Checks whether the SNAT and DNAT of a NAT gateway use different EIPs. The evaluation result is Compliant if they do not share the same EIP.
Scenarios
Using separate EIPs for SNAT and DNAT allows you to independently manage configurations, such as bandwidth, for inbound and outbound traffic without mutual interference.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If the SNAT and DNAT of the NAT gateway use different EIPs, the evaluation result is Compliant.
- If the SNAT and DNAT of the NAT gateway use the same EIP, the evaluation result is Incompliant. For more information about how to fix an incompliant configuration, see the "Incompliance remediation" section of this topic.
- This rule does not apply to virtual private clouds (VPCs) and NAT gateways.
Rule details
| Item | Description |
| Rule name | natgateway-eip-used-check |
| Rule identifier | natgateway-eip-used-check |
| Tag | NAT and NatGateway |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | NAT gateway |
| Input parameter | None |
Incompliance remediation
Ensure that the SNAT and DNAT of the NAT gateway do not use the same EIP. For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
该文章对您有帮助吗?