Inactive NAT Gateway

Service Category

Networking

Cloud Provider

AWS

Service Name

AWS NAT Gateway

Inefficiency Type

Unused Resource

Explanation

NAT Gateways are frequently left running after environments are re-architected, workloads are shut down, or connectivity patterns change. In many cases, they continue to incur hourly charges despite no active traffic flowing through them. Because hourly fees are not tied to whether the gateway is needed—just whether it exists—these resources can quietly drive recurring costs without delivering ongoing value. Identifying and removing unused gateways is a simple way to reduce waste.

Relevant Billing Model

NAT Gateway charges include:

Hourly cost per deployed gateway per Availability Zone — charged as long as the gateway exists, regardless of usage
Per-GB data processing fee — charged for all data passing through the NAT Gateway

There is no minimum usage threshold. Even an idle NAT Gateway accrues full hourly charges.

Detection

List all NAT Gateways currently provisioned in each region
Review flow logs, CloudWatch metrics, or billing data to confirm whether any data has been processed through the gateway during the lookback period
Validate that no private subnet or route table is actively routing traffic through the NAT Gateway
Determine whether the gateway was created as part of a dev, staging, or legacy environment that is no longer active
Confirm with network or infrastructure owners whether the gateway is still required for any known process or dependency

Remediation

Delete NAT Gateways that have shown no data transfer activity and are no longer required. Review associated route tables to ensure removal will not disrupt network connectivity. Consider automating periodic audits of NAT Gateway usage across environments.

Relevant Documentation

Submit Feedback