Identify and remove any unused VPC Internet Gateways (IGWs) and VPC Egress-Only Internet Gateways (EIGWs) in order to adhere to best practices and to avoid approaching the service limit (by default, you are limited to 5 IGWs and 5 EIGWs per AWS region). An Internet Gateway/Egress-Only Internet Gateway is evaluated as unused when is not attached anymore to an AWS Virtual Private Cloud (VPC). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VPC resources is not reaching the service limit.
This rule can help you with the following compliance standards:
- APRA
- MAS
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
efficiency
For a better management of your VPC resources, all unused (detached) Internet Gateways and Egress-Only Internet Gateways should be removed from your AWS VPC environment.
Audit
To identify any unused IGWs and EIGWs provisioned within your AWS Virtual Private Cloud (VPC), perform the following:
Remediation / Resolution
To remove any unused IGWs and EIGWs available within your Amazon VPC, perform the following actions:
References
- AWS Documentation
- Internet Gateways
- Egress-Only Internet Gateways
- Amazon VPC Limits
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-internet-gateways
- describe-egress-only-internet-gateways
- delete-internet-gateway
- delete-egress-only-internet-gateway
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Unused VPC Internet Gateways
Risk level: Low