Identify and delete any unused Amazon Virtual Private Gateways (VGWs) in order to adhere to best practices and to avoid reaching the service limit (by default, you are limited to 5 VGWs - attached or detached - per AWS region). An AWS Virtual Private Gateway is considered unused when is no longer associated with a VPN connection (on the VPC side of the connection). Cloud Conformity Service Limits feature (integrated into Amazon Trusted Advisor service) can also help you ensure that the allocation of AWS VGW resources is not reaching the limit.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
As good practice, every unused (detached) AWS Virtual Private Gateway should be removed from your account for a better management of your AWS resources.
Audit
To recognize any unused Virtual Private Gateways (VGWs) currently available within your AWS account, perform the following:
Remediation / Resolution
To remove any unused AWS Virtual Private Gateways provisioned within your AWS account, perform the following:
References
- AWS Documentation
- Amazon VPC FAQs
- VPN Connections
- Adding a Hardware Virtual Private Gateway to Your VPC
- Amazon VPC Limits
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-vpn-gateways
- delete-vpn-gateway