As well as opening up the entire suite of Trusted Advisor checks, a Business or Enterprise level support arrangement gives you access to the following:
- Notifications: You are able to have notifications delivered to you at a higher frequency using a number of delivery methods. Since Trusted Advisor is an available source in CloudWatch Events you'll be able to create notifications that can be handled by SNS (e-mail, push, SMS) or even notifications that will trigger Lambda functions.
- API access: You'll have access to a number of Trusted Advisor API methods such as DescribeTrustedAdvisorCheckResult and DescribeTrustedAdvisorCheckSummaries. You can use these to integrate the results from checks into your own dashboards or monitoring systems. You'll also be able to use the APIs to refresh Trusted Advisor checks (after you've taken corrective action on them, for example).
- Exclusion: You can selectively mute checks that are failing. You'll sometimes want to do this for things such as RDS instances in your development environments that aren't in multi-AZ mode or don't have backups enabled.
Finally, some of the more useful checks we see for our Business and Enterprise level support customers are:
- Reserved Instances: A nice cost optimization if you have a reasonably static workload.
- Unassociated Elastic IPs: If IP addresses are not associated with a network interface (on an EC2 instance for example) you will still be charged for them. Also if there are unassociated IPs floating around, that is usually a sign that they are being allocated manually instead of with CloudFormation. Remember that the goal here is for more automation, not less.
- Idle load balancers: Again, these cost money and are often easily orphaned in low automation environments.
- S3 bucket permissions: It's not always obvious if the permissions on an S3 bucket have been misconfigured. This check helps you avoid unintentionally leaking data.