Risk Level: High
Cloud Entity: AWS Nat Gateway
CloudGuard Rule ID: D9.AWS.MON.17
Covered by Spectral: No
Category: Networking & Content Delivery

GSL LOGIC

NatGateway should not have failureCode

REMEDIATION

From Portal
To check the status and failure code of NAT gateway, follow the steps below:

Sign in to the Amazon VPC console at https://console.aws.amazon.com/vpc/
Choose NAT Gateways
Check for State and State message in the main screen.
Follow the references according to the state message.

From Command Line
Use describe-nat-gateways command to verify the status and failure code of NAT gateway:

aws ec2 describe-nat-gateways

References

AWS Nat Gateway

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Compliance Frameworks

AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS ITSG-33
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
CloudGuard AWS All Rules Ruleset