CloudWiki
Rules
Medium

Gateway VPC endpoint is not in use

AWS Cost Optimization
APRA
AWS Well-Architected Framework
MAS
Description

To better manage your VPC resources, it's recommended to remove any unused Internet Gateways (IGWs) and Egress-Only Internet Gateways (EIGWs) from your AWS VPC environment. This will not only help you adhere to best practices, but it will also prevent you from approaching the service limit (by default, you are limited to 5 IGWs and 5 EIGWs per AWS region). To identify and remove any unused VPC IGWs and EIGWs, you should look for any gateways that are not attached to an AWS Virtual Private Cloud (VPC). These gateways are considered unused and can be safely removed from your VPC environment.

Remediation

To remediate the presence of unused Internet Gateways in your VPC, you can follow these steps:

  1. Log in to the AWS Management Console and navigate to the VPC service.
  2. Click on the "Internet Gateways" link in the left-hand menu.
  3. Identify any Internet Gateways that are not attached to any VPCs.
  4. Select the unused Internet Gateway(s) and click on the "Actions" button, then select "Delete" from the dropdown menu.
  5. In the "Delete Internet Gateway" dialog box, confirm that you want to delete the Internet Gateway(s).
  6. Click on the "Delete" button to remove the Internet Gateway(s) from your VPC environment.

It's important to note that before deleting any Internet Gateways, you should verify that they are not required for your application or business needs. Additionally, you should also ensure that there are no active resources, such as EC2 instances or VPC endpoints, that are still using the Internet Gateway before deleting it.

By regularly checking for and removing any unused Internet Gateways in your VPC, you can help reduce unnecessary costs and avoid reaching the service limit.

Enforced Resources
VPC Endpoint
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.