Product
Why Cloudthread
PricingBlog
Company
Start for Free

VPC: Cleanup Idle NAT Gateways

Service
VPC
difficulty
Easy
Easy
Medium
Hard
Zero downtime, zero performance risk
Zero downtime, potential performance trade-offs
Downtime required, potential performance trade-offs

NAT gateways enable the connection between private instances and external networks. AWS charges for the availability of the NAT gateway and the amount of data it processes, based on the number of hours it is in use.

VPC Pricing

Need help reducing cloud cost waste?

Cloudthread can help

Nonstop cost optimization analysis
Group and attribute to owners
Embed in engineering workflows with Jira, Slack, GitHub integration
Attribute savings and track progress
Enter your email below and we'll reach out immediately
Thank you! Your submission has been received!
We will reach you soon!
Oops! Something went wrong while submitting the form. Please try again later!

Evaluation

Cloudthread Platform Instructions

Note: This will show you all Nat Gateways IDs across all accounts and all regions.

  1. Login to the Cloudthread platform and navigate to Opportunities Savings Explorer.
  2. Click the Category filter, check Idle NAT Gateways, and click OK.
Cloudthread Opportunity Explorer

Console Instructions

Note: You’ll have to repeat the below steps for each account and region.

  1. Login to your AWS Management Console and navigate to the VPC dashboard.
  2. From the left-hand menu, select 'NAT Gateways' under the 'Virtual Private Cloud' section.
NAT gateways
  1. This will display a list of all the NAT Gateway IDs. Select the one that you want to examine to expand the details.
  2. Go to the Monitoring section and perform the following steps:
    a. Open the NAT Gateway outbound usage details box by clicking on the thumbnail of the Bytes out to the destination.
Bytes out to destination

            b. In the CloudWatch Monitoring Details dialog box, set the following parameters:    
                ◦ Select ‘Average’ from the Statistic dropdown list.    
                ◦ Choose the ‘Last 1 Week’ from the Time Range list.    
                ◦ From the Period dropdown list, select 5 minutes.

Bytes out to destination

Once the monitoring data has loaded, examine the NAT Gateway Bytes out to destination usage for the previous 7 days. If the average usage was 0 during this period, the NAT Gateway is considered unused and can be deleted to avoid unnecessary expenses.

  1. Repeat steps 3 and 4 to determine the usage of the remaining NAT Gateways provisioned in the current region.
  2. To verify the usage of NAT Gateways in other AWS regions, use the navigation bar to select the desired region and follow the same evaluation process described in the previous steps.

CLI Instructions

  1. Open command prompt and ensure that you are logged in to your AWS account.
  2. Use the following command to list all the existing NAT Gateway IDs.
 
 aws ec2 describe-nat-gateways
  1. The output of the above command will show all the NAT Gateway IDs.
  2. Utilize the get-metric-statistics command in AWS CloudWatch to retrieve the recorded statistics for the BytesOutToDestination metric, which represents the chosen NAT Gateway resource usage.
    a. Modify the values of the start-time and end-time parameters to specify your desired timeframe for monitoring the NAT Gateway usage.
    b. Adjust the period parameter to meet your granularity requirements for the returned data points, which can range from five minutes to one day.
  3. Once executed, the command output should display the NAT Gateway usage details.
  4. If no Datapoints have been recorded within the past seven days, the NAT Gateway resource is deemed unused and can be safely deleted.
  5. To verify the usage of other NAT Gateway resources provisioned within the current region, repeat steps 4-6.
  6. To verify the usage of NAT Gateway resources in other AWS regions, update the region command parameter value and apply the audit process outlined in the previous steps.

Action

Console Instructions

  1. Login to your AWS Management Console and navigate to the VPC dashboard.
  2. From the left-hand menu, select 'NAT Gateways' under the 'Virtual Private Cloud' section.
  1. Choose the radio button corresponding to the NAT gateway you wish to delete.
  2. Click on the ‘Actions’ button located in the top right corner, then select "Delete NAT gateway".
Nat gateway
  1. Confirm the deletion by typing in delete when prompted, and clicking on Delete.
  2. Repeat steps 3 to 5 for any additional NAT gateway resources you wish to remove in the same region.

CLI instructions

  1. Open your preferred terminal or command prompt and ensure that you are logged in to your AWS account with the appropriate credentials.
  2. Use the following command to list all the existing NAT Gateway IDs.
 
 aws ec2 describe-nat-gateways
  1. The output of the above command will show all the NAT Gateway IDs.
  2. To remove any NAT Gateway in the current region, execute the delete-nat-gateway command and use the NetworkInterfaceId as the identifier.
 
 aws ec2 delete-nat-gateway
  1. The successful deletion of a NAT Gateway should result in the command outputting its ID.
  2. Follow step 4 repeatedly to delete any other unused NAT Gateways present in the chosen region.
Make cloud costs a first class metric for your engineering organization.
Copyright © 2024 CloudThread Inc.
All rights reserved.
Privacy Policy
Terms of Use