Total Resources Should Be Under Per Account Limit
More Info:
Determines if the number of resources is close to the per-account limit. Google limits accounts to certain numbers of resources. Exceeding those limits could prevent resources from launching.Risk Level
LowAddress
Operational MaturityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “Total Resources Should Be Under Per Account Limit” misconfiguration for GCP using the GCP console, follow these steps:
- Log in to the GCP console and navigate to the “IAM & Admin” section.
- Click on “Quotas” in the left-hand menu.
- In the “Quotas” page, select the quota that is causing the misconfiguration and click on the “Edit Quotas” button.
- In the “Edit Quotas” page, adjust the quota to a value that is under the per account limit.
- Click on the “Submit Request” button to submit the change request.
- Wait for the change request to be reviewed and approved by Google. You can check the status of the request in the “Quotas” page.
- Once the request is approved, the quota will be updated and the misconfiguration will be remediated.
Using CLI
Using CLI
To remediate the “Total Resources Should Be Under Per Account Limit” misconfiguration in GCP using GCP CLI, follow these steps:Replace Replace
- Determine the current usage and limits of your GCP account using the following command:
- Review the output of the command and identify the resource that is causing the account limit to be exceeded. For example, if the output shows that the number of VM instances exceeds the account limit, you will need to reduce the number of VM instances.
- To reduce the number of VM instances, you can delete instances that are no longer needed using the following command:
INSTANCE_NAME with the name of the instance that you want to delete.- Alternatively, you can stop instances that are not currently in use using the following command:
INSTANCE_NAME with the name of the instance that you want to stop.- Repeat steps 3 and 4 until the number of VM instances is within the account limit.
- Verify that the account limit is no longer being exceeded by running the following command:
- Review the output of the command and ensure that the resource usage is within the account limit. If the limit is still being exceeded, repeat steps 3-6 until the limit is no longer exceeded.
Using Python
Using Python
To remediate the misconfiguration “Total Resources Should Be Under Per Account Limit” in GCP using Python, follow these steps:Replace
- Determine the current usage of resources in your GCP account by using the Cloud Resource Manager API. You can use the following Python code to get the current usage:
YOUR_PROJECT_ID with the ID of your GCP project.- Determine the per account limit for the resources that you are using. You can find the per account limit for each resource in the GCP documentation.
- Compare the current usage of resources with the per account limit. If the current usage exceeds the per account limit, you will need to take action to reduce the usage.
- To reduce the usage of resources, you can perform the following actions:
- Delete unused resources: Identify any resources that are no longer needed and delete them.
- Resize resources: If you are using resources that have a size limit, such as disk space, you can resize them to reduce the usage.
- Use resource quotas: You can set quotas on your GCP resources to limit the usage. You can use the Cloud Resource Manager API to set quotas.
- After you have taken action to reduce the usage of resources, re-run the code in step 1 to verify that the current usage is now under the per account limit.