Delete unused NAT Gateway
What It Does
Deletes unused NAT gateways that no longer serve active traffic. Unused NAT gateways can accumulate avoidable costs. Removing them helps lower VPC-related expenses without affecting ongoing workloads.
Risk and Scope
Risk Level
Low
AWS Service Targeted
VPC
Permissions Required
Delete Permissions
ec2:DeleteNatGateway
Read Permissions
ec2:DescribeNatGateways
These permissions are granted only to the runbook, not to the OneLens platform itself.
Optimization Policies Addressed
This runbook remediates violation tickets of the following policy:
vpc_103
NAT Gateway with no outgoing traffic should be deleted
Risk Mitigation
Risk Mitigation Strategy
The change is assessed as low risk with limited scope and impact.
No downtime is expected during or after implementation.
No additional safety measures are required due to the non-disruptive nature of the change.
A rollback plan is not defined, as standard procedures are sufficient to manage the change.
How to Install
Refer to the Runbook Setup Guide for steps to install and enable this runbook in your environment.
Runbook Workflow
Step 1: Start
Trigger: Begins the runbook to identify and delete unused NAT gateways.
Step 2: CheckAndDelete
Action: Executes a script that checks for unused NAT gateways and flags them for deletion.
Step 3: If/Else
Condition: Checks if any NAT gateway is unused and eligible for deletion.
If eligible, proceeds to delete the unused NAT gateway:
DeleteNatGateway Executes
DeleteNatGatewayon the identified EC2 NAT gateway resource.
Else:
Workflow terminates if no deletable NAT gateway is found.
See How It Works
Triggering the Runbook
To run this workflow:
1. Locate the Ticket
Identify the ticket associated with the above mentioned policy violation.
2. Execute the Runbook
Follow the steps described in the executing a runbook section to apply this runbook to the ticket.
Last updated