--- title: "AWS Finally Lets You Find Your Idle NAT Gateways" id: "15168" type: "post" slug: "aws-finally-lets-you-find-your-idle-nat-gateways" published_at: "2025-11-27T02:30:18+00:00" modified_at: "2025-11-27T02:30:21+00:00" url: "https://www.lastweekinaws.com/blog/aws-finally-lets-you-find-your-idle-nat-gateways/" markdown_url: "https://www.lastweekinaws.com/blog/aws-finally-lets-you-find-your-idle-nat-gateways.md" excerpt: "After years of complaints, AWS Compute Optimizer can identify idle NAT Gateways. At $35/month each plus data processing fees, finding unused gateways just got dramatically easier." taxonomy_category: - "Uncategorized" --- **AT LAST.** I have complained like a schoolchild for years about the egregious Managed NAT Gateway charges. I have [championed AlterNAT](https://www.lastweekinaws.com/blog/an-alternat-future-we-now-have-a-nat-gateway-replacement/) as a way to get around it. And now, no doubt over the sobbing of the Managed NAT Gateway product owner as they have to sell their fourth yacht, the [AWS Compute Optimizer](https://aws.amazon.com/about-aws/whats-new/2025/11/aws-compute-optimizer-unused-nat-gateway-recommendations/) (bad name but I don’t even care anymore, not today) identifies idle NAT Gateways so that you can turn them off. Of course this only solves for the idle resource problem—but each one of them is ~$35 a month, and this adds up quickly. That affects the low end of the market. The high end—the folks putting $30K a month of data processing through a single NAT Gateway? That’s gonna take a different improvement (or keelhauling) of the suddenly-slightly-more-impoverished product owner, and one I’ll be equally ecstatic about. But this does strongly suggest that folks who care about their bills will now have AWS present them a list of NAT Gateways that can be turned off without having to first go on a merry scavenger hunt through the various metrics AWS spits out and then hides like some kind of psychotic Easter Bunny with a budget problem. ## What does “Idle” mean? The fun part about terminating idle resources is that it’s incredibly easy to turn off the DR site, which will absolutely save you money at the cost of potentially destroying your business. As a result, I take a dim view of what most tools consider “idle” resources—but I cannot argue with where the Compute Optimizer team has drawn the lines. A NAT Gateway is idle if: - There are no active connections, - no incoming packets from clients inside your VPC, - no incoming packets from the destination, - nor have there been for the past 32 days, - and it is not associated with a route table (to avoid idle false positives for failover gateways, as per AlterNAT). This is going to leave a lot of stuff around that should probably be whacked—but it’s a great start, and enough to make a serious dent in the pile of useless gateways acting as AWS billing ballast. by Corey Quinn Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure. ## More Posts from Corey [Back to the Blog](https://www.lastweekinaws.com/blog/) [https://www.lastweekinaws.com/blog/s3-is-not-a-filesystem-but-now-theres-one-in-front-of-it/](https://www.lastweekinaws.com/blog/s3-is-not-a-filesystem-but-now-theres-one-in-front-of-it/) ### [S3 Is Not a Filesystem (But Now There’s One In Front of It)](https://www.lastweekinaws.com/blog/s3-is-not-a-filesystem-but-now-theres-one-in-front-of-it/) [By Corey Quinn](https://www.lastweekinaws.com/blog/author/cquinn/) I’ve been saying “S3 is not a filesystem” for over a decade. I’ve said it on stages, in newsletters, on podcasts, and directly to the faces of large company employees who were too polite to tell me to shut up before they went back to their FUSE monstrosities. It was one of those reliable truths […] [Read More about S3 Is Not a Filesystem (But Now There’s One In Front of It)](https://www.lastweekinaws.com/blog/s3-is-not-a-filesystem-but-now-theres-one-in-front-of-it/) [https://www.lastweekinaws.com/blog/2-ways-to-correct-the-financial-times-at-aws-so-far/](https://www.lastweekinaws.com/blog/2-ways-to-correct-the-financial-times-at-aws-so-far/) ### [2 Ways to Correct the Financial Times at AWS (So Far)](https://www.lastweekinaws.com/blog/2-ways-to-correct-the-financial-times-at-aws-so-far/) [By Corey Quinn](https://www.lastweekinaws.com/blog/author/cquinn/) 2 Ways to Correct the Financial Times at AWS (So Far) Amazon's Fastest-Shipping Product Is Now Blog Posts Correcting the Financial Times I've been watching AWS long enough to develop a feel for when a company's communications shift from "informing" to "coping." We crossed that line somewhere around February 20th, when Amazon published a blog […] [Read More about 2 Ways to Correct the Financial Times at AWS (So Far)](https://www.lastweekinaws.com/blog/2-ways-to-correct-the-financial-times-at-aws-so-far/) [https://www.lastweekinaws.com/blog/chris-hemsworth-is-an-l9-at-amazon-and-i-have-questions/](https://www.lastweekinaws.com/blog/chris-hemsworth-is-an-l9-at-amazon-and-i-have-questions/) ### [Chris Hemsworth Is an L9 at Amazon, and I Have Questions](https://www.lastweekinaws.com/blog/chris-hemsworth-is-an-l9-at-amazon-and-i-have-questions/) [By Corey Quinn](https://www.lastweekinaws.com/blog/author/cquinn/) Chris Hemsworth Is an L9 at Amazon, and I Have Questions [Read More about Chris Hemsworth Is an L9 at Amazon, and I Have Questions](https://www.lastweekinaws.com/blog/chris-hemsworth-is-an-l9-at-amazon-and-i-have-questions/) ## Get the newsletter! Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark. "*" indicates required fields