All Products
Search
Document Center

Cloud Config:internet-nat-gateway-in-specified-vpc

Last Updated:Jun 16, 2026

Evaluates whether Internet NAT gateways reside in specified virtual private clouds (VPCs).

Scenarios

Creating Internet NAT gateways only in designated VPCs ensures that all gateways meet your requirements and reduces management and operational costs.

Risk level

Default risk level: medium.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If the Internet NAT gateways reside in the specified VPCs, the evaluation result is Compliant.
  • This rule does not apply to VPC NAT gateways. For a VPC NAT gateway, the evaluation result is Not Applicable.
  • If an Internet NAT gateway does not reside in any of the specified VPCs, the evaluation result is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.

Rule details

Item Description
Rule name internet-nat-gateway-in-specified-vpc
Rule identifier internet-nat-gateway-in-specified-vpc
Tag NAT and NatGateway
Automatic remediation Not supported
Trigger type Periodic execution
Evaluation frequency Every 24 hours
Supported resource type NAT gateway
Input parameter vpcIds
Note Separate multiple VPC IDs with commas (,).

Non-compliance remediation

Delete the non-compliant Internet NAT gateway and create one in a specified VPC. For more information, see Internet NAT gateway.