Evaluates whether each VPN gateway has a destination-based route, a policy-based route, and automatic BGP route propagation enabled. If all conditions are met, the evaluation result is Compliant.
Scenarios
Identify and manage idle VPN gateways to reduce unnecessary costs.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
-
If a destination-based route and a policy-based route are configured for a VPN gateway and automatic BGP route propagation is enabled, the evaluation result is Compliant.
-
If a destination-based route or a policy-based route is not configured for a VPN gateway, or automatic BGP route propagation is not enabled, the evaluation result is Non-compliant.
-
If the VPN gateway was created within the specified number of days (default: 7), the evaluation result is Not Applicable.
Rule details
|
Item |
Description |
|
Rule name |
vpn-gateway-idle-check |
|
Rule ID |
|
|
Tag |
VPN and VPN Gateway |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
VPN gateway |
|
Input parameter |
allocateDays. Default value: 7, in days |
Non-compliance remediation
Configure a destination-based route and a policy-based route for each VPN gateway and enable automatic BGP route propagation. For more information, see DescribeVpnGateway.