Checks whether the Virtual Private Cloud (VPC) NAT gateways that you create reside in the specified VPCs.

Scenarios

You can create VPC NAT gateways in specific VPCs to make sure that all the created gateways meet your requirements. This helps reduce management and operational costs.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the VPC NAT gateways that you create reside in the specified VPCs, the evaluation result of the rule is Compliant.
  • This rule does not apply to Internet NAT gateways. For an Internet NAT gateway, the evaluation result is Not Applicable.
  • If a VPC NAT gateway that you create does not reside in any of the specified VPCs, the evaluation result of the rule is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.

Rule details

Item Description
Rule name intranet-nat-gateway-in-specified-vpc
Rule identifier intranet-nat-gateway-in-specified-vpc
Tag NAT and NatGateway
Automatic remediation Not supported
Trigger type Configuration change
Supported resource type NAT gateway
Input parameter vpcIds
Note Separate multiple VPC IDs with commas (,).

Non-compliance remediation

Delete the VPC NAT gateway whose configuration is non-compliant and create a VPC NAT gateway in one of the specified VPCs. For more information, see Create and manage a VPC NAT gateway.