Recommendations and Optimization (Advisor)
Recommendations and Optimization (Advisor)
You can check the status of Advisors and Recommendations provided by CSP and information on recommended items processed by CloudXper.
1. CloudAdvisor (CloudXper’s own recommendation function)
CloudXper Cloud Advisor audits your cloud resources and provides recommendations to help ensure they are operating optimally.
You can check resource status at a glance in the service portal and download inspection results in CSV format.
Additionally, inspection reports are sent to users via email through the reporting sending settings.
Currently, Cloud Advisor provides a total of 26 check items across cost, compliance, and security categories.
※ Currently, we are providing recommended services based on AWS, and we plan to continuously update with more CSPs, categories, and inspection items in the future.
category | classification | service | resource | Name displayed in CloudXper | explanation |
Cost | cost_optimizing | CloudTrail | CloudWatchLogs | CloudTrail CloudWatch Logs | CloudWatch Log Settings |
cost_optimizing | CloudTrail | DataTrail | CloudTrail Data Events | Data Event | |
cost_optimizing | EC2 | Volume | Deprecated Amazon EBS Volumes | Unused volume | |
cost_optimizing | RI | Instance | EC2 Instance RI Expires | EC2 Instance RI Expiration | |
cost_optimizing | RI | ElastiCache | ElastiCache RI Expires | ElastiCache RI Expiration | |
cost_optimizing | RI | ElastiSearch | ElastiSearch RI Expires | ElastiSearch RI Expiration | |
cost_optimizing | EC2 | LoadBalancer | IDLE load balancer | Unused load balancer | |
cost_optimizing | EC2 | TargetGroup | IDLE target group | Unused target group | |
cost_optimizing | RI | DbInstance | RDS Instance RI Expires | RDS Instance RI Expiration | |
cost_optimizing | RI | Redshift | Redshift RI Expires | Redshift RI Expiration | |
cost_optimizing | CloudTrail | ManagementTrail | Redundancy CloudTrail Management Events | Duplicate Management Event | |
cost_optimizing | SavingsPlan | SavingsPlan | SavingsPlan Expires | SavingsPlan Expiration | |
Compliance | compliance | CloudXperRule | instance_type_rule | Instance Type Constraints | New resource management policy for ideal instance types |
compliance | CloudXperRule | region_rule | Region Contsraints | New resource management policy in unused regions | |
Security | fault_tolerance | EC2 | Snapshot | Check the age of the snapshots | Check snapshot life cycle |
health_event | Health | Issue | Health Event Open Issues | Health Event Unresolved Issues | |
security | ACM | Certificate | ACM SSL expiration | ACM Certificate Expiration | |
security | CloudTrail | Trail | CloudTrail Multi-region Logging | Logging all region trails | |
security | IAM | Policy | Deprecated IAM Policy | Unused IAM Policies | |
security | IAM | User | IAM Access Key Rotation | IAM Access Key Life Cycle Check | |
security | IAM | PasswordPolicy | IAM Password Policy Risk | IAM User Password Policy | |
security | IAM | User | IAM User Sign-in Security Risk | IAM User Login Security | |
security | EC2 | LoadBalancer | Load Balancer listener SSL expiration | Load balancer certificate expired | |
security | S3 | Bucket | S3 Bucket Publicly accessible | Bucket public access | |
security | EC2 | SecurityGroup | Security Group Access Risk | Security Group Rules Access Risk | |
security | IAM | Role | Underutilized IAM Role | Low-Use IAM Roles |
The column marked with an exclamation mark is the actual value displayed in the UI.
Security Group Check Criteria and Well-Known TCP Port Criteria
category | explanation |
|---|---|
Required Service IP/Port | Check inbound Source IP Anywhere (0.0.0.0/0 or ::/0) |
Check Inbound Source Port Anywhere (0-65535) | |
Check for unused target groups | |
Well-known service port | Check Source IP Anywhere (0.0.0.0/0 or ::/0) for well-known ports |
Check Non-SSL Services on Well-known Ports | |
Default Security Group | Check if the default security group is used |
Unused security group | Check for unused security groups |
Well-known TCP port
service | port |
|---|---|
FTP | 20, 21 |
SSH | 22 |
TELNET | 23 |
SMTP | 25 |
DNS | 53 |
HTTP | 80 |
POP3 | 110 |
IMAP | 143 |
LDAP | 646 |
HTTPS | 443 |
SMB | 139 |
SMTPS | 465, 587 |
IMAPS | 993 |
POP3S | 995 |
MSSQL | 1433 |
NFS | 2049 |
MysqlAurora | 3306 |
RDP | 3389 |
Redshift | 5439 |
PostgreSQL | 5432 |
OracleRDS | 1521 |
WinRmHTTP | 5985 |
WinRmHTTPS | 5986 |
ElasticGraphics | 2007 |
2. Trusted Advisor (AWS Recommendation Feature)
Among the recommendation services provided by AWS, you can use Trusted Advisor to quickly identify cost savings and issues in five areas (cost, performance, security, redundancy, and service restrictions).
These values are collected through the API provided by CSP, and the results can be downloaded in CSV format.
Cost Optimization: Provides various recommendations for cost reduction (Idle Resource, Low & Under Utilization, Unassociated Resource, etc.)
Performance: You can check the recommended items for resource performance deficiency.
Security: You can check the detected items for security vulnerabilities.
Fault Tolerance: Can be checked for resources that are not configured for redundancy.
Service Limits: You can check the information on resources in use that require limit changes.
3. Azure Advisor (Azure recommendation feature)
You can integrate status information for cost, performance, security, reliability, and operational optimization through integration with Advisor service, a recommendation service provided by Azure.
These values are collected through the API provided by CSP, and the results can be downloaded in CSV format.
Cost (Cost Optimization): Identify unused and underused resources to get recommendations and suggested guidelines for cost reduction and optimization.
Performance (Performance Efficiency): Check out recommended features to improve the speed and responsiveness of your key business applications.
Security: You can check the status and recommendations for Azure resources with security issues.
Reliability: You can check recommendations for ensuring continuity of business-critical applications.
Operational excellence: You can find recommendations for process and workflow efficiency, resource management efficiency, and best practices for deployment.
4. GCP Recommender (GCP Recommendation Function)
You can check recommendation functions for areas such as cost, performance, security, and management through the Recommender service, a recommendation service provided by GCP.
These values are collected through the API provided by CSP, and the results can be downloaded in CSV format.
Cost (Cost Optimization): Identify unused and underused resources to get recommendations and suggested guidelines for cost reduction and optimization.
Performance (Performance Efficiency): Check out recommended features to improve the speed and responsiveness of your key business applications.
Security: You can check the status and recommendations for Azure resources with security issues.
Manageability: You can check recommendations that can improve operational management efficiency.
Category Unspecified (Other recommendations): You can check other recommendations.