- Newest
- Most votes
- Most comments
Hi,
There are 2 main reasons for this behavior:
1) List is not fully retrieved
Sometimes it takes 30-60 seconds until the list is fully retrieved. In that case you have to wait until the button becomes active
2) Checks sourced from Security Hub
If the source of a check is Security Hub then you cannot exclude the resource in Trusted Advisor but need to do this in the Security Hub Console (see: https://docs.aws.amazon.com/awssupport/latest/user/security-hub-controls-with-trusted-advisor.html#security-controls-trusted-advisor-console). If a check is sourced from Security Hub it has a field called Source in the Description which points you to the Security Hub Control that you need to check (e.g. IAM.6).
If you exclude the resources there Trusted Advisor will reflect it on the next refresh.
When a user logs in to Trusted Advisor, it automatically starts refresh of all checks. Till the refresh completes, the button 'exclude and refresh' won't be enabled. Also, not all checks can be refreshed, and all refreshable checks have different refresh interval.
Relevant content
- Accepted Answerasked 5 months ago
- Accepted Answerasked 9 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated a year ago
In addition, many checks (and all new checks that has been launched since 2021) automatically refreshes several times a day so you don't need to manually refresh. The caveat is that you can't exclude resources from these 'automatically refreshed' checks today. You can find information on "automatically refreshed" checks here: https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-check-reference.html