If the SNAT and DNAT of the NAT gateway use different EIPs, the evaluation result is Compliant.
Scenarios
If the SNAT and DNAT of the NAT gateway use different EIPs, you can make different configurations, such as bandwidths, for the inbound and outbound traffic.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the SNAT and DNAT of the NAT gateway use different EIPs, the evaluation result is Compliant.
- If the SNAT and DNAT of the NAT gateway use the same EIP, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see the "Incompliance remediation" section of this topic.
- This rule does not apply to virtual private clouds (VPCs) and NAT gateways.
Rule details
| Item | Description |
|---|---|
| Rule name | natgateway-eip-used-check |
| Rule identifier | natgateway-eip-used-check |
| Tag | NAT and NatGateway |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | NAT gateway |
| Input parameter | None |
Incompliance remediation
Make sure that the SNAT and DNAT of the NAT gateway do not use the same EIP. For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.