Skip to main content

🛡️ Google GCE IP Address is unused🟢

Logic

Description

Open File

Description

This policy identifies Google Compute Engine (GCE) static external IP addresses that are reserved but not currently attached to any active resources, such as virtual machine instances or load balancer forwarding rules.

Rationale

Unused static external IP addresses incur ongoing charges in Google Cloud when they remain reserved without being in use. Beyond cost implications, leaving unattached IPs allocated increases the risk of accidental or unauthorized assignment, which could expose services to the internet without appropriate security review. Regularly reviewing and cleaning up unused IP addresses helps optimize costs, strengthen network security, and reduce unnecessary resource clutter.

Impact

Before removing an unused static IP address, confirm that it is not reserved for a planned deployment or for a temporarily inactive service.

Audit

This policy marks a Google GCE IP Address as INCOMPLIANT if its Status is set to RESERVED, indicating that it is not currently attached to any resource.

Remediation

Open File

Remediation

Before deleting a reserved IP address, confirm that it is not required for any current or planned services. Coordinate with application owners or the network team to ensure the IP is not reserved for upcoming deployments, temporarily stopped services, or part of a failover configuration.

Release an Unused Static External IP Address

Using gcloud CLI
gcloud compute addresses delete {{address-name}} \
    --region {{region}} \
    --project {{project-id}}

For global addresses (e.g., used by global load balancers), run:

gcloud compute addresses delete {{address-name}} \
    --global \
    --project {{project-id}}

policy.yaml

Open File

Linked Framework Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 Cloudaware Framework → 💼 Public and Anonymous Access101no data
💼 Cloudaware Framework → 💼 Waste Reduction25no data