Checks whether the Internet NAT gateways that you create reside in the specified virtual private clouds (VPCs).
Scenarios
You can create Internet NAT gateways in specific VPCs to make sure that all the created gateways meet your requirements. This helps reduce management and operational costs.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the Internet NAT gateways that you create reside in the specified VPCs, the evaluation result of the rule is Compliant.
- This rule does not apply to VPC NAT gateways. For a VPC NAT gateway, the evaluation result is Not Applicable.
- If an Internet NAT gateway that you create does not reside in any of the specified VPCs, the evaluation result of the rule is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | internet-nat-gateway-in-specified-vpc |
| Rule identifier | internet-nat-gateway-in-specified-vpc |
| Tag | NAT and NatGateway |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Every 24 hours |
| Supported resource type | NAT gateway |
| Input parameter | vpcIdsNote Separate multiple VPC IDs with commas (,).
|
Non-compliance remediation
Delete the Internet NAT gateway whose configuration is non-compliant and create an Internet NAT gateway in one of the specified VPCs. For more information, see Create and manage Internet NAT gateways.