chore(aws): enhance metadata for trustedadvisor service (#9435)

Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2025-12-19 05:17:47 +00:00 · 2025-12-16 12:49:00 +01:00
parent 5aa112d438
commit 433853493b
3 changed files with 34 additions and 19 deletions
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -17,6 +17,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update AWS Inspector v2 service metadata to new format [(#9260)](https://github.com/prowler-cloud/prowler/pull/9260)
 - Update AWS Service Catalog service metadata to new format [(#9410)](https://github.com/prowler-cloud/prowler/pull/9410)
 - Update AWS SNS service metadata to new format [(#9428)](https://github.com/prowler-cloud/prowler/pull/9428)
+- Update AWS Trusted Advisor service metadata to new format [(#9435)](https://github.com/prowler-cloud/prowler/pull/9435)

 ---

--- a/prowler/providers/aws/services/trustedadvisor/trustedadvisor_errors_and_warnings/trustedadvisor_errors_and_warnings.metadata.json
+++ b/prowler/providers/aws/services/trustedadvisor/trustedadvisor_errors_and_warnings/trustedadvisor_errors_and_warnings.metadata.json
@@ -1,26 +1,32 @@
 {
  "Provider": "aws",
  "CheckID": "trustedadvisor_errors_and_warnings",
-  "CheckTitle": "Check Trusted Advisor for errors and warnings.",
-  "CheckType": [],
+  "CheckTitle": "Trusted Advisor check has no errors or warnings",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices"
+  ],
  "ServiceName": "trustedadvisor",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:service:region:account-id",
+  "ResourceIdTemplate": "",
  "Severity": "medium",
  "ResourceType": "Other",
-  "Description": "Check Trusted Advisor for errors and warnings.",
-  "Risk": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.",
-  "RelatedUrl": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/",
+  "Description": "**AWS Trusted Advisor** check statuses are assessed to identify items in `warning` or `error`. The finding reflects the state reported by Trusted Advisor across categories such as **Security**, **Fault Tolerance**, **Service Limits**, and **Cost**, indicating where configurations or quotas require attention.",
+  "Risk": "Unaddressed **warnings/errors** can leave misconfigurations that impact CIA:\n- **Confidentiality**: public access or weak auth exposes data\n- **Integrity**: overly permissive settings allow unwanted changes\n- **Availability**: limit exhaustion or poor resilience triggers outages\nThey can also increase unnecessary cost.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/TrustedAdvisor/checks.html"
+  ],
  "Remediation": {
    "Code": {
      "CLI": "",
      "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/TrustedAdvisor/checks.html",
+      "Other": "1. Sign in to the AWS Console and open Trusted Advisor\n2. Go to Checks and filter Status to Warning and Error\n3. Open each failing check and click View details/Recommended actions\n4. Apply the listed fix to the affected resources\n5. Click Refresh on the check and repeat until all checks show OK",
      "Terraform": ""
    },
    "Recommendation": {
-      "Text": "Review and act upon its recommendations.",
-      "Url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/"
+      "Text": "Adopt a continuous process to remediate Trusted Advisor findings:\n- Prioritize **`error`** then `warning`\n- Assign ownership and SLAs\n- Integrate alerts with workflows\n- Enforce **least privilege**, segmentation, encryption, MFA, and tested backups\n- Reassess regularly to confirm fixes and prevent regression",
+      "Url": "https://hub.prowler.com/check/trustedadvisor_errors_and_warnings"
    }
  },
  "Categories": [],
--- a/prowler/providers/aws/services/trustedadvisor/trustedadvisor_premium_support_plan_subscribed/trustedadvisor_premium_support_plan_subscribed.metadata.json
+++ b/prowler/providers/aws/services/trustedadvisor/trustedadvisor_premium_support_plan_subscribed/trustedadvisor_premium_support_plan_subscribed.metadata.json
@@ -1,29 +1,37 @@
 {
  "Provider": "aws",
  "CheckID": "trustedadvisor_premium_support_plan_subscribed",
-  "CheckTitle": "Check if a Premium support plan is subscribed",
-  "CheckType": [],
+  "CheckTitle": "AWS account is subscribed to an AWS Premium Support plan",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices"
+  ],
  "ServiceName": "trustedadvisor",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:iam::AWS_ACCOUNT_NUMBER:root",
+  "ResourceIdTemplate": "",
  "Severity": "low",
  "ResourceType": "Other",
-  "Description": "Check if a Premium support plan is subscribed.",
-  "Risk": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.",
-  "RelatedUrl": "https://aws.amazon.com/premiumsupport/plans/",
+  "Description": "**AWS account** is subscribed to an **AWS Premium Support plan** (e.g., Business or Enterprise)",
+  "Risk": "Without **Premium Support**, critical incidents face slower response, reducing **availability** and delaying containment of security events. Limited Trusted Advisor coverage lets **misconfigurations** persist, risking **data exposure** and **privilege misuse**. Lack of expert guidance increases change risk during production impacts.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html",
+    "https://aws.amazon.com/premiumsupport/plans/"
+  ],
  "Remediation": {
    "Code": {
      "CLI": "",
      "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html",
+      "Other": "1. Sign in to the AWS Management Console as the account root user\n2. Open https://console.aws.amazon.com/support/home#/plans\n3. Click \"Change plan\"\n4. Select \"Business Support\" (or higher) and click \"Continue\"\n5. Review and confirm the upgrade",
      "Terraform": ""
    },
    "Recommendation": {
-      "Text": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.",
-      "Url": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html"
+      "Text": "Adopt **Business** or higher for production and mission-critical accounts.\n- Integrate Support into IR with defined contacts/severity\n- Enforce **least privilege** for case access\n- Use Trusted Advisor for proactive hardening\n- If opting out, ensure an equivalent 24/7 support and escalation path",
+      "Url": "https://hub.prowler.com/check/trustedadvisor_premium_support_plan_subscribed"
    }
  },
-  "Categories": [],
+  "Categories": [
+    "resilience"
+  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": ""