All Products
Search
Document Center

Cloud Config:VPN instance expiration check

Last Updated:Jun 22, 2026

Checks whether a VPN Gateway instance expires within a specified number of days. The default threshold is 30 days.

Risk level

Default risk level: High.

You can change the risk level based on your business requirements.

Detection logic

  • A VPN Gateway instance is considered compliant if its expiration date is more than the specified number of days from the current date. Default value: 30 days.

Rule details

Parameter

Description

Rule name

VPN instance expiration check

Rule identifier

vpn-gateway-expired-check

Tag

VPN,ResourceExpired

Automatic remediation

Supported

ACS-BssOpenApi-EnableAutoRenewal

Rule trigger

Configuration change

Supported resource types

ACS::VPN::VpnGateway

Input parameters

days (Default value: 30)

Remediation

To remediate non-compliant resources, see Upgrade, downgrade, and renew VPN Gateway instances.