Control Tower Cost Increase
Customer is testing Control Tower (right now this is a PoC with only two accounts: DEV and PROD) and he noticed that a NAT Gateway is created in each account for each subnet. This is leading to cost increase and they are asking if this configuration is mandatory or if in some way the CT could be tailored to their needs.
- 최신
- 최다 투표
- 가장 많은 댓글
Customer can disable the creation of VPC completely by setting "Maximum number of private subnets" to Zero under "Account factory" settings, then they can create their own VPCs as needed with the required configurations.
That been said, it is a best practice to create NAT gateway per AZ and modify routing tables of each subnet to utilize the NAT GW in the same AZ as the subnet, this is for high availability in case of one AZ goes down and to reduce dependency and cross-AZ traffic.
