AWS VPN Gateway is an AWS managed service to setup a VPN connection. If you are using VPN GW’s to connect to your private network, it is important that you ensure it meets your security requirements. This used to be supported as an attribute of a VPC, but it is now exposed as an entity. You can now fully reason on this within the Dome9 Compliance Engine.
Below are a few queries that you could to analyze your AMI’s in your infrastructure:
1. Make sure that VPN Gateways are in “attached” mode
VPNGateway should not have vpcAttachments.state = 'attached’
2. Validate that number of VPN gateways does not reach AWS limits
List should have items groupBy [region] contain-all [values length() < 5 ]