Mods

turbot/alicloud_thrifty

GitHub
Overview
0Dashboards
15Controls
0Queries
10Variables
GitHub
ActionTrail Checks
Redundant enabled global ActionTrail trails should be reviewed
Redundant enabled regional ActionTrail trails should be reviewed
ECS Checks
Disks attached to stopped instances should be reviewed
ECS disks with high IOPS should be reviewed
Disks should be resized if too large
Unattached disks should be removed
Large ECS instances should be reviewed
ECS instances with very low CPU utilization should be reviewed
Long running instances should be reviewed
Old snapshots should be deleted if not required
OSS Checks
OSS buckets should have lifecycle policies
RDS Checks
Long running RDS DB instances should have billing type as 'Subscription' instead of 'Pay-as-you-go'.
RDS DB instances with a low number connections per day should be reviewed
VPC Checks
Unused NAT gateways should be deleted
Unattached external IP addresses should be released
On This Page
Description
Usage
Plugins & Tables
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: Unused NAT gateways should be deleted

Description

NAT gateways are charged on an hourly basis once provisioned and available. Unused NAT gateways should be deleted if not used.

Usage

steampipe check alicloud_thrifty.control.vpc_nat_gateway_unused

Plugins & Tables

alicloud_ecs_instance
alicloud_vpc_nat_gateway
Alibaba Cloud plugin

SQL

with instance_data as (
  select
    instance_id,
    vpc_attributes ->> 'VSwitchId' as vswitch_id,
    status
  from
    alicloud_ecs_instance
)
select
  -- Required Columns
  'acs:vpc:' || nat.region || ':' || nat.account_id || ':natgateway/' || nat_gateway_id as resource,
  case
    when nat.status <> 'Available' then 'alarm'
    when i.vswitch_id is null then 'alarm'
    when i.status <> 'Running' then 'alarm'
    else 'ok'
  end as status,
  case
    when nat.status <> 'Available' then nat.title || ' in ' || nat.status || ' state.'
    when i.vswitch_id is null then nat.title || ' not in-use.'
    when i.status <> 'Running' then nat.title || ' associated with ' || i.instance_id || ', which is in ' || lower(i.status) || ' state.'
    else nat.title || ' in-use.'
  end as reason,
  -- Additional Dimensions
  nat.region,
  nat.account_id
from
  alicloud_vpc_nat_gateway as nat
  left join instance_data as i on nat_gateway_private_info ->> 'VswitchId' = i.vswitch_id;

Tags

category = Cost
class = unused
plugin = alicloud
service = AliCloud/VPC