Sample Code and Commands for AWS Trusted Advisor API to get AWS recommendations

AWS Trusted Advisor provides a new sets of APIs, AWS Trusted Advisor API to programmatically access best practice checks and recommendations. You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Trusted Advisor API.

Note: the Trusted Advisor web service using AWS Support API will not be supported by the Support API later in 2024.

The list of APIs for AWS Trusted Advisor Recommendations & TA Priority Recommendations

• Use the ListChecks, ListRecommendations, GetRecommendation, and ListRecommendationResources API operations to view recommendations and corresponding accounts and resources.
• Use The UpdateRecommendationLifecycle API operation to update the lifecycle of a recommendation that's managed by Trusted Advisor Priority.
• Use The BatchUpdateRecommendationResourceExclusion API operation to include or exclude one or more resources from your Trusted Advisor results.
• The ListOrganizationRecommendations, GetOrganizationRecommendation, ListOrganizationRecommendationResources, ListOrganizationRecommendationAccounts, and UpdateOrganizationRecommendationLifecycle API calls support only recommendations that are managed by Trusted Advisor Priority. These recommendations are also referred to as Account team curated prioritized recommendations. You can view and manage your prioritized recommendations from a management or delegated admin account if you have activated Trusted Advisor Priority. If Priority isn't activated, then you receive an Access Denied exception when you make requests.

To learn more visit AWS Trusted Advisor Priority documentations.

Examples of AWS Trusted Advisor Recommendations API

1. ListChecks CLI to find the list of TA Checks from Trusted Advisor automated source, or only from Security Hub.

$ aws trustedadvisor list-checks —source ta_check $ aws trustedadvisor list-checks —source security_hub

2. ListRecommendations CLI to report all recommendations from Checks that helps optimizes EC2 service.

$ aws trustedadvisor list-recommendations ——aws-service ec2
{
"recommendationSummaries": [
{
"arn": "arn:aws:trustedadvisor::000000000:recommendation/401231c5-7afa-4afd-895e-dc85fxxxx",
"awsServices": [
"ec2"
],
"checkArn": "arn:aws:trustedadvisor:::check/Qch7DwouX1",
"createdAt": "2022-03-26T03:07:34.873000+00:00",
"id": "401231c5-7afa-4afd-895e-dc85f5xxxxx",
"lastUpdatedAt": "2022-09-08T18:44:40.400000+00:00",
"lifecycleStage": "dismissed",
"name": "Low Utilization Amazon EC2 Instances",
"pillars": [
"cost_optimizing"
],
"resourcesAggregates": {},
"source": "ta_check",
"status": "error",
"type": "priority"
},
[..................]

3. Use ListRecommendations CLI to report AWS TA Priority Recommendations in Fault Tolerance pillar with Error Status.

$ aws trustedadvisor list-recommendations ——type priority ——pillar fault_tolerance ——status error

{
"recommendationSummaries": [
{
"arn": "arn:aws:trustedadvisor::000000000:recommendation/a03bbde4-ee0b-4e30-a86d-f6c37d7024c1",
"awsServices": [
"ec2"
],
"checkArn": "arn:aws:trustedadvisor:::check/wuy7G1zxql",
"createdAt": "2022-04-12T01:43:55.679000+00:00",
"id": "a03bbde4-ee0b-4e30-a86d-f6c37d7024c1",
"lastUpdatedAt": "2023-04-08T19:15:23.258000+00:00",
"lifecycleStage": "dismissed",
"name": "Amazon EC2 Availability Zone Balance",
"pillars": [
"fault_tolerance"
],
"resourcesAggregates": {},
"source": "ta_check",
"status": "error",
"type": "priority"
}
]
}
[..................]

4. GetRecommendations CLI to get details of a specific AWS TA Recommendation, for example to get the details of the Check listed in example 3.

$ aws trustedadvisor get-recommendation —recommendation-identifier arn:aws:trustedadvisor::000000000:recommendation/a03bbde4-ee0b-4e30-a86d-f6c37d7024c1
{
"recommendation": {
"arn": "arn:aws:trustedadvisor::000000000:recommendation/a03bbde4-ee0b-4e30-a86d-f6c37d7024c1",
"awsServices": [
"ec2"
],
"checkArn": "arn:aws:trustedadvisor:::check/wuy7G1zxql",
"createdAt": "2022-04-12T01:43:55.679000+00:00",
"createdBy": "msatpat",
"description": "Checks the distribution of Amazon Elastic Compute Cloud (Amazon EC2) instances across Availability Zones in a region. Availability Zones are distinct locations that are designed to be insulated from failures in other Availability Zones and to provide inexpensive, low-latency network connectivity to other Availability Zones in the same region. By launching instances in multiple Availability Zones in the same region, you can help protect your applications from a single point of failure.<br>\n<br>\n<b>Alert Criteria</b><br>\nYellow: The region has instances in multiple zones, but the distribution is uneven (the difference between the highest and lowest instance counts in utilized Availability Zones is greater than 20%).<br>\nRed: The region has instances only in a single Availability Zone.<br>\n<br>\n<b>Recommended Action</b><br>\nBalance your Amazon EC2 instances evenly across multiple Availability Zones. You can do this by launching instances manually or by using Auto Scaling to do it automatically. For more information, see <a href=\"http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/LaunchingAndUsingInstances.html\" target=\"_blank\">Launch Your Instance</a> and <a href=\"http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/US_SetUpASLBApp.html\" target=\"_blank\">Load Balance Your Auto Scaling Group</a>.<br>\n<br>\n<b>Additional Resources</b><br>\n<a href=\"http://docs.aws.amazon.com/AutoScaling/latest/GettingStartedGuide/Welcome.html\" target=\"_blank\">Auto Scaling Getting Started Guide</a><br>\n<a href=\"http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/WhatIsAutoScaling.html\" target=\"_blank\">Auto Scaling Developer Guide</a>",
"id": "a03bbde4-ee0b-4e30-a86d-f6c37d7024c1",
"lastUpdatedAt": "2023-04-08T19:15:23.258000+00:00",
"lifecycleStage": "dismissed",
"name": "Amazon EC2 Availability Zone Balance",
"pillars": [
"fault_tolerance"
],
"resolvedAt": "2023-04-08T19:15:23.258000+00:00",
"resourcesAggregates": {},
"source": "ta_check",
"status": "error",
"type": "priority"
}
}

5. GetRecommendations Python API to report AWS TA Priority Recommendations in Fault Tolerance pillar with Error Status.

# Sample code to pull TA Recommendations in the Security pillar w/ Error status that needs customer's attention.
# Written by: Manas S.

import boto3

# TrustedAdvisor New client
ta_client = boto3.client('trustedadvisor', region_name='us-east-1')

def get_security_recommendations():
# Get the list of Trusted Advisor checks
list_of_checks = ta_client.list_recommendations(pillar='security', status='error')

for recomm_summaries in list_of_checks['recommendationSummaries']:
recomm_identifier=recomm_summaries['arn']

# Get Recommendations
get_recommendation_report=ta_client.get_recommendation(recommendationIdentifier=recomm_identifier)['recommendation']
print(get_recommendation_report)

# Call the function to get TA Security recommendations
get_security_recommendations()