惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 热门话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Project Zero
Project Zero
V
Vulnerabilities – Threatpost
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
C
Cisco Blogs
A
Arctic Wolf
月光博客
月光博客
The GitHub Blog
The GitHub Blog
T
The Blog of Author Tim Ferriss
量子位
小众软件
小众软件
Latest news
Latest news
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
N
Netflix TechBlog - Medium
K
Kaspersky official blog
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园_首页
Y
Y Combinator Blog
P
Proofpoint News Feed
H
Hackread – Cybersecurity News, Data Breaches, AI and More
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Schneier on Security
D
Docker
Scott Helme
Scott Helme
MyScale Blog
MyScale Blog
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
GbyAI
GbyAI
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
H
Help Net Security
Simon Willison's Weblog
Simon Willison's Weblog
J
Java Code Geeks
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tenable Blog
B
Blog
Know Your Adversary
Know Your Adversary
IT之家
IT之家

Last Week in AWS

Reading Observability Tools? That’s a Robot’s Job S3 Is Not a Filesystem (But Now There’s One In Front of It) 2 Ways to Correct the Financial Times at AWS (So Far) Chris Hemsworth Is an L9 at Amazon, and I Have Questions I Hope This Email Finds You Before I Do AWS in 2026: The Year of Proving They Still Know How to Operate AWS Deprecates Two Dozen Services (Most of Which You’ve Never Heard Of) AWS in 2025: The Stuff You Think You Know That’s Now Wrong Amazon Promotes Malphas to Senior Vice President of Bad Decisions, Unveils 17th Leadership Principle Amazon Q: Now with Helpful AI-Powered Self-Destruct Capabilities The AWS Survival Guide for 2025: A Field Manual for the Brave and the Bankrupt
AWS Finally Lets You Find Your Idle NAT Gateways
Corey Quinn · 2025-11-27 · via Last Week in AWS

Home Blog AWS Finally Lets You Find Your Idle NAT Gateways

AT LAST.

I have complained like a schoolchild for years about the egregious Managed NAT Gateway charges. I have championed AlterNAT as a way to get around it. And now, no doubt over the sobbing of the Managed NAT Gateway product owner as they have to sell their fourth yacht, the AWS Compute Optimizer (bad name but I don’t even care anymore, not today) identifies idle NAT Gateways so that you can turn them off.

Of course this only solves for the idle resource problem—but each one of them is ~$35 a month, and this adds up quickly. That affects the low end of the market. The high end—the folks putting $30K a month of data processing through a single NAT Gateway? That’s gonna take a different improvement (or keelhauling) of the suddenly-slightly-more-impoverished product owner, and one I’ll be equally ecstatic about. But this does strongly suggest that folks who care about their bills will now have AWS present them a list of NAT Gateways that can be turned off without having to first go on a merry scavenger hunt through the various metrics AWS spits out and then hides like some kind of psychotic Easter Bunny with a budget problem.

What does “Idle” mean?

The fun part about terminating idle resources is that it’s incredibly easy to turn off the DR site, which will absolutely save you money at the cost of potentially destroying your business. As a result, I take a dim view of what most tools consider “idle” resources—but I cannot argue with where the Compute Optimizer team has drawn the lines.

A NAT Gateway is idle if:

  • There are no active connections,
  • no incoming packets from clients inside your VPC,
  • no incoming packets from the destination,
  • nor have there been for the past 32 days,
  • and it is not associated with a route table (to avoid idle false positives for failover gateways, as per AlterNAT).

This is going to leave a lot of stuff around that should probably be whacked—but it’s a great start, and enough to make a serious dent in the pile of useless gateways acting as AWS billing ballast.

Corey Quinn Headshot

by Corey Quinn

Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

Billie Holding Mail Email Subscribe Icon

Get the newsletter!

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields