This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to attach static IP to VM

Posted on 01-04-2023 02:06 PM
gretchenfrage
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi, I'd appreciate help if anyone knows what I'm doing wrong. Essentially:

  • I'm trying to attach a static IP address to a VM. However, it won't let me do this, because it states "Some of the instances may be disabled due to the 'External IPs for VM instances' organization policy."
  • The learn more link tells me to change that organization policy, and also says I can set the organization policy at the project level. I will have to do the latter, because I don't have an organization. The project is owned directly by me.
  • It tells me to "choose your desired project from the project selector instead of the organization." The menu in their screenshot does not exist, but I assume it just defaulted to the project since it's the only option.
  • I click on the "Define allowed external IPs for VM instances" policy and it takes me to a page which just says "You need to select a resource under an organization to manage policies."
  • The edit button is grayed out and just says "You need permissions for this action.
    Required permission(s): All of orgpolicy.policies.create, orgpolicy.policies.delete, orgpolicy.policies.update, and orgpolicy.policy.get"
  • The previous article says "Click Edit to edit the external IP policy. If you can't access the Edit tool, you do not have the correct permissions." The link is to a part of the document which does not exist. However, that document does say "To set a constraint on either the project or the organization level, you must have been granted the orgpolicy.policyAdmin role on the organization."
  • I attempt to grant myself that role through the IAM page, even though I do already have the "owner" role. It says "No matches for "orgpolicy.policyAdmin"."

I feel like creating a VM with a static IP should be simple, but I'm at a loss.

1 2 2,962
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
VishalBulbule
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi @gretchenfrage 

You might be trying in you organization project and not personal Google project.

Organization policy are at organization level which will affect all project inside organization and not only single project.

It might be security issue if you try to change organization policy if it's created at org level.

One option here would be you can try reserving internal ip from your subnet and attach to VM.

0 Likes

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hi, 
As VishalBulbule said, it can be done via reserving IP. Regarding org policies, if you are dealing with account ( to which org policies are assigned) you will be able to see for example this:

 

DamianS_1-1672899570818.png

But if you don't have mentioned policies, your view should looks similar to this one:

DamianS_2-1672899675117.png

Regarding reservation for IP.
Go to your project -> VPC -> Choose VPC, under where you want this IP -> Static Internal IP Address tab -> Reserver static Address

DamianS_3-1672899831476.png

Then go to Compute and during VM creation choose Network interfaces -> Edit network settings -> Primary internal IP -> choose your previously created

DamianS_4-1672899973784.png

You can also go to VPC -> IP addresses and choose internal or external IP addresses ( depends which IP you need in this case). If you will not be able to create none of them, well,  you org admin / network admin should either create IP for you , or grant exception for your project.

best,
DamianS

Top Labels in this Space
Top Solution Authors
View all