Home / server / Questions / 1168170
Accepted
Europa
Asked: 2024-11-26 17:21:36 +0800 CST

Org policy location restriction in Google Cloud VPC: google.compute.Subnetwork default violates 'gcp.resourceLocations' organisation policy

  • 772

I am going through Security Command Center in Google Cloud and I have the following security finding:

  • Name: ORG_POLICY_LOCATION_RESTRICTION
  • Description: The resource is outside of the locations set on the Resource Location Restriction policy
  • Resource display name: default
  • Resource full name: //compute.googleapis.com/projects/MYPROJECT/regions/us-east5/subnetworks/default
  • Resource type: google.compute.Subnetwork

Next steps

Please visit this Google Cloud Platform page that will help you to resolve the location violation that is affecting the google.compute.Subnetwork resource default.

Please delete this resource in order to resolve the resource violation associated with 'gcp.resourceLocations' organisation policy.

Deletion

When I go to VPC networks I see a lot of default networks, but they cannot be deleted.

How can I delete them?

google-cloud-platform

1 Answers

  1. Best Answer

    The default network is an auto mode VPC network with pre-populated IPv4 firewall rules. The default network does not have pre-populated IPv6 firewall rules.Unless you choose to disable it, each new project starts with a default network.

    As per this official document :

    Before you can delete a subnet, you must delete all resources that use it. For example, you need to delete VMs, reserved internal IP addresses, internal forwarding rules, and Cloud NAT gateways that use the subnet.

    Note: For auto mode VPC networks, you cannot delete any of the automatically created subnets. However, you can convert an auto mode VPC network to a custom mode VPC network and then delete any unused automatically created subnets.

    • 1