Checks whether a destination-based route and a policy-based route are configured for each VPN gateway and the automatic BGP route propagation feature is enabled for each VPN gateway. If so, the evaluation result is Compliant.
Scenarios
Paying attention to and managing VPN gateways that are not in use during idle periods help enterprises better manage costs.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If a destination-based route and a policy-based route are configured for each VPN gateway and the automatic BGP route propagation feature is enabled for each VPN gateway, the evaluation result is Compliant.
If a destination-based route or a policy-based route is not configured for a VPN gateway or the automatic BGP route propagation feature is not enabled for a VPN gateway, the evaluation result is Non-compliant.
If the creation time of a VPN gateway is within the specified number of days, the evaluation result is Not Applicable. The default number of days is 7.
Rule details
Item | Description |
Rule name | vpn-gateway-idle-check |
Rule ID | |
Tag | VPN and VPN Gateway |
Automatic remediation | Not supported |
Trigger type | Configuration change |
Supported resource type | VPN gateway |
Input parameter | allocateDays. Default value: 7, in days |
Non-compliance remediation
Configure a destination-based route and a policy-based route for each VPN gateway and enable the automatic BGP route propagation feature for each VPN gateway. For more information, see DescribeVpnGateway.