icon-dspm.svg
Posture Control (DSPM)

Resolving Configuration Issues for GCP

You might encounter any of the following error messages while onboarding:

Error MessagesResolution Steps

In the CLI app:

Error creating Subnetwork: googleapi: Error 403: Permission denied on 'locations/[REGION]' (or it may not exist).

Details: LOCATION_POLICY_VIOLATED

{
     "@type": "type.googleapis.com/google.rpc.LocalizedMessage",
     "locale": "en-US",
     "message": "Permission denied on 'locations/[REGION]' (or it may not exist)."
}
  1. Run the terraform destroy command to purge the template.
  2. Change the orchestrator in the DSPM Admin Portal.
  3. Download and deploy the new GCP template.

Ensure that the selected region has the necessary permissions.

In the CLI app:

Error deleting Logging Bucket Config "[BUCKET_LOCATION]/[BUCKET_NAME]": googleapi: Error 400: Only buckets in state ACTIVE can be deleted

  1. In the Google Cloud console, go to the Logs Storage page.
  2. Restore the bucket for which the error is occurring. To learn more, refer to the Google Cloud documentation.
  3. Run the terraform destroy command to purge the template.
Related Articles
Onboarding a GCP OrganizationViewing the Project Onboarding StatusResolving Configuration Issues for GCPConfiguring a GCP Orchestrator AccountManaging Monitoring Scope for GCPUpdating the GCP Service AccountUpdating the Private Key for GCPDownloading Roles and Templates for GCPIAM Roles and Permissions for GCP