Skip to content


Receive high risk findings from Trusted Advisor in Asana

Trusted Advisor(TA) inspects your AWS environment, and then makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps. High priority TA checks require further investigation as they help you secure and optimize your account to align with AWS best practices. Engineering teams often dedicate resources to manually go through the TA recommendations to detect and handle the recommendations. Further, some of the less severe issues could be parked for a later date and needs to be tracked as a backlog item. If your team is already using Asana to manage all the work from company strategy to sprint plans and support issues, this solution automates the process to get notified on TA recommendations as a part of the same Asana ecosystem in the form of Asana tasks. This removes the need for manual intervention and enables teams to easily track, and provides visibility to the teams to address the issues in a timely manner.

Solution Overview

The following diagram illustrates how the solution works:



Create a Personal Access Token and a project in Asana where you would like the task to be created. Personal Access Tokens (PATs) are a useful mechanism for accessing the API in scenarios where OAuth would be considered overkill, such as access from the command line and personal scripts or applications. Refer to the link below for instructions to create a PAT and a project:

Creating a project:

Creating a PAT:

Copy and save the Project ID (newly created project) and the PAT in a local text file. We will use it later when deploying the solution. Pass these to the Lambda function to create curated events from Trusted Advisor to an Asana task.

How it works

1. An EventBridge rule is configured to invoke a Lambda function on a pre-configured schedule. For example, hourly, every 12 hours, daily, etc.

2. EventBridge invokes the Lambda function and passes the Personal Access Token, Project ID as arguments to the Lambda function.The JSON input event to the Lambda function should look something like this:              
      "AccessToken": "Bearer x/xxxxxxxxxxxxxxx:xxxxxxxxxxxxxxx", "Project": "xxxxxxxxxxxxxxx"

3. Lambda invokes Trusted Advisor APIs to get the current point in time status of all checks that are in the RED (Action Required) state

4. Lambda formats the response from Trusted Advisor, and sends a summary of all checks, along with details of all open high-risk items to Asana, organized by risk category (Security, Fault Tolerance, Performance, Cost and Service Limits).

Note: The solution creates a task each time the Lambda function is invoked as per the pre-configured schedule and hence the tasks could have duplicate information of high-risk items if the recommendations have not been addressed yet. The schedule can be adjusted to a desired frequency as per your requirements.

Deploy the solution

The solution includes the following files

Python script for the Lambda function.


CloudFormation template, with inline code to automatically deploy the solution.

Using CloudFormation

Use the CloudFormation template CF-TrustedAdvisor-Asana-Task.yml to deploy the solution. Provide the following inputs to CloudFormation input parameters when prompted

1. ScheduleExpression
  Enter an interval for the scheduler to run, e.g. every 12 hours, etc., or an EventBridge cron pattern.  

2. Asana Personal Access Token and Project ID
  Enter the PAT and project id you created earlier as the input event to the Lambda function in JSON, as shown below,  
     "AccessToken": "Bearer x/xxxxxxxxxxxxxxx:xxxxxxxxxxxxxxx", "Project": "xxxxxxxxxxxxxxx"

Manual Deployment – Step by Step

The steps below let you manually deploy and customize the solution to meet your needs

1. Create a Project in Asana and a Personal Access Token(PAT)

   Refer to the link below for instructions to create them:
   Creating a project:,Create%20your%20first%20project,-Organize%20your%20project
   Creating a PAT:,Personal%20Access%20Token,-Personal%20Access%20Tokens

2. Create the Lambda function 
   - Using the provided Python script create a Lambda function in your account. 
   - To give Lambda access to Trusted Advisor, add the permissions below to the default Lambda execution role.
      "Version": "2012-10-17",
      "Statement": [
            "Action": [
            "Resource": "*",
            "Effect": "Allow"

  For additional details on configuring the Lambda execution role, see

3. Create an Amazon EventBridge rule
   - Create a rule in Amazon EventBridge that runs on a schedule
   - You may choose the “default” Event bus for this rule
   - Enter an interval for the scheduler to run, e.g. every 12 hours, etc., or an EventBridge cron pattern. 

   - Configure a Lambda target. Select the Lambda function created in Step 1. 
   - Under “Additional settings” for the target, select “Constant (JSON text)”, and then enter the input event to the Lambda function in JSON as follows,
       "AccessToken": "Bearer x/xxxxxxxxxxxxxxx:xxxxxxxxxxxxxxx", "Project": "xxxxxxxxxxxxxxx"
   - You may leave other settings as default, or refer to the product documentation for additional details at, 
   - Review and Create rule. 

   For more information about creating an Amazon EventBridge rule that runs on a schedule, see


See CONTRIBUTING for more information.


This library is licensed under the MIT-0 License. See the LICENSE file.


No description, website, or topics provided.



Code of conduct

Security policy





No releases published


No packages published