AWS Saver logoAWS Saver
Sign In
Back to Guides
NATGateway
Technical Guide

Unused NAT Gateways

How to identify unused NAT Gateways? NAT Gateways processing under 1GB per day cost $32-45/month in base charges for minimal traffic and should be evaluated for removal or consolidation.

2 min read
High impact optimization

Why This Matters

NAT Gateways have among the highest base costs of any AWS service, charging $32-45/month regardless of actual usage. Many organizations deploy multiple NAT Gateways for high availability but discover only some are actively used, leading to expensive waste.

Common causes:

  • NAT Gateways created for private subnets that no longer need internet access
  • Over-provisioned NAT Gateways in development environments
  • Legacy infrastructure from decommissioned applications
  • High availability setups where only some NAT Gateways are actually used

How to Identify Unused NAT Gateways

AWS Saver flags NAT Gateways as underused when they meet these criteria:

  1. Data transfer under 1GB per day averaged over 7+ days
  2. Active status (available and billing)
  3. Older than 7 days (avoids flagging during initial setup)
  4. High base cost ($32-45/month regardless of usage)

How to Fix Unused NAT Gateways

Step 1: List all available NAT Gateways

aws ec2 describe-nat-gateways \
  --query 'NatGateways[?State==`available`].[NatGatewayId,VpcId,SubnetId,CreateTime]'

Step 2: Check data transfer over 7 days

aws cloudwatch get-metric-statistics \
  --namespace AWS/NATGateway \
  --metric-name BytesOutToDestination \
  --dimensions Name=NatGatewayId,Value=nat-12345 \
  --statistics Sum \
  --start-time $(date -u -d '7 days ago' +%Y-%m-%dT%H:%M:%SZ) \
  --end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
  --period 86400

Step 3: Identify dependent route tables

aws ec2 describe-route-tables \
  --filters Name=route.nat-gateway-id,Values=nat-12345 \
  --query 'RouteTables[].RouteTableId'

Step 4: Update route tables (remove or redirect routes)

aws ec2 replace-route \
  --route-table-id rtb-12345 \
  --destination-cidr-block 0.0.0.0/0 \
  --nat-gateway-id nat-alternative-gateway

Step 5: Delete unused NAT Gateway

aws ec2 delete-nat-gateway --nat-gateway-id nat-12345

Prevention Tips

Monitor data transfer: Set up CloudWatch alarms for BytesOutToDestination to catch low-usage NAT Gateways early.

Consolidate traffic: Route multiple private subnets through fewer NAT Gateways instead of one-per-AZ.

Evaluate alternatives: Consider NAT Instances for lower-traffic scenarios or VPC Endpoints for AWS service access.

Regular reviews: Schedule quarterly NAT Gateway usage analysis as part of network cost optimization.

Automation Available

Skip the manual work. AWS Saver automatically monitors NAT Gateway data transfer and identifies low-usage instances.

Data transfer analysis - Monitors BytesOutToDestination metrics over 24-hour periods

High-cost detection - Flags expensive NAT Gateway waste ($32-45/month base cost)

Cost impact analysis - Shows monthly waste from low-usage NAT Gateways

Usage thresholds - Identifies NAT Gateways with under 1GB/day traffic

Ready to Optimize Your AWS Costs?

Skip the manual work. Get automated NATGateway optimization across your entire AWS infrastructure.

60-second setup • No credit card required • Immediate results

Automation Available

Skip the manual work. AWS Saver automatically detects and prioritizes this issue across your entire AWS infrastructure.

60-second setup • No credit card required

Manual vs Automated

Manual Process

  • • Run commands across all regions
  • • Set up monitoring and alerts
  • • Repeat regularly for new issues
  • • Scale across multiple accounts

AWS Saver Automation

  • • Continuous multi-region scanning
  • • Automatic cost impact analysis
  • • Real-time alerts and notifications
  • • Cross-account visibility