Ensure NAT gateway has a name tag

In order to control your VPC environment, all the components should have a meaningful name.

Risk Level: Low
Cloud Entity: AWS Nat Gateway
CloudGuard Rule ID: D9.TF.AWS.OPE.13
Covered by Spectral: No
Category: Networking & Content Delivery


aws_nat_gateway should have tags.Name


Perform the following to set a Name tag to your NAT Gateway:

From Portal

  1. Sign in to the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. Choose NAT Gateways
  3. Move your mouse to the name field, click the edit logo.
  4. Choose informational and meaningful name.

From CLI
aws ec2 create-tags --resources <NAT gateway ID> --tags Name = <Meaningful name>

CLI: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-tags.html

AWS Nat Gateway

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Compliance Frameworks

  • Terraform AWS CIS Foundations