π Azure Virtual Network Gateway has no connections π’
- Contextual name: π Virtual Network Gateway has no connections π’
- ID:
/ce/ca/azure/virtual-network/virtual-network-gateway-without-connection - Located in: π Azure Virtual Network
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
COST
Logicβ
- π§ prod.logic.yaml π π’
- π Azure Virtual Network Gateway
- π§ͺ test-data.json
Descriptionβ
Descriptionβ
Ensure that Azure Virtual Network Gateway has at least one connection. Delete unnecessary gateways that donβt have any connections. A gateway provisioned but not actively connected represents wasted cost.
Azure Virtual Network Gateway should have at least one active connection. VPN Gateways without any established connections should be decommissioned to eliminate avoidable costs.
Rationaleβ
Azure Virtual Network Gateways incur charges regardless of whether they are actively used. Gateways without configured connections often indicate misconfigurations or abandoned infrastructure. Identifying and removing such resources helps optimize network architecture, reduce unnecessary expenditure, and improve operational hygiene.
Auditβ
This policy marks an Azure Virtual Network Gateway as
INCOMPLIANTif it has no related Azure Virtual Network Gateway Connects, indicating that it is not currently participating in any site-to-site, point-to-site, or VNet-to-VNet VPN configurations.
Remediationβ
Remediationβ
Delete the Unused Virtual Network Gatewayβ
If a Virtual Network Gateway is confirmed to have no active connections and is not required for current or future network configurations, it should be deleted to prevent ongoing charges and reduce infrastructure complexity.
Azure CLIβ
az network vnet-gateway delete \
--name {{gateway-name}} \
--resource-group {{resource-group-name}}PowerShellβ
Remove-AzVirtualNetworkGateway `
-Name "{{gateway-name}}" `
-ResourceGroupName "{{resource-group-name}}"Considerationsβ
- Confirm that the gateway is not reserved for planned VPN or ExpressRoute configurations.
- Ensure no virtual network or hybrid connectivity scenarios depend on the gateway being removed.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ Cloudaware Framework β πΌ Waste Reduction | 9 |