Identify and remove any unused VPC Internet Gateways (IGWs) and VPC Egress-Only Internet Gateways (EIGWs) in order to adhere to best practices and to avoid approaching the service limit (by default, you are limited to 5 IGWs and 5 EIGWs per AWS region). An Internet Gateway/Egress-Only Internet Gateway is evaluated as unused when is not attached anymore to an AWS Virtual Private Cloud (VPC). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VPC resources is not reaching the service limit.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
For a better management of your VPC resources, all unused (detached) Internet Gateways and Egress-Only Internet Gateways should be removed from your AWS VPC environment.
Audit
To identify any unused IGWs and EIGWs provisioned within your AWS Virtual Private Cloud (VPC), perform the following:
Remediation / Resolution
To remove any unused IGWs and EIGWs available within your Amazon VPC, perform the following actions:
References
- AWS Documentation
- Internet Gateways
- Egress-Only Internet Gateways
- Amazon VPC Limits
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-internet-gateways
- describe-egress-only-internet-gateways
- delete-internet-gateway
- delete-egress-only-internet-gateway