Skip to main content

⭐ Repository β†’ πŸ“ Compliance Engine β†’ πŸ“ CloudAware β†’ πŸ“ Google β†’ πŸ“ VPC

πŸ›‘οΈ Google GCE IP Address is unused🟒

Logic​

Description​

Open File

Description​

This policy identifies Google Compute Engine (GCE) static external IP addresses that are reserved but not currently attached to any active resources, such as virtual machine instances or load balancer forwarding rules.

Rationale​

Unused static external IP addresses incur ongoing charges in Google Cloud when they remain reserved without being in use. Beyond cost implications, leaving unattached IPs allocated increases the risk of accidental or unauthorized assignment, which could expose services to the internet without appropriate security review. Regularly reviewing and cleaning up unused IP addresses helps optimize costs, strengthen network security, and reduce unnecessary resource clutter.

Impact​

Before removing an unused static IP address, confirm that it is not reserved for a planned deployment or for a temporarily inactive service.

Audit​

This policy marks a Google GCE IP Address as INCOMPLIANT if its Status is set to RESERVED, indicating that it is not currently attached to any resource.

Remediation​

Open File

Remediation​

Before deleting a reserved IP address, confirm that it is not required for any current or planned services. Coordinate with application owners or the network team to ensure the IP is not reserved for upcoming deployments, temporarily stopped services, or part of a failover configuration.

Release an Unused Static External IP Address​

Using gcloud CLI​
gcloud compute addresses delete {{address-name}} \
    --region {{region}} \
    --project {{project-id}}

For global addresses (e.g., used by global load balancers), run:

gcloud compute addresses delete {{address-name}} \
    --global \
    --project {{project-id}}

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Public and Anonymous Access80no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Waste Reduction25no data