Ensure NAT gateway has a name tag

In order to control your VPC environment, all the components should have a meaningful name.

Risk Level: Low
Cloud Entity: AWS Nat Gateway
CloudGuard Rule ID: D9.AWS.OPE.13
Covered by Spectral: Yes
Category: Networking & Content Delivery


NatGateway should have tags contain [key like '%Name%']


From Portal
Perform the following to set a Name tag to your NAT Gateway:

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose NAT Gateways.
  3. Select the NAT gateway that you want to tag and choose Actions. Then choose Manage tags.
  4. Choose Add new tag, and define a Key and Value for the tag. You can add up to 50 tags.
  5. Choose Save.

From TF

resource "aws_ec2_tag" "example" {
	resource_id = "NAT_gateway_id"
	key         = "Name"
	value       = "tag_value"

From Command Line
Use following command to tag a NAT Gateway:

aws ec2 create-tags --resources NAT_gateway_ID --tags tag_name


  1. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
  2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-tags.html
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag

AWS Nat Gateway

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST v11.0.0
  • AWS ITSG-33
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset