Detections
Analytics

Ensure multiple availability zones are used to deploy AWS NAT Gateways

MEDIUM

Description

Defining NAT Gateway in multiple availability zone could prevent the network infrastructure from downtime and make it more robust and fault tolerant.

Remediation

In AWS Console -

  1. Sign in to the AWS Console.
  2. Open NAT Gateways.
  3. Find the availability zone in which the NAT Gateway is deployed.
  4. Create a new NAT gateway, associate it in a public subnet in a new availability in the same region.

In Terraform -

  1. For each aws_nat_gateway resource, ensure that the associated aws_subnet resource(s) have more than one availability_zone.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/nat_gateway
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#availability_zone

Policy Details

Rule Reference ID: AC_AWS_0579
CSP: AWS
Remediation Available: Yes
Domain: Security Best Practices
Resource: aws_nat_gateway
Resource Category: Virtual Network
Resource Type: Network Address Translation (NAT)

Frameworks