Identify and remove any unused VPC Internet Gateways (IGWs) and VPC Egress-Only Internet Gateways (EIGWs) in order to adhere to best practices and to avoid approaching the service limit (by default, you are limited to 5 IGWs and 5 EIGWs per AWS region). An Internet Gateway/Egress-Only Internet Gateway is evaluated as unused when is not attached anymore to an AWS Virtual Private Cloud (VPC). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VPC resources is not reaching the service limit.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
For a better management of your VPC resources, all unused (detached) Internet Gateways and Egress-Only Internet Gateways should be removed from your AWS VPC environment.
To identify any unused IGWs and EIGWs provisioned within your AWS Virtual Private Cloud (VPC), perform the following:
To remove any unused IGWs and EIGWs available within your Amazon VPC, perform the following actions: