How to fix Error creating NAT Gateway: NatGatewayLimitExceeded in Terraform

TerraformINTERMEDIATEHIGH

You've reached the AWS NAT gateway quota (default 5 per Availability Zone). This occurs when provisioning infrastructure with Terraform and your account has too many NAT gateways in the same AZ or Deleting status gateways haven't fully cleaned up yet.

What this error means

AWS enforces a quota on the number of NAT gateways you can create in each Availability Zone. The default limit is 5 NAT gateways per AZ. This prevents resource exhaustion and helps manage costs. A NAT gateway in Pending, Available, or Deleting state counts against this limit. When Terraform tries to create a NAT gateway and this quota is exceeded, AWS rejects the operation with the NatGatewayLimitExceeded error.

How to fix "Error creating NAT Gateway: NatGatewayLimitExceeded"

1Check existing NAT gateway count and status

Log into the AWS Console and navigate to the VPC service. Click on NAT gateways to see all gateways in your region. Count how many exist in each Availability Zone and note which ones are in Deleting status. This tells you how much quota you're consuming.

Alternatively, use the AWS CLI:

bash

aws ec2 describe-nat-gateways --region us-east-1 \
  --query 'NatGateways[*].[NatGatewayId,State,SubnetId]' \
  --output table

2Wait for Deleting NAT gateways to fully delete

If you see NAT gateways in Deleting state, these still count against your quota. Wait 2-5 minutes for them to transition to Deleted state, then they won't consume quota. Verify completion with:

bash

aws ec2 describe-nat-gateways --region us-east-1 \
  --filter "Name=state,Values=deleted" \
  --query 'NatGateways[*].NatGatewayId'

3Delete unused NAT gateways if safe

If you have NAT gateways that are no longer needed, delete them to free up quota. First verify nothing depends on them by checking route tables:

bash

aws ec2 describe-route-tables --region us-east-1 \
  --query "RouteTables[?Routes[?NatGatewayId=='nat-12345678']].RouteTableId"

Then delete via the console or CLI:

bash

aws ec2 delete-nat-gateway --nat-gateway-id nat-12345678 --region us-east-1

4Optimize Terraform configuration to use fewer NAT gateways

Review your Terraform code to ensure you're not creating more NAT gateways than necessary. Use module options to limit creation:

hcl

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  
  # Option 1: Single NAT gateway for entire VPC (cost-effective but less resilient)
  single_nat_gateway = true
  
  # Option 2: One NAT gateway per availability zone (recommended)
  one_nat_gateway_per_az = true
  
  # Avoid: Creating one NAT gateway per private subnet
  # This consumes quota quickly and is unnecessary
}

5Request a NAT gateway quota increase

If you legitimately need more than 5 NAT gateways per AZ:

1. Go to the AWS Service Quotas console: https://console.aws.amazon.com/servicequotas
2. Search for "NAT gateways per Availability Zone"
3. Click on the quota and select "Request quota increase"
4. Enter the desired value (AWS typically approves reasonable increases)
5. Submit the request and wait for approval

Alternatively, use the CLI:

bash

aws service-quotas request-service-quota-increase \
  --service-code vpc \
  --quota-code L-FE5A380F \
  --desired-value 10 \
  --region us-east-1

6Retry Terraform after resolving the issue

Once you've freed up quota or received approval for an increase, retry your Terraform deployment:

bash

terraform plan
terraform apply

If using destroy and recreate, wait for all resources to fully delete before reapplying:

bash

terraform destroy
# Wait 2-5 minutes
terraform apply

How to fix Error creating NAT Gateway: NatGatewayLimitExceeded in Terraform

What this error means

Typical symptoms

Common causes

How to fix "Error creating NAT Gateway: NatGatewayLimitExceeded"

Advanced notes

Related errors

Official resources & further reading