natgateway-eip-used-check

更新时间:
复制 MD 格式

Checks whether the SNAT and DNAT of a NAT gateway use different EIPs. The evaluation result is Compliant if they do not share the same EIP.

Scenarios

Using separate EIPs for SNAT and DNAT allows you to independently manage configurations, such as bandwidth, for inbound and outbound traffic without mutual interference.

Risk level

Default risk level: high.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If the SNAT and DNAT of the NAT gateway use different EIPs, the evaluation result is Compliant.
  • If the SNAT and DNAT of the NAT gateway use the same EIP, the evaluation result is Incompliant. For more information about how to fix an incompliant configuration, see the "Incompliance remediation" section of this topic.
  • This rule does not apply to virtual private clouds (VPCs) and NAT gateways.

Rule details

Item Description
Rule name natgateway-eip-used-check
Rule identifier natgateway-eip-used-check
Tag NAT and NatGateway
Automatic remediation Not supported
Trigger type Periodic execution
Evaluation frequency Interval of 24 hours
Supported resource type NAT gateway
Input parameter None

Incompliance remediation

Ensure that the SNAT and DNAT of the NAT gateway do not use the same EIP. For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.