real-time guidance to assist users in provisioning their resources according to AWS best practices. It provides recommendations across categories like cost optimization, performance, security, and fault tolerance. Octo leverages its API to fetch and display recommendations specifically from the cost optimization category.

Trusted Advisor Recommendations are accessible exclusively to users subscribed to the Business, Enterprise On-Ramp, or Enterprise Support plans.

Below is the list of recommendations under cost optimization category that are supported by octo.

AmazonEBS

Underutilized Amazon EBS Volumes

AWS Resource Type
EBS Volume

Optimization Type
Usage

Category
Delete

Description
Checks Amazon Elastic Block Store (Amazon EBS) volume configurations and warns when volumes appear to be underutilized.

Charges begin when a volume is created. If a volume remains unattached or has very low write activity (excluding boot volumes) for a period of time, the volume is underutilized. We recommend that you remove underutilized volumes to reduce costs.

Criteria
• A volume is unattached or had less than 1 IOPS per day for the past 7 days.

Potential Savings
Deleting detached EBS volumes results in savings, calculated by subtracting the volume's cost from the snapshot's overall cost

Recommended Action
Create snapshot and delete the volume

How will Octo implement the recommended action?
Octo uses CreateSnapshot API to create a snapshot of the volume. If the EBS volume is currently attached to an EC2 instance, Octo invokes DetachVolume API to detach it. Following detachment, Octo proceeds to use DeleteVolume to delete the volume.

Is rollback possible?
Yes. Use the snapshot created to restore the volume using AWS Console/AWS CLI

AmazonEC2

Amazon EC2 Instances Stopped

AWS Resource Type
EC2 Instance

Optimization Type
Usage

Category
Delete

Description
Checks if there are Amazon EC2 instances that have been stopped for more than 30 days.

Criteria
• There are Amazon EC2 instances stopped for more than the allowed number of days.

Potential Savings
It can lead to savings by eliminating storage costs for associated EBS volumes and avoiding unnecessary charges if the instance is covered by a Reserved Instance or Savings Plan.

Recommended Action
Terminate EC2 instance

How will Octo implement the recommended action?
Octo uses TerminateInstances API to terminate the EC2 instance.

Is rollback possible?
No

Low Utilization Amazon EC2 Instances

AWS Resource Type
EC2 Instance

Optimization Type
Usage

Category
Stop

Description
Checks the Amazon Elastic Compute Cloud (Amazon EC2) instances that were running at any time during the last 14 days. This check alerts if the daily CPU utilization was 10% or less and network I/O was 5 MB or less for at least 4 days.

Running instances generate hourly usage charges. Although some scenarios can result in low utilization by design, you can often lower your costs by managing the number and size of your instances.

Criteria
• An instance had 10% or less daily average CPU utilization and 5 MB or less network I/O on at least 4 of the previous 14 days.

Potential Savings
Estimated monthly savings are calculated by using the current usage rate for On-Demand Instances and the estimated number of days the instance might be underutilized. Actual savings will vary if you are using Reserved Instances or Spot Instances, or if the instance is not running for a full day.

Recommended Action
Stop EC2 instance

How will Octo implement the recommended action?
Octo uses StopInstances API to stop the EC2 instance.

Is rollback possible?
Yes. You can manually start the instance again through AWS console or AWS CLI.

Unassociated Elastic IP Addresses

AWS Resource Type
Elastic IP Address

Optimization Type
Usage

Category
Delete

Description
Checks for Elastic IP addresses (EIPs) that are not associated with a running Amazon Elastic Compute Cloud (Amazon EC2) instance.

EIPs are static IP addresses designed for dynamic cloud computing. Unlike traditional static IP addresses, EIPs mask the failure of an instance or Availability Zone by remapping a public IP address to another instance in your account. A nominal charge is imposed for an EIP that is not associated with a running instance.

Criteria
• An allocated Elastic IP address (EIP) is not associated with a running Amazon EC2 instance.

Recommended Action
• Release/Delete Elastic IP Address
• Associate EIP to EC2 instance

How will Octo implement the recommended action?
Octo only supports releasing the Elastic IP Address. You can associate EIP to instance using AWS Console/AWS CLI.

For Releasing EIP:
Octo uses ReleaseAddress API.

Is rollback possible?
No

Amazon EC2 Reserved Instance Lease Expiration

AWS Resource Type
EC2 Reserved Instances

Optimization Type
Rate

Category
Reserved Instance

Description
Checks for Amazon EC2 Reserved Instances that are scheduled to expire within the next 30 days, or have expired in the preceding 30 days. Reserved Instances don't renew automatically. You can continue using an Amazon EC2 instance covered by the reservation without interruption, but you will be charged On-Demand rates. New Reserved Instances can have the same parameters as the expired ones, or you can purchase Reserved Instances with different parameters.

Criteria
• The Reserved Instance lease expires in less than 30 days.
• The Reserved Instance lease expired in the preceding 30 days.

Recommended Action
Consider purchasing a new Reserved Instance to replace the one that is nearing the end of its term.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

Amazon EC2 instances consolidation for Microsoft SQL Server

AWS Resource Type
EC2 Instance

Optimization Type
Usage

Category
Rightsize

Description
Checks your Amazon Elastic Compute Cloud (Amazon EC2) instances that are running SQL Server in the past 24 hours. This check alerts you if your instance has less than the minimum number of SQL Server licenses. From the Microsoft SQL Server Licensing Guide, you are paying 4 vCPU licenses even if an instance has only 1 or 2 vCPUs. You can consolidate smaller SQL Server instances to help lower costs.

Criteria
• An instance with SQL Server has less than 4 vCPUs.

Recommended Action
Consider consolidating smaller SQL Server workloads into instances with at least 4 vCPUs.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

Amazon EC2 instances over-provisioned for Microsoft SQL Server

AWS Resource Type
EC2 Instance

Optimization Type
Usage

Category
Rightsize

Description
Checks your Amazon Elastic Compute Cloud (Amazon EC2) instances that are running SQL Server in the past 24 hours. An SQL Server database has a compute capacity limit for each instance. An instance with SQL Server Standard edition can use up to 48 vCPUs. An instance with SQL Server Web can use up to 32 vCPUs. This check alerts you if an instance exceeds this vCPU limit.

If your instance is over-provisioned, you pay full price without realizing an improvement in performance. You can manage the number and size of your instances to help lower costs.

Criteria
• An instance with SQL Server Standard edition has more than 48 vCPUs.
• An instance with SQL Server Web edition has more than 32 vCPUs.

Recommended Action
For SQL Server Standard edition, consider changing to an instance in the same instance family with 48 vCPUs. For SQL Server Web edition, consider changing to an instance in the same instance family with 32 vCPUs. If it is memory intensive, consider changing to memory optimized R5 instances

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

Inactive NAT Gateways

AWS Resource Type
NAT Gateway

Optimization Type
Usage

Category
Delete

Description
Checks your NAT Gateways for inactive gateways. A NAT Gateway is considered to be inactive if no data (0 bytes) was processed in the last 30 days. NAT Gateways have hourly charges and data processed charges.

Criteria
• The NAT Gateway processed 0 bytes in the last 30 days

Recommended Action
Consider deleting any NAT Gateways that weren’t used in the last 30 days and that aren’t required for external network access outside the VPC.

If a Transit Gateway is used for inter-VPC communication, then consider deploying a centralized NAT Gateway for egress to internet architecture. This can reduce the hourly cost from inactive NAT Gateways.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

AmazonComprehend

Amazon Comprehend Underutilized Endpoints

AWS Resource Type
Comprehend Endpoints

Optimization Type
Usage

Category
Delete

Description
Checks the throughput configuration of your endpoints. This check alerts you when endpoints are not actively used for real-time inference requests. An endpoint that isn’t used for more than 15 consecutive days is considered underutilized. All endpoints accrue charges based on both the throughput set, and the length of time that the endpoint is active.

Criteria
• The endpoint is active, but hasn’t been used for real-time inference requests in the past 15 days.

Recommended Action
If the endpoint has a scaling policy defined and hasn’t been used in the past 30 days, consider deleting the endpoint and using asynchronous inference.

How will Octo implement the recommended action?
Not implemented yet.

Is rollback possible?
Not implemented yet.

AmazonECR

Amazon ECR Repository Without Lifecycle Policy Configured

AWS Resource Type
ECR Repository

Optimization Type
Others

Category
Others

Description
Checks if a private Amazon ECR repository has at least one lifecycle policy configured. Lifecycle policies allow you to define a set of rules to automatically clean up old or unused container images. This gives you control over the lifecycle management of the images, allows Amazon ECR repositories to be better organized, and helps to lower overall storage costs.

Criteria
• An Amazon ECR private repository doesn’t have any lifecycle policies configured.

Recommended Action
Consider creating at least one lifecycle policy for your private Amazon ECR repository.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

AWSELB

Idle Load Balancers

AWS Resource Type
Elastic Load Balancer

Optimization Type
Usage

Category
Delete

Description
Checks your Elastic Load Balancing configuration for load balancers that are idle.

Any load balancer that is configured accrues charges. If a load balancer has no associated back-end instances, or if network traffic is severely limited, the load balancer is not being used effectively. This check currently only checks for Classic Load Balancer type within ELB service. It does not include other ELB types (Application Load Balancer, Network Load Balancer).

Criterias
• A load balancer has no active back-end instances.
• A load balancer has no healthy back-end instances.
• A load balancer has had less than 100 requests per day for the last 7 days.

Potential Savings
Keeping an idle ELB costs around $200 per year. Removing the ELB avoids incurring this expense.

Recommended Action
If load balancer has had a low request count, consider deleting the load balancer.

How will Octo implement the recommended action?
Octo uses DeleteLoadBalancer API to delete the load balancer.

Is rollback possible?
No

AmazonNetworkFirewall

Inactive AWS Network Firewall

AWS Resource Type
Network Firewall

Optimization Type
Usage

Category
Delete

Description
Checks your AWS Network Firewall endpoints and alerts you when the Network Firewall appears to be inactive.

A Network Firewall is considered to be inactive if all its endpoints have no data processed the last 30 days. Network Firewall endpoints incur hourly charges. This check alerts you to Network Firewall with no data processed in the last 30 days. It’s a best practice to either remove unused Network Firewalls or update your architecture.

Criteria
• The Network Firewall processed 0 bytes in the last 30 days.

Recommended Action
If the Network Firewall wasn’t used in the last 30 days, then consider deleting the Network Firewall.

If a Transit Gateway is used for inter-VPC communication, then consider deploying your Network Firewalls in a centralized network inspection architectures. This can reduce the hourly charges on inactive Network Firewalls.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

Network Firewall endpoint AZ Independence

AWS Resource Type
Network Firewall

Optimization Type
Usage

Category
Others

Description
Check the AZ of your subnet and route traffic through a Network Firewall endpoint in the same AZ.

If there is no Network Firewall endpoint in the AZ, then create a new Network Firewall and route your subnet traffic through it.

If the same route table is associated across multiple subnets in different AZs, then keep this route table associated to the subnets that reside in the same AZ as the Network Firewall endpoint. For subnets in other AZs, associate a separate route table with a route to a Network Firewall endpoint in that AZ.

It’s a best practice to choose a maintenance window for architecture changes in your Amazon VPC.

Criteria
• Traffic from a subnet in one AZ is being routed through a Network Firewall endpoint in a different AZ.

Recommended Action
If the Network Firewall wasn’t used in the last 30 days, then consider deleting the Network Firewall.

If a Transit Gateway is used for inter-VPC communication, then consider deploying your Network Firewalls in a centralized network inspection architectures. This can reduce the hourly charges on inactive Network Firewalls.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

AmazonRoute53

Amazon Route 53 Latency Resource Record Sets

AWS Resource Type
Route53 Latency Record Set

Optimization Type
Others

Category
Others

Description
Checks for Amazon Route 53 latency record sets that are configured inefficiently.

To allow Amazon Route 53 to route queries to the AWS Region with the lowest network latency, you should create latency resource record sets for a particular domain name (such as example.com) in different Regions. If you create only one latency resource record set for a domain name, all queries are routed to one Region, and you pay extra for latency-based routing without getting the benefits.

Hosted zones created by AWS services won’t appear in your check results.

Criteria
• Only one latency resource record set is configured for a particular domain name..

Recommended Action
If you have resources in multiple regions, be sure to define a latency resource record set for each region. See Latency-Based Routing.

If you have resources in only one AWS Region, consider creating resources in more than one AWS Region and define latency resource record sets for each; see Latency-Based Routing.

If you don't want to use multiple AWS Regions, you should use a simple resource record set. See Working with Resource Record Sets.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

AmazonRDS

Amazon RDS Idle DB Instances

AWS Resource Type
RDS DB Instance

Optimization Type
Usage

Category
Delete

Description
Checks the configuration of your Amazon Relational Database Service (Amazon RDS) for any database (DB) instances that appear to be idle.

Criteria
• An active DB instance has not had a connection in the last 7 days.

Potential Savings
Savings are calculated as [Cost of RDS running hours] + [Cost of storage] - [Cost of snapshot]

Recommended Action
Delete RDS DB Instance with Final Snapshot

How will Octo implement the recommended action?
Octo uses DeleteDBInstance API. A snapshot is taken first before deleting the RDS Instance.

Is rollback possible?
Yes. Use the snapshot taken during the deletion process to restore the instance with its original configuration through AWS Console/AWS CLI.

AmazonS3

Amazon S3 Incomplete Multipart Upload Abort Configuration

AWS Resource Type
S3 Object

Optimization Type
Usage

Category
Others

Description
Checks that each Amazon S3 bucket is configured with a lifecycle rule to abort multipart uploads that remain incomplete after 7 days. Using a lifecycle rule to abort these incomplete uploads and delete the associated storage is recommended.

Criteria
• The lifecycle configuration bucket does not contain a lifecycle rule to abort all multipart uploads that remain incomplete after 7 days.

Recommended Action
Configure Lifecycle Rule that would cleanup all incomplete multipart uploads.

How will Octo implement the recommended action?
Octo uses PutBucketLifecycleConfiguration to create lifecycle configuration named Amazon S3 Incomplete Multipart Upload Abort Configuration

Is rollback possible?
Yes. Delete Amazon S3 Incomplete Multipart Upload Abort Configuration lifecycle configuration.

Amazon S3 Bucket Lifecycle Policy Configured

AWS Resource Type
S3 Bucket

Optimization Type
Others

Category
Others

Description
Checks if an Amazon S3 bucket has a lifecycle policy configured. An Amazon S3 lifecycle policy ensures that Amazon S3 objects inside the bucket are stored cost-effectively throughout their lifecycle. This is important for meeting regulatory requirements for data retention and storage. The policy configuration is a set of rules that define actions applied by the Amazon S3 service to a group of objects. A lifecycle policy allows you to automate transitioning objects to lower-cost storage classes or deleting them as they age. For example, you can transition an object to Amazon S3 Standard-IA storage 30 days after creation, or to Amazon S3 Glacier after 1 year.

Criteria
• Amazon S3 bucket has no lifecycle policy configured.

Recommended Action
Make sure that you have a lifecycle policy configured in your Amazon S3 bucket.
If your organization does not have a retention policy in place, consider using Amazon S3 Intelligent-Tiering to optimize cost.

How will Octo implement the recommended action?
Not applicable.

Is rollback possible?
Not applicable.

Amazon S3 version-enabled buckets without lifecycle policies configured

AWS Resource Type
S3 Bucket

Optimization Type
Others

Category
Others

Description
Checks if Amazon S3 version-enabled buckets have a lifecycle policy configured.

Criteria
• An Amazon S3 version-enabled bucket with doesn't have a lifecycle policy configured.

Recommended Action
Configure lifecycle policies for your Amazon S3 buckets to manage your objects so that they are stored cost effectively throughout their lifecycle.

How will Octo implement the recommended action?
Not applicable.

Is rollback possible?
Not applicable.

AWSLambda

AWS Lambda Functions with High Error Rates

AWS Resource Type
Lambda Function

Optimization Type
Usage

Category
Others

Description
Checks for Lambda functions with high error rates that might result in higher costs. Lambda charges are based on the number of requests and aggregate run time for your function. Function errors may cause retries that incur additional charges.

Criteria
• Functions where > 10% of invocations end in error on any given day within the last 7 days.

Recommended Action
Integrate Lambda functions with Amazon CloudWatch and AWS X-Ray to leverage logs, metrics, alarms, and X-Ray tracing for rapid issue detection and identification.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

AWS Lambda Functions with Excessive Timeouts

AWS Resource Type
Lambda Function

Optimization Type
Usage

Category
Others

Description
Checks for Lambda functions with high timeout rates that might result in high cost. Lambda charges based on run time and number of requests for your function. Function timeouts result in errors that may cause retries. Retrying functions will incur additionally request and run time charges.

Criteria
• Functions where > 10% of invocations end in an error due to a timeout on any given day within the last 7 days.

Recommended Action
Inspect function logging and X-ray traces to determine the contributor to the high function duration. Implement logging in your code at relevant parts, such as before or after API calls or database connections. By default, AWS SDK clients timeouts may be longer than the configured function duration. Adjust API and SDK connection clients to retry or fail within the function timeout. If the expected duration is longer than the configured timeout, you can increase the timeout setting for the function.

How will Octo implement the recommended action?
Not applicable

Is rollback possible?
Not applicable

AmazonRedshift

Underutilized Amazon Redshift Clusters

AWS Resource Type
Redshift Cluster

Optimization Type
Usage

Category
Delete

Description
Checks your Amazon Redshift configuration for clusters that appear to be underutilized. If an Amazon Redshift cluster has not had a connection for a prolonged period of time, or is using a low amount of CPU, you can use lower-cost options such as downsizing the cluster, or shutting down the cluster and taking a final snapshot. Final snapshots are retained even after you delete your cluster.

Criteria
• A running cluster has not had a connection in the last 7 days.
• A running cluster had less than 5% cluster-wide average CPU utilization for 99% of the last 7 days.

Recommended Action
Consider shutting down the cluster and taking a final snapshot.

How will Octo implement the recommended action?
Not implemented yet.

Is rollback possible?
Not implemented yet.

Others

AWS Account Not Part of AWS Organizations

AWS Resource Type
AWS Accounts

Optimization Type
Others

Category
Others

Description
Checks if an AWS account is part of AWS Organizations under the appropriate management account.

AWS Organizations is an account management service for consolidating multiple AWS accounts into a centrally-managed organization. This enables you to centrally structure accounts for billing consolidation and implement ownership and security policies as your workloads scale on AWS.

You can specify the management account id using the MasterAccountId parameter of the AWS Config rules.

Criteria
• This AWS account is not part of AWS Organizations.

Recommended Action
Add this AWS account as part of AWS Organizations.

How will Octo implement the recommended action?
Not applicable.

Is rollback possible?
Not applicable.

AWS Well-Architected high risk issues for cost optimization

Optimization Type
Others

Category
Others

Description
Checks for high risk issues (HRIs) for your workloads in the cost optimization pillar. This check is based on your AWS-Well Architected reviews. Your check results depend on whether you completed the workload evaluation with AWS Well-Architected.

Criteria
• At least one active high risk issue was identified in the cost optimization pillar for AWS Well-Architected.

Recommended Action
AWS Well-Architected detected high risk issues during your workload evaluation. These issues present opportunities to reduce risk and save money. Sign in to the AWS Well-Architected tool to review your answers and take action to resolve your active issues.

How will Octo implement the recommended action?
Not applicable.

Is rollback possible?
Not applicable.