AT LAST.
I have complained like a schoolchild for years about the egregious Managed NAT Gateway charges. I have championed AlterNAT as a way to get around it. And now, no doubt over the sobbing of the Managed NAT Gateway product owner as they have to sell their fourth yacht, the AWS Compute Optimizer (bad name but I don’t even care anymore, not today) identifies idle NAT Gateways so that you can turn them off.
Of course this only solves for the idle resource problem—but each one of them is ~$35 a month, and this adds up quickly. That affects the low end of the market. The high end—the folks putting $30K a month of data processing through a single NAT Gateway? That’s gonna take a different improvement (or keelhauling) of the suddenly-slightly-more-impoverished product owner, and one I’ll be equally ecstatic about. But this does strongly suggest that folks who care about their bills will now have AWS present them a list of NAT Gateways that can be turned off without having to first go on a merry scavenger hunt through the various metrics AWS spits out and then hides like some kind of psychotic Easter Bunny with a budget problem.
What does “Idle” mean?
The fun part about terminating idle resources is that it’s incredibly easy to turn off the DR site, which will absolutely save you money at the cost of potentially destroying your business. As a result, I take a dim view of what most tools consider “idle” resources—but I cannot argue with where the Compute Optimizer team has drawn the lines.
A NAT Gateway is idle if:
- There are no active connections,
- no incoming packets from clients inside your VPC,
- no incoming packets from the destination,
- nor have there been for the past 32 days,
- and it is not associated with a route table (to avoid idle false positives for failover gateways, as per AlterNAT).
This is going to leave a lot of stuff around that should probably be whacked—but it’s a great start, and enough to make a serious dent in the pile of useless gateways acting as AWS billing ballast.
