Evaluates whether Internet NAT gateways reside in specified virtual private clouds (VPCs).
Scenarios
Creating Internet NAT gateways only in designated VPCs ensures that all gateways meet your requirements and reduces management and operational costs.
Risk level
Default risk level: medium.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If the Internet NAT gateways reside in the specified VPCs, the evaluation result is Compliant.
- This rule does not apply to VPC NAT gateways. For a VPC NAT gateway, the evaluation result is Not Applicable.
- If an Internet NAT gateway does not reside in any of the specified VPCs, the evaluation result is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | internet-nat-gateway-in-specified-vpc |
| Rule identifier | internet-nat-gateway-in-specified-vpc |
| Tag | NAT and NatGateway |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Every 24 hours |
| Supported resource type | NAT gateway |
| Input parameter | vpcIds
Note Separate multiple VPC IDs with commas (,). |
Non-compliance remediation
Delete the non-compliant Internet NAT gateway and create one in a specified VPC. For more information, see Internet NAT gateway.