Idle Cloud NAT Gateway Without Active Traffic

Service Category

Networking

Cloud Provider

GCP

Service Name

GCP Cloud NAT

Inefficiency Type

Idle Resource with Baseline Cost

Explanation

Each Cloud NAT gateway provisioned in GCP incurs hourly charges for each external IP address attached, regardless of whether traffic is flowing through the gateway. In many environments, NAT configurations are created for temporary access (e.g., one-off updates, patching windows, or ephemeral resources) and are never cleaned up. If no traffic is flowing, these NAT gateways remain idle yet continue to generate charges due to reserved IPs and persistent gateway configuration. This is especially common in non-production environments or when legacy configurations are forgotten.

Relevant Billing Model

Billed based on: * Number of NAT IP addresses used per hour * Gigabytes of egress traffic processed through the gateway Idle Cloud NATs incur baseline hourly costs for reserved IPs, even if no data is flowing.

Detection

Identify Cloud NAT gateways with active configurations but no recent egress traffic
Cross-reference NAT configurations with active VM instances or workloads that require external access
Evaluate whether any static IPs are still reserved for inactive NATs
Review staging, test, or decommissioned environments where NATs may remain unintentionally

Remediation

Decommission unused Cloud NAT gateways with no associated traffic
Release reserved external IP addresses if no longer needed
Consolidate NAT configurations where feasible across shared VPCs or regions
Implement tagging and lifecycle policies for temporary NAT configurations to ensure cleanup

Relevant Documentation

Cloud NAT Pricing
Cloud NAT Overview

Submit Feedback