Identify and delete any unused Amazon Virtual Private Gateways (VGWs) in order to adhere to best practices and to avoid reaching the service limit (by default, you are limited to 5 VGWs - attached or detached - per AWS region). An AWS Virtual Private Gateway is considered unused when is no longer associated with a VPN connection (on the VPC side of the connection). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VGW resources is not reaching the limit.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
As good practice, every unused (detached) AWS Virtual Private Gateway should be removed from your account for a better management of your AWS resources.
To recognize any unused Virtual Private Gateways (VGWs) currently available within your AWS account, perform the following:
Remediation / Resolution
To remove any unused AWS Virtual Private Gateways provisioned within your AWS account, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Unused Virtual Private Gateways
Risk level: Low