Identify and delete any unused Amazon Virtual Private Gateways (VGWs) in order to adhere to best practices and to avoid reaching the service limit (by default, you are limited to 5 VGWs - attached or detached - per AWS region). An AWS Virtual Private Gateway is considered unused when is no longer associated with a VPN connection (on the VPC side of the connection). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VGW resources is not reaching the limit.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
efficiency
As good practice, every unused (detached) AWS Virtual Private Gateway should be removed from your account for a better management of your AWS resources.
Audit
To recognize any unused Virtual Private Gateways (VGWs) currently available within your AWS account, perform the following:
Remediation / Resolution
To remove any unused AWS Virtual Private Gateways provisioned within your AWS account, perform the following:
References
- AWS Documentation
- Amazon VPC FAQs
- VPN Connections
- Adding a Hardware Virtual Private Gateway to Your VPC
- Amazon VPC Limits
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-vpn-gateways
- delete-vpn-gateway
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Unused Virtual Private Gateways
Risk level: Low