Cloudguard is a feature designed to offer performance and security audits, enhancing the overall safety of your account. Once you access the Cloudguard dashboard, you'll find these recommendations within the Performance and Security tabs.
Security Recommendations
In any fast-moving environment, teams need a clear, simple way to track progress and make decisions. The Insights Dashboard delivers exactly that, providing a real-time overview of performance, progress, and outcomes—all in one place.
The dashboard provides a comprehensive overview of captured non-compliances across adding account. It displays the total number of insights—messages that highlight where systems or processes deviate from AWS requirements. In addition, it tracks the number of closed issues, making it easy to measure follow-through, resolution progress, and overall responsiveness.
By combining these two metrics—insights gathered and issues closed—the dashboard creates a clear link between discovery and action, helping teams stay accountable and identify areas that need attention. The score is calculated using the our knowledge base of insights, so each entry is evaluated in context.
On each refresh, the dashboard also updates score, trend, and archived status. This ensures the most relevant insights surface first, while archived items are tracked and trends show how focus areas evolve over time.
Scroll to view security recommendations. You will receive suggestions for changing user passwords and user access passwords. A week's warning is issued if a password hasn't been changed in three months, while a critical warning is issued for passwords unchanged for over a year. Clicking the blue arrow to the right reveals a list of all passwords requiring modification.
Also, you will get a notification informing users that Reserved Instances and Saving Plans expire soon. This feature provides additional performance and extra-security audits to improve the safety of your account. You just open the Cloudguard dashboard to see these notifications in the ‘Performance’ and ‘Security’ tabs.
To filter recommendations by severity (critical, warning, weak-warning, or compliment), simply use the quick filters.
Select the desired compliance from the drop-down list, such as ‘AWS well-architected', ‘SOC2’, ‘CIS’, or ‘Uniskai’ compliance.
You can archive insights individually or as a group. Archived insights can be found in the ‘Archive’ tab, and you can unarchive them at any time.
Please note that if you archive a group, you won't be able to unarchive individual insights within that group. However, when insights are archived individually, you can unarchive them either as a group or one by one.
You can conveniently save all insights to an Excel file in one step by clicking the button in the upper right corner and waiting for your Excel file to download.
A special note: If you archive a group of insights, any new insights with the same meaning (title, description, etc.) will be automatically archived.
Additionally, you have the option to access comprehensive documentation. Just click on the ‘Read Docs’ button and explore any blue links of interest.
If you wish to explore more compliance options, simply click the ‘+’ button, and a pop-up will appear.
You have the opportunity to access detailed information about each insight by clicking on the insight itself, which will display all the relevant information.
Also, Uniskai by Profisea Labs implemented the latest FinOps/DevOps best practices, namely Lambda function aliases, to provide a function identifier that you can update to invoke a different version.
Access all your account insights in one unified place without switching between them.
Performance Recommendations
Performance recommendations can be explored in a dedicated Performance insights page, where users can view detailed findings that help maintain efficiency and optimize their environment.
Examples of available performance insights include:
Black hole in a route – Detecting connections to deleted resources within routing tables, with a recommendation to remove them.
S3 bucket storage management – Highlighting optimization opportunities for data stored in S3 buckets.
Extended support insights – Notifications that keep you informed about the lifecycle of your Kubernetes clusters and databases, ensuring cost-efficiency and compliance. These insights include:
Alerts when EKS clusters are reaching or have entered extended support.
Warnings that databases (e.g., RDS engines) are approaching or in extended support.
Cluster-level insights such as: "{cluster} entered the Extended support period on {date}".
Detailed version notices like: "{rds-name} engine version {version} entered the extended support period on {date}. To avoid additional costs, consider upgrading the engine version."
And much more...
By consolidating these insights on one page, Cloudguard provides a clear view of where performance risks and cost impacts may arise so that you can take action in advance.
In the image below, you can observe performance recommendations as an example. In this instance, you'll notice a black hole in a route, indicating that a connection to a resource in the routing table exists even though the resource has been deleted. The recommendation here is to delete this connection.
The deprecated service warning displayed in the following image notifies users that the classic load balancer is no longer supported and recommends migration. By clicking the ‘Read Docs’ button, you can access more information about this service.
