Identify and remove any unused VPC Internet Gateways (IGWs) and VPC Egress-Only Internet Gateways (EIGWs) in order to adhere to best practices and to avoid approaching the service limit (by default, you are limited to 5 IGWs and 5 EIGWs per AWS region). An Internet Gateway/Egress-Only Internet Gateway is evaluated as unused when is not attached anymore to an AWS Virtual Private Cloud (VPC). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VPC resources is not reaching the service limit.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
For a better management of your VPC resources, all unused (detached) Internet Gateways and Egress-Only Internet Gateways should be removed from your AWS VPC environment.
To identify any unused IGWs and EIGWs provisioned within your AWS Virtual Private Cloud (VPC), perform the following:
Remediation / Resolution
To remove any unused IGWs and EIGWs available within your Amazon VPC, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Unused VPC Internet Gateways
Risk level: Low