惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
有赞技术团队
有赞技术团队
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
D
DataBreaches.Net
F
Full Disclosure
腾讯CDC
博客园 - 【当耐特】
MyScale Blog
MyScale Blog
Stack Overflow Blog
Stack Overflow Blog
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
爱范儿
爱范儿
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
The Register - Security
The Register - Security
WordPress大学
WordPress大学
博客园 - 聂微东
雷峰网
雷峰网
J
Java Code Geeks
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
Know Your Adversary
Know Your Adversary
AWS News Blog
AWS News Blog
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
Project Zero
Project Zero
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Application and Cybersecurity Blog
Application and Cybersecurity Blog
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
MongoDB | Blog
MongoDB | Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security

Last Week in AWS

Reading Observability Tools? That’s a Robot’s Job S3 Is Not a Filesystem (But Now There’s One In Front of It) 2 Ways to Correct the Financial Times at AWS (So Far) Chris Hemsworth Is an L9 at Amazon, and I Have Questions I Hope This Email Finds You Before I Do AWS in 2026: The Year of Proving They Still Know How to Operate AWS Deprecates Two Dozen Services (Most of Which You’ve Never Heard Of) AWS in 2025: The Stuff You Think You Know That’s Now Wrong Amazon Promotes Malphas to Senior Vice President of Bad Decisions, Unveils 17th Leadership Principle Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities The AWS Survival Guide for 2025: A Field Manual for the Brave and the Bankrupt
AWS Finally Lets You Find Your Idle NAT Gateways
Corey Quinn · 2025-11-27 · via Last Week in AWS

Home Blog AWS Finally Lets You Find Your Idle NAT Gateways

AT LAST.

I have complained like a schoolchild for years about the egregious Managed NAT Gateway charges. I have championed AlterNAT as a way to get around it. And now, no doubt over the sobbing of the Managed NAT Gateway product owner as they have to sell their fourth yacht, the AWS Compute Optimizer (bad name but I don’t even care anymore, not today) identifies idle NAT Gateways so that you can turn them off.

Of course this only solves for the idle resource problem—but each one of them is ~$35 a month, and this adds up quickly. That affects the low end of the market. The high end—the folks putting $30K a month of data processing through a single NAT Gateway? That’s gonna take a different improvement (or keelhauling) of the suddenly-slightly-more-impoverished product owner, and one I’ll be equally ecstatic about. But this does strongly suggest that folks who care about their bills will now have AWS present them a list of NAT Gateways that can be turned off without having to first go on a merry scavenger hunt through the various metrics AWS spits out and then hides like some kind of psychotic Easter Bunny with a budget problem.

What does “Idle” mean?

The fun part about terminating idle resources is that it’s incredibly easy to turn off the DR site, which will absolutely save you money at the cost of potentially destroying your business. As a result, I take a dim view of what most tools consider “idle” resources—but I cannot argue with where the Compute Optimizer team has drawn the lines.

A NAT Gateway is idle if:

  • There are no active connections,
  • no incoming packets from clients inside your VPC,
  • no incoming packets from the destination,
  • nor have there been for the past 32 days,
  • and it is not associated with a route table (to avoid idle false positives for failover gateways, as per AlterNAT).

This is going to leave a lot of stuff around that should probably be whacked—but it’s a great start, and enough to make a serious dent in the pile of useless gateways acting as AWS billing ballast.

Corey Quinn Headshot

by Corey Quinn

Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

Billie Holding Mail Email Subscribe Icon

Get the newsletter!

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields