# Working with other services
This section describes AWS services that interact with AWS Resilience Hub.
**Topics**
+ [
# AWS CloudFormation
](creating-resources-with-cloudformation.md)
+ [
# AWS CloudTrail
](integrate-cloudtrail.md)
+ [
# AWS Systems Manager
](integrate-ssm.md)
+ [
# AWS Trusted Advisor
](integrate-ta.md)
# AWS CloudFormation
AWS Resilience Hub is integrated with AWS CloudFormation, a service that helps you to model and set up your AWS resources so that you can spend less time creating and managing your resources and infrastructure. You create a template that describes all the AWS resources that you want (such as AWS::ResilienceHub:::ResiliencyPolicy and AWS::ResilienceHub:::App), and CloudFormation provisions and configures those resources for you.
When you use CloudFormation, you can reuse your template to set up your AWS Resilience Hub resources consistently and repeatedly. Describe your resources one time, and then provision the same resources repeatedly in multiple AWS accounts and Regions.
## AWS Resilience Hub and CloudFormation templates
To provision and configure resources for AWS Resilience Hub and related services, you must understand [CloudFormation templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-guide.html). Templates are formatted text files in JSON or YAML. These templates describe the resources that you want to provision in your CloudFormation stacks. If you're unfamiliar with JSON or YAML, you can use CloudFormation Designer to help you get started with CloudFormation templates. For more information, see [What is CloudFormation Designer?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/working-with-templates-cfn-designer.html) in the *AWS CloudFormation User Guide*.
AWS Resilience Hub supports creating AWS::ResilienceHub:::ResiliencyPolicy and AWS::ResilienceHub:::App in CloudFormation. For more information, including examples of JSON and YAML templates for AWS::ResilienceHub:::ResiliencyPolicy and AWS::ResilienceHub:::App, see the [AWS Resilience Hub resource type reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ResilienceHub.html) in the *AWS CloudFormation User Guide*.
You can use CloudFormation stacks to define AWS Resilience Hub applications. A stack lets you manage related resources as a single unit. A stack can contain all the resources that you need to run a web application, such as a web server or networking rules.
## Learn more about CloudFormation
For more information about CloudFormation, see the following resources:
+ [AWS CloudFormation](https://aws.amazon.com/cloudformation/)
+ [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)
+ [CloudFormation API Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/Welcome.html)
+ [AWS CloudFormation Command Line Interface User Guide](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html)
# AWS CloudTrail
AWS Resilience Hub is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, a role, or an AWS service in AWS Resilience Hub. CloudTrail captures all API calls for AWS Resilience Hub as events. The calls that are captured include calls from the AWS Resilience Hub console and code calls to the AWS Resilience Hub API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for AWS Resilience Hub. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail, you can determine the request that was made to AWS Resilience Hub, the IP address from which the request was made, who made the request, when it was made, and additional details.
For more information about CloudTrail, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com//awscloudtrail/latest/userguide/cloudtrail-user-guide.html).
# AWS Systems Manager
AWS Resilience Hub works with Systems Manager to automate the steps of your SOPs by providing a number of SSM documents you can use as the basis for those SOPs.
AWS Resilience Hub provides you CloudFormation templates that contains the IAM roles required to run different Systems Manager documents, one role per document with permissions required for the specific document. After creating a stack with the CloudFormation template, it will setup the IAM roles and save metadata in Systems Manager parameter for the Systems Manager automation document to run for different recovery procedures.
For more information on using SOPs, see [Managing standard operating procedures](sops.md).
# AWS Trusted Advisor
AWS Trusted Advisor is a centralized home of AWS best practice recommendations that helps you to identify, prioritize, and optimize your deployment on AWS. AWS Trusted Advisor inspects your AWS environment, and then makes recommendations through checks when opportunities exist to save money, improve system availability and performance, or help close security gaps. These checks are divided into multiple categories based on their purpose. For more information about different categories of checks in AWS Trusted Advisor, see the [AWS Support](https://docs.aws.amazon.com//awssupport/latest/user/trusted-advisor-check-reference.html) User Guide.
AWS Trusted Advisor provides multiple high-level resiliency recommendations through resiliency checks for each application in AWS Resilience Hub under **Fault tolerance** category. **Fault tolerance** category lists all the checks that tests your applications to determine their resilience and reliability. These checks alert you when there are AppComponent failures and policy breaches that can cause resiliency risks and affect the application availability for business continuity. It also provides resiliency recommendations that will improve the chances to reduce these risks under **Recommended Action** section, which needs to be addressed in AWS Resilience Hub. For more insights about the recommendations for each application in the AWS Trusted Advisor, we recommend you to view the detailed recommendations provided in the AWS Resilience Hub.
AWS Trusted Advisor provides the following checks for each application in AWS Resilience Hub:
+ **AWS Resilience Hub application resilience scores** – Checks the resiliency score of your applications from their latest assessment in AWS Resilience Hub and alerts you if their resiliency scores are below a specific value.
**Alert criteria**
+ **Green** – Indicates that your application has a resiliency score of 70 and above.
+ **Yellow** – Indicates that your application has a resiliency score between 40 and 69.
+ **Red** – Indicates that your application has a resiliency score less than 40.
**Recommended action**
To improve the resiliency posture and obtain the best possible resiliency score for your application, run an assessment with the most recently updated version of your application resources and if applicable, implement the suggested operational recommendations. For more information about running, reviewing, and implementing assessments, reviewing and including/excluding operational recommendations, and implementing the same, see the following topics:
+ [Running resiliency assessments in AWS Resilience Hub](run-assessment.md)
+ [Reviewing assessments reports](review-assessment.md)
+ [Reviewing resiliency recommendations](resil-recs.md)
+ [Including or excluding operational recommendations](exclude-recommend.md)
+ **AWS Resilience Hub application policy breached** – Checks if the AWS Resilience Hub applications meet the RTO and RPO targets you have set for an application and alerts you if the application do not meet the RTO and RPO targets.
**Alert criteria**
+ **Green** – Indicates that the application has a policy and the estimated workload RTO and estimated workload RPO meet the RTO and RPO targets.
+ **Yellow** – Indicates that the application has a policy and has not been assessed.
+ **Red** – Indicates that the application has a policy and the estimated workload RTO and estimated workload RPO does not meet the RTO and RPO targets.
**Recommended action**
To ensure that the estimated workload RTO and estimated workload RPO of your application still meet the defined RTO and RPO targets, run assessments regularly with the most recently updated version of your application resources. In addition, if you want to ensure that the resiliency policy of your application is not breached, we recommend you to review the assessment report and implement the suggested resiliency recommendations. For more information about enabling AWS Resilience Hub to run assessments on a daily basis on your behalf, running assessments, reviewing resiliency recommendations and implementing the same, see the following topics:
+ [Editing AWS Resilience Hub application resources](application-resources.md) (To enable AWS Resilience Hub to run assessments on a daily basis on your behalf, complete the steps in **To edit drift notification settings of your application** procedure to select **Automatically assess daily** check box.)
+ [Running resiliency assessments in AWS Resilience Hub](run-assessment.md)
+ [Reviewing assessments reports](review-assessment.md)
+ [Reviewing resiliency recommendations](resil-recs.md)
+ [Including or excluding operational recommendations](exclude-recommend.md)
+ **AWS Resilience Hub application assessment age** – Checks the last time since you had run an assessment for each of your applications in AWS Resilience Hub. It alerts you if you haven’t run an assessment for the specified number of days.
**Alert criteria**
+ **Green** – Indicates that you have run an assessment for your application in the last 30 days.
+ **Yellow** – Indicates that you have not run an assessment for your application in the last 30 days.
**Recommended action**
Run assessments regularly to manage and improve the resilience posture of your applications on AWS. If you want AWS Resilience Hub to assess your application on a daily basis on your behalf, you can enable the same by the selecting the **Automatically assess this application daily** check box in AWS Resilience Hub drift notification. To select **Automatically assess this application daily** check box, complete the **To edit drift notification of your application** procedure in [Editing AWS Resilience Hub application resources](application-resources.md).
**Note**
This check determines the assessment age of only those applications that have been assessed at-least once in AWS Resilience Hub.
+ **AWS Resilience Hub application component check** – Checks if an Application Component (AppComponent) in your application is unrecoverable. That is, if this AppComponent does not recover in case of a disruption event, you may experience unknown data loss and system downtime. If the alert criteria is set to **Red**, it indicates that the AppComponent is unrecoverable.
**Recommended action**
To ensure that your AppComponent is recoverable, review and implement the resiliency recommendations, and then run a new assessment. For more information about reviewing the resiliency recommendations, see [Reviewing resiliency recommendations](resil-recs.md).
For more information about using AWS Trusted Advisor, see the [AWS Support User Guide](https://docs.aws.amazon.com//awssupport/latest/user/trusted-advisor.html).