Hello everyone. I’m slated to take the Security exam in 5 days. The answers seem to be all over the place when it comes to deciding between AWS Trusted Advisor vs. AWS Config to detect security non-compliance.
From the Associate exam, I’m well aware that Trusted Advisor is more of a high-level business solution that can do some security checks. However, when I see AWS Config and AWS Trusted Advisor as possible answers for detecting compromised access, I’m struggling to see how Trusted Advisor is sometimes the better choice.
All help or explanation is greatly appreciated.
What rules do you need?
Trusted advisor has predefined checks. You can view those checks here: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/#security. Depending on the question it may come down to figuring out if the checks in the question are covered by trusted advisor. AWS config lets you define your own rules.
Do you need automatic remediation?
If there is any sort of remediation that must be done, I think AWS config seems to integrate better with other AWS services like AWS systems manager. However you can customize the Personal Health Dashboard through setting up notification preferences for the various types of events. You can also create custom remediation actions that are triggered in response to events.
Trusted advisor is attached to your support plan. There are four levels, starting at the free tier. The more you pay the more checks you get. AWS config you pay per rule.
I think you need to consider these things in the question in order to find the best answer.
Thanks. I think what I ended up internalizing for the test is that Trusted Advisor will look across a couple of services in the high level analysis that it provides. Config detects configuration changes, Lamda does stuff, Inspector scans the host OS, etc. Trusted advisor will typically go a step beyond in its security checks.