How can I find the resource ARN for a Trusted Advisor check result if the output doesn't contain an ARN?

2 minute read

When I run the AWS Support API DescribeTrustedAdvisorCheckResult operation, I don't see a resource ARN in the output.


You can use the AWS Support API to call AWS Trusted Advisor operations. The DescribeTrustedAdvisorCheckResult API operation returns the results of the Trusted Advisor check for the check ID that you specify. To get the check IDs that you need to run the DescribeTrustedAdvisorCheckResult operation, run the DescribeTrustedAdvisorChecks API operation. This returns all available information about Trusted Advisor checks, and includes the check IDs. Make sure to check the Trusted Advisor check reference to view all Trusted Advisor check names, descriptions, and IDs.

Note, however, that the resource ARN isn't returned for all check results. For example, Check ID L4dfs2Q3C2 represents a check for AWS Lambda functions with high error rates. The function ARN for this check is included in the metadata output of the DescribeTrustedAdvisorCheckResult API call. Compare this to Check ID Ti39halfu8. This ID represents the check of Amazon Relational Database Service (Amazon RDS) for any idle DB instances. The function ARN for this check isn't included in the output of DescribeTrustedAdvisorCheckResult.

To get the ARN for an ID that isn't returned in the output of DescribeTrustedAdvisorCheckResult, use the output from the metadata array. Then, use the service-specific API operations. For Check ID Ti39halfu8, the metadata returned includes DB_Instance_Name. Pass the DB_Instance_Name to the Amazon RDS DescribeDBInstances API operation. See the following example:

$ aws rds describe-db-instances --db-instance-identifier DB_Instance_Name

This command returns the output that contains the DBInstanceARN, which is the ARN for the RDS DB instance.

AWS OFFICIALUpdated 10 months ago