Checks whether the Virtual Private Cloud (VPC) NAT gateways that you create reside in the specified VPCs.
Scenarios
You can create VPC NAT gateways in specific VPCs to make sure that all the created gateways meet your requirements. This helps reduce management and operational costs.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the VPC NAT gateways that you create reside in the specified VPCs, the evaluation result of the rule is Compliant.
- This rule does not apply to Internet NAT gateways. For an Internet NAT gateway, the evaluation result is Not Applicable.
- If a VPC NAT gateway that you create does not reside in any of the specified VPCs, the evaluation result of the rule is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | intranet-nat-gateway-in-specified-vpc |
| Rule identifier | intranet-nat-gateway-in-specified-vpc |
| Tag | NAT and NatGateway |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | NAT gateway |
| Input parameter | vpcIdsNote Separate multiple VPC IDs with commas (,).
|
Non-compliance remediation
Delete the VPC NAT gateway whose configuration is non-compliant and create a VPC NAT gateway in one of the specified VPCs. For more information, see Create and manage a VPC NAT gateway.