Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://cloud.google.com/compute/docs/configure-instance-ip-addresses below:

Configure static external IP addresses | Compute Engine Documentation

Stay organized with collections Save and categorize content based on your preferences.

You can assign static external IP addresses to your virtual machine (VM) and bare metal instances. You can also change, list, and release static IP addresses for your instances. To reserve a static external IP address, see Reserve a static external IP address.

External IP addresses can be static or ephemeral. If an instance requires a fixed external IP address that does not change, do the following:

1. Obtain a static external IP address. You can reserve new external IP addresses or promote existing ephemeral external IP addresses.
2. Assign the reserved IP address to an existing instance, or assign it when creating a new instance.

If you require a static IP address on your internal Compute Engine network, see instead Reserve a static internal IP address.

For information about reserving a static external IP address or creating a global external IP address, see Reserve a static external IP address.

• Read about IP addresses.
• Read about quotas and limits for static external IP addresses.
• Read about external IP address pricing.
• If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:

  Select the tab for how you plan to use the samples on this page:

  Console

  When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

  gcloud

  1. Install the Google Cloud CLI. After installation, initialize the Google Cloud CLI by running the following command:

     gcloud init

     If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

     Note: If you installed the gcloud CLI previously, make sure you have the latest version by running gcloud components update.
  2. Set a default region and zone.
  Terraform

  To use the Terraform samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

  Install the Google Cloud CLI.

  If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  Note: If you installed the gcloud CLI previously, make sure you have the latest version by running gcloud components update.

  If you're using a local shell, then create local authentication credentials for your user account:

  gcloud auth application-default login

  You don't need to do this if you're using Cloud Shell.

  If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  For more information, see Set up authentication for a local development environment.

  REST

  To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

  Install the Google Cloud CLI.

  If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

To get the permissions that you need to configure and manage static IP addresses, ask your administrator to grant you the following IAM roles on your project:

• To create and update instances: Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to configure and manage static IP addresses. To see the exact permissions that are required, expand the Required permissions section:

The following permissions are required to configure and manage static IP addresses:

• compute.instances.update on the instance
• compute.instances.updateNetworkInterface on the instance
• compute.instances.addAccessConfig on the instance
• compute.instances.deleteAccessConfig on the instance
• compute.networks.list on the network
• compute.subnetworks.use on the subnet
• compute.subnetworks.list on the subnet
• To create instances:
  • compute.instances.create on the project
  • To use a custom image to create the VM: compute.images.useReadOnly on the image
  • To use a snapshot to create the VM: compute.snapshots.useReadOnly on the snapshot
  • To use an instance template to create the VM: compute.instanceTemplates.useReadOnly on the instance template
  • To assign a legacy network to the VM: compute.networks.use on the project
  • To specify a static IP address for the VM: compute.addresses.use on the project
  • To assign an external IP address to the VM when using a legacy network: compute.networks.useExternalIp on the project
  • To specify a subnet for the VM: compute.subnetworks.use on the project or on the chosen subnet
  • To assign an external IP address to the VM when using a VPC network: compute.subnetworks.useExternalIp on the project or on the chosen subnet
  • To set VM instance metadata for the VM: compute.instances.setMetadata on the project
  • To set tags for the VM: compute.instances.setTags on the VM
  • To set labels for the VM: compute.instances.setLabels on the VM
  • To set a service account for the VM to use: compute.instances.setServiceAccount on the VM
  • To create a new disk for the VM: compute.disks.create on the project
  • To attach an existing disk in read-only or read-write mode: compute.disks.use on the disk
  • To attach an existing disk in read-only mode: compute.disks.useReadOnly on the disk

You might also be able to get these permissions with custom roles or other predefined roles.

• Only one resource at a time can use a static external IP address.

• There is no way to check whether an IP address is static or ephemeral after it has been assigned to a resource. You can compare the IP address against the list of static external IP addresses reserved to that project. Use the gcloud compute addresses list sub-command to see a list of static external IP addresses available to the project.

• Each VM can have multiple network interfaces, and each interface can have the following IP addresses assigned according to its stack type:

  • IPv4-only interfaces:
    • An internal IPv4 address (required)
    • An external IPv4 address (optional)
  • Dual-stack (IPv4 and IPv6) interfaces:
    • An internal IPv4 address (required)
    • An external IPv4 address (optional)
    • A /96 IPv6 address range, either internal or external, but not both (required)
  • IPv6-only interfaces (Preview):
    • A /96 IPv6 address range, either internal or external, but not both (required)

• You can't unassign or change the external IPv6 address of a VM with an IPv6-only network interface. You can, however, promote an ephemeral external IP address of a resource to a static external IP address so that the address remains reserved even after the resource is deleted.

• You cannot change the name of a static IP address.

Note: Network interfaces can receive traffic from multiple forwarding rules, which might serve other external IP addresses. Any number of external IP addresses can reference a network interface through these forwarding rules, but each network interface can be assigned only one external IPv4 address and one external /96 IPv6 address range.

For more information about load balancing and forwarding rules, read the load balancing documentation.

To list static external IP addresses that you have reserved for your project, follow these steps.

1. In the Google Cloud console, go to the IP addresses page.

   Go to IP addresses

2. Click External IP addresses.

Use the gcloud compute addresses list command:

• To list all IP addresses, use the following command:

  gcloud compute addresses list

• To list all global IP addresses, use the following command:

  gcloud compute addresses list --global

• To list all regional IP addresses in a given region, use the following command:

  gcloud compute addresses list \
      --regions=REGION
  

  Replace REGION with the region that you want to list addresses for. You can list addresses of multiple regions by specifying comma-separated region names:

  gcloud compute addresses list \
      --regions=REGION1,REGION2,..REGION_n_
  

• To list regional IPv4 or IPv6 addresses, call the addresses.list method:

  GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses
  

  Replace the following:

  • PROJECT_ID: the project ID for this request
  • REGION: the name of the region for this request

• To list all addresses in all regions, call the addresses.aggregatedList method:

  GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/aggregated/addresses
  

• To list global IPv4 or IPv6 addresses, call the globalAddresses.list method:

  GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses
  

  Replace the following:

  PROJECT_ID: the project ID for this request

The following sections describe how to configure static external IP addresses for your instances.

After you have reserved a static external IP address, you can assign it to an instance.

1. In the Google Cloud console, go to the Create an instance page.

   Go to Create an instance

2. To assign a static external IP address to the instance, do the following:

   1. In the navigation menu, click Networking.

   2. In the Network interfaces section, specify the network interfaces that you want for the instance by using the following options:

      • To add a network interface, click Add a network interface. Then, in the Network list, select a network.

      • To delete a network interface, click delete Delete.

   3. Select one of the following options:

      • To assign a static external IPv4 address, do the following:

        1. Expand a network interface.
        2. Select the IP address from the External IPv4 address list.

      • To assign a static external IPv6 address, do the following:

        1. Expand a network interface that contains a subnet with an external IPv6 address range.
        2. Select that subnet from the Subnetwork list.
        3. For IP stack type, select IPv4 and IPv6 (dual-stack) or IPv6 (single-stack).
        4. Select the newly reserved external IPv6 address from the External IPv6 address list. Alternatively, select Reserve static external IPv6 address and reserve a new static external IPv6 address.
        5. For Network Service Tier, select Premium.

   4. To finish modifying the network interface, click Done.

3. Continue with the instance creation process.

You can create an instance and assign a static regional external IP address that you have already reserved.

• To assign a static external IPv4 address, do the following:

  gcloud compute instances create INSTANCE_NAME \
      --zone=ZONE \
      --address=IPV4_ADDRESS
  

• To assign a static external IPv6 address, do the following:

  gcloud compute instances create INSTANCE_NAME \
      --zone=ZONE \
      --subnet=SUBNET \
      --stack-type=STACK_TYPE \
      --external-ipv6-address=IPV6_ADDRESS \
      --external-ipv6-prefix-length=96 \
      --ipv6-network-tier=PREMIUM
  

  Replace the following:

  • INSTANCE_NAME: the name of the compute instance.
  • ZONE: the zone to create the instance in
  • IPV4_ADDRESS: the IPv4 address to assign to the instance. Use the reserved static external IP address, not the address name.
  • SUBNET: a subnet that contains external IPv6 addresses
  • STACK_TYPE: the stack type for the instance, either IPV4_IPV6 (dual-stack) or IPV6_ONLY
  • IPV6_ADDRESS: the IPv6 address to assign to the instance. Use the reserved static external IP address, not the address name.

You can use the google_compute_instance resource to assign an external IP address.

• To assign a static external IPv4 address to a new compute instance, do the following:

  In your request to create a new instance, explicitly provide the networkInterfaces[].accessConfigs[].natIP property and the external IPv4 address that you want to use, for example:

  {
    "name": "INSTANCE_NAME",
    "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
    "networkInterfaces": [{
        "accessConfigs": [{
          "type": "ONE_TO_ONE_NAT",
          "name": "External NAT",
          "natIP": "IPV4_ADDRESS"
        }],
        "network": "global/networks/default"
    }],
    "disks": [{
        "autoDelete": "true",
          "boot": "true",
          "type": "PERSISTENT",
          "initializeParams": {
              "sourceImage": "SOURCE_IMAGE"
           }
    }]
  }
  

  Replace the following:

  • INSTANCE_NAME: the name of the compute instance
  • ZONE: the zone to create the instance in
  • MACHINE_TYPE: Optional: a full or partial URL of the machine type resource to use when creating the instance, in the format: zones/ZONE/machineTypes/MACHINE_TYPE
  • IPV4_ADDRESS: the IPv4 address to assign to the instance. Use the reserved static external IP address, not the address name.
  • SOURCE_IMAGE: a specific version of a public image, such as projects/debian-cloud/global/images/debian-10-buster-v20200309 or an image family, such as projects/debian-cloud/global/images/family/debian-10

• To assign a static external IPv6 address to a new instance, do the following:

  In your request to create a new instance, explicitly provide the networkInterfaces[].ipv6AccessConfigs[].externalIpv6 property and the external IPv6 address that you want to use, for example:

  {
    "name": "INSTANCE_NAME",
    "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
    "networkInterfaces": [{
            "ipv6AccessConfigs": [{
           "externalIpv6": "IPV6_ADDRESS",
           "externalIpv6PrefixLength": 96,
           "name": "external-ipv6-access-config",
           "networkTier": "PREMIUM",
           "type": "DIRECT_IPV6"
            }],
        "stackType": "STACK_TYPE",
        "subnetwork":"SUBNETWORK"
    }],
    "disks": [{
        "autoDelete": "true",
        "boot": "true",
        "mode": "READ_WRITE",
        "type": "PERSISTENT",
        "initializeParams": {
            "sourceImage": "SOURCE_IMAGE"
        },
    }],
  }
  

  Replace the following:

  • INSTANCE_NAME: the name of the compute instance
  • ZONE: the zone to create the instance in
  • MACHINE_TYPE: Optional: a full or partial URL of the machine type resource to use when creating the instance, in the format: zones/ZONE/machineTypes/MACHINE_TYPE
  • IPV6_ADDRESS: the IPv6 address to assign to the instance. Use the reserved static external IP address, not the address name.
  • STACK_TYPE: the stack type for the instance, either IPV4_IPV6 (dual-stack) or IPV6_ONLY
  • SUBNET: a subnet that contains external IPv6 addresses
  • SOURCE_IMAGE: a specific version of a public image, such as "projects/debian-cloud/global/images/debian-10-buster-v20200309" or an image family, such as "projects/debian-cloud/global/images/family/debian-10"

You can change or assign an external IP address, either ephemeral or static, to an existing IPv4-only or dual-stack instance. This procedure is not supported for IPv6-only instances.

A compute instance can have multiple interfaces. A single-stack interface can have one external IP address. A dual-stack interface can have one external IPv4 address and one external IPv6 address. If the instance already has an external IP address, you must remove that address first. Then you can assign a new external IP address to the existing instance.

1. In the Google Cloud console, go to the VM instances page.

   Go to VM instances

2. Click the name of the instance that you want to assign an external IP to. The Instance details page displays.

3. From the Instance details page, complete the following steps:

   1. Click Edit.
   2. Expand Network interfaces.
   3. Select the required external IP address to assign to the instance. If the instance is IPv4-only and you want to assign an IPv6 address, you must first change the stack type to dual-stack.
      1. For External IPv4 address, select either Ephemeral or a static external IPv4 address.
      2. For External IPv6 address, select either Ephemeral or a static external IPv6 address.
   4. Click Done.

4. Click Save.

1. Optional: Reserve a static external IP address.

   If you want to assign a static external IP address, you must reserve an address and make sure that the address is not in use by another resource. If necessary, follow the instructions to reserve a new static external IP address or to unassign a static external IP address.

   If you intend to use an ephemeral external IP address, you can skip this step, and Compute Engine randomly assigns an ephemeral external IP address.

2. Remove any existing IP address assignment, as described in Unassign a static external IP address.

3. Assign the new external IP address.

   • To assign an IPv4 address, use the instances add-access-config sub-command:

     Note: Don't replace IP_ADDRESS with the name of the static IP address. You must use the actual IP address.

     gcloud compute instances add-access-config INSTANCE_NAME \
       --access-config-name="ACCESS_CONFIG_NAME" --address=IP_ADDRESS
     

     Replace the following:

     • INSTANCE_NAME: the name of the instance.
     • ACCESS_CONFIG_NAME: the name to call this access config. Make sure to include the full name between quotes.
     • IP_ADDRESS: the IP address to add.

     If you want Compute Engine to assign an ephemeral external IP address rather than using a static external IP address, omit the --address IP_ADDRESS property:

     gcloud compute instances add-access-config INSTANCE_NAME \
       --access-config-name="ACCESS_CONFIG_NAME"
     

   • To change an instance to dual-stack and assign it an IPv6 address, use the instance network-interfaces update sub-command:

     gcloud compute instances network-interfaces update INSTANCE_NAME \
       --network-interface=NIC \
       --ipv6-network-tier=PREMIUM \
       --stack-type=STACK_TYPE \
       --external-ipv6-address=IPV6_ADDRESS \
       --external-ipv6-prefix-length=96 \
       --zone=ZONE
     

     Replace the following:

     • INSTANCE_NAME: the name of the instance.
     • NIC: the name of the network interface.
     • STACK_TYPE: the stack type for the instance, which must be IPV4_IPV6. You can't change the stack type to IPV6_ONLY.
     • IPV6_ADDRESS: the IPv6 address to assign to the instance. Specify the first IPv6 address in the /96 range.
     • ZONE: the zone of the instance.

You can change the external IPv4 or IPv6 address of an instance by adding a new access configuration for that instance.

1. Remove any existing IP address assignment, as described in Unassign a static external IP address.

2. Delete the existing access configuration by making a POST request to the instances.deleteAccessConfig method.

   POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/deleteAccessConfig
   

3. Add a new access configuration to the network interface of the instance by making a POST request to the instances.addAccessConfig method.

   • For IPv4 addresses, make the following request:

     POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/addAccessConfig
     {
     "natIP": "IPV4_ADDRESS",
     "name": "ACCESS_CONFIG_NAME"
     }
     

   • For IPv6 addresses, update the stackType of the network interface to IPV4_IPV6 and update the networkInterfaces[].ipv6AccessConfigs[].externalIpv6 property and the external IPv6 address that you want to use.

     For more information, see Assign a static external IP address to a new instance.

For certain workloads, you might have essential requirements that include security and network restrictions. For example, you might want to restrict external IP addresses so that only specific compute instances can use them. This option can help to prevent data exfiltration or maintain network isolation. Using an Organization Policy, you can restrict external IP addresses to specific instances with constraints to control use of external IP addresses for your instances within an organization or a project.

The constraint for controlling external IP address on instances is:

constraints/compute.vmExternalIpAccess

To use the constraint, you specify a policy with an allowedList of instances that can have external IP addresses. If you don't specify a policy, all external IP addresses are allowed for all instances. When the policy is in place, only the instances that are listed in the allowedValues list can be assigned an external IP address, either ephemeral or static, and other Compute Engine instances in the organization or project that are not explicitly defined in the policy are prohibited from using external IP addresses.

Instances are identified in the allow and deny lists using the instance's URI:

projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME

• You can apply this list constraint only to instances.
• You cannot apply the constraint retroactively. All instances that have external IP addresses before you enable the policy retain their external IP addresses.
• This constraint accepts either an allowedList or a deniedList but not both in the same policy.
• It is up to you or an administrator with the required permissions to manage and maintain the instance lifecycle and integrity. The constraint only verifies the instance's URI, and it does not prevent the instances in the allowlist from being altered, deleted, or recreated.

To set a constraint on either the project or the organization level, you must have been granted the orgpolicy.policyAdmin role on the organization.

1. Go to the Organizational Policies page.

   Go to Organizational Policies

2. If necessary, select the required organization from the project drop-down menu.
3. Click Define allowed external IPs for VM instances.
4. Click Edit to edit the external IP policy. If you can't access the Edit tool, you don't have the correct permissions.

5. Select Customize to set the org policy for specific instances.

6. Select the required Policy enforcement and Policy type.

7. For Policy values, select Custom.

8. Enter a URI for an instance. The URI must be in the following format:

   projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME
   

9. Click New policy value and enter URIs for instances as needed.

10. Click Save to apply the constraint.

To set a constraint for external IP access, you first need your organization ID. You can find the organization ID by running the organizations list command and looking for the numeric ID in the response:

gcloud organizations list

The gcloud CLI returns a list of organizations in the following format:

DISPLAY_NAME               ID
example-organization1      29252605212
example-organization2      1234567890

Use the gcloud resource-manager org-policies set-policy command to set the policy. You need to provide your policy as a JSON file. Create a JSON file in the following format:

{
"constraint": "constraints/compute.vmExternalIpAccess",
"listPolicy": {
  "allowedValues": [
     "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME",
     "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME",
     "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
  ]
 }
}

Replace the following:

• PROJECT_ID: the project ID for this request, such as example-project. Note that this is different than setting up organization policies, which require the organization numeric ID.
• ZONE: the zone of the instance
• INSTANCE_NAME: the name of the instance

Alternatively, you can specify a deniedValues list to indicate instances that you explicitly want to prohibit from having an external IP address. Any instance not on the list would implicitly be allowed to have an external IP address. You can only specify either allowedValues or deniedValues but not both.

Then, pass in the file with your request:

gcloud resource-manager org-policies set-policy MY_POLICY.JSON --organization=ORGANIZATION_ID

Replace ORGANIZATION_ID with the numeric ID of the organization.

If you don't want any instances to have external IP access, you can set a policy with allValues set to DENY:

{
  "constraint": "constraints/compute.vmExternalIpAccess",
  "listPolicy": {
    "allValues": "DENY"
  }
}

Use the setOrgPolicy() API to define your constraint. The instances in the allowedValue list you specify are allowed to have external IP addresses. Alternatively, you can specify a deniedValues list to express instances that you explicitly want to prohibit from having an external IP address. Any instance not on the list would implicitly be allowed to have an external IP address. You can only specify either allowedValues or deniedValues but not both.

For example, the following is a request to apply the compute.vmExternalIpAccess constraint to an organization where instances from certain projects within the organization are allowed to have external IP addresses:

POST https://cloudresourcemanager.googleapis.com/v1/organizations/ORGANIZATION_ID:setOrgPolicy

where ORGANIZATION_ID is the numeric ID of the organization.

Now, in your request body, provide the policy for this constraint:

{
  "policy": {
    "constraint": "constraints/compute.vmExternalIpAccess",
    "listPolicy": {
      "allowedValues": [
        "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME",
        "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME",
        "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
        ]
      }
    }
 }

If you don't want any instances to have external IP access, you can set a policy with allValues set to DENY:

{
  "policy": {
    "constraint": "constraints/compute.vmExternalIpAccess",
    "listPolicy": {
      "allValues": "DENY"
      }
    }
 }

Setting a policy at the project level overrides the policy at the organization level. For example, if the organization level has example-vm-1 on the allowedValues list but the policy at the project level has the same instance on the deniedValues list, the instance wouldn't be allowed to have an external IP address.

Follow the same process documented under Set a policy constraint at the organization level but choose your project from the project selector instead of the organization.

Use the gcloud resource-manager org-policies set-policy command to set the policy. You need to provide your policy as a JSON file. Create a JSON file in the following format:

{
 "constraint": "constraints/compute.vmExternalIpAccess",
 "listPolicy": {
  "allowedValues": [
   "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
  ]
 }
}

Replace the following:

• PROJECT_ID: the project ID for this request, such as example-project. Note that this is different than setting up organization policies, which require the organization numeric ID.
• ZONE: the zone of the instance.
• INSTANCE_NAME: the name of the instance.

Alternatively, you can specify a deniedValues list of instances that you explicitly want to prohibit from having an external IP address. Any instance not on the list would implicitly be allowed to have an external IP address. You can only specify either allowedValues or deniedValues but not both.

Then, pass in the file with your request:

gcloud resource-manager org-policies set-policy MY_POLICY.JSON --project=example-project

Use the setOrgPolicy API to define your constraint. The instances in the allowedValue list you specify are allowed to have external IP addresses. Alternatively, you can specify a deniedValues list to express instances that you explicitly want to prohibit from having an external IP address. Any instance not on the list is implicitly allowed to have an external IP address. You can specify only allowedValues or deniedValues but not both.

For example, the following is a request to set the compute.vmExternalIpAccess constraint on a project to allow specific instances to have external IP addresses:

POST https://cloudresourcemanager.googleapis.com/v1/projects/PROJECT_ID:setOrgPolicy

Replace PROJECT_ID with the project ID for this request.

The request body contains the policy for this constraint:

{
  "policy": {
    "constraint": "constraints/compute.vmExternalIpAccess",
    "listPolicy": {
      "allowedValues": [
        "projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
      ]
    }
  }
}

• Avoid using the deniedValues list with this constraint. If you define values in the deniedValues list, it means that only the instances in the deniedValues list are restricted from using external IP addresses. This could be a security concern if you want control over exactly which instances can have external IP addresses. If you want to remove certain instances from the allowedValues list, update the existing policy to remove the instances from the allowedList rather than putting the instances into the deniedValues list at a lower hierarchy.

• If you want to set a policy over a large part of the resource hierarchy but exempt certain projects, restore the default policy by using the setOrgPolicy method by specifying the restoreDefault object to allow all instances in the projects to be associated with external IP addresses. The current policies for projects are not affected by the default setting.

• Use the org policy together with IAM roles to better control your environment. This policy applies to only instances but if you want to better control and restrict external IP addresses on network devices, you can grant the compute.networkAdmin role to the appropriate parties.

• Any services and products that are running on Compute Engine within the organization or project with the policy enabled are subject to this org policy. Specifically, services such as Google Kubernetes Engine, Dataflow, Dataproc, and Cloud SQL are affected by this policy. If this is an issue, Google recommends that you set up other services and products in a different project that does not have the organization policy applied, and use Shared VPC, if needed.

The following sections describe how to manage static external IP addresses for your instances.

Static and ephemeral internal IP addresses behave and appear the same in most contexts. However, with static internal IP addresses, you can use the same IP address for the same resource even if you delete and re-create the resource. In general, an ephemeral IP address is released if you stop or delete the resource.

To determine if an address is static or ephemeral, do the following:

1. In the Google Cloud console, go to the IP addresses page.

   Go to IP addresses

2. Find the address in the list and check the Type column for the type of IP address.

Unassigning an IP address removes it from the resource but keeps the IP address reserved. After the IP address is unassigned, you can reassign the IP address to another resource. This procedure is supported for dual-stack instances, but not IPv6-only instances.

You can also unassign the IPv4 or IPv6 address by deleting the instance.

1. In the Google Cloud console, go to the IP addresses page.

   Go to IP addresses

2. Click External IP addresses.

3. Select the static IP address that you want to unassign.

4. Click more_vertView actions and select the Reassign to another resource option.

5. From the Attach to drop-down list, select None.

6. Click OK.

1. Check if a static IP address is in use by using the gcloud compute addresses list command:

   gcloud compute addresses list
   

   The output is similar to the following:

   NAME                      REGION    ADDRESS                  STATUS
   example-address-ipv4      REGION    198.51.100.1             RESERVED
   example-address-new-ipv4  REGION    203.0.113.1              IN_USE
   example-address-ipv6      REGION    2001:db8:1:1:1:1:1:1     RESERVED
   example-address-new-ipv6  REGION    2001:db8:4:4:4:4:4:4     IN_USE
   

   • If the IP address is not in use, the status is RESERVED.
   • If the IP address is in use, the status is IN_USE.

2. Retrieve the name of the instance that is using the IP address:

   gcloud compute addresses describe ADDRESS_NAME \
     --region=REGION
   

   Replace the following:

   • ADDRESS_NAME: the name of the IPv6 address resource.
   • REGION: the region of the IPv6 address resource.

   The output is similar to the following:

   address: IP_ADDRESS
   addressType: EXTERNAL
   ...
   region: https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION
   selfLink: https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/addresses/ADDRESS_NAME
   status: IN_USE
   subnetwork: https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/subnetworks/SUBNET
   users:
   - https://www.googleapis.com/compute/v1/projects/PROJECT/zones/ZONE/instances/INSTANCE_NAME
   

   The users field displays the name of the instance that is using the IP address.

3. Unassign the IP address from the instance.

   • To unassign an IPv4 address, delete the instance's access config file:

     1. Get the name of the access config to delete. To get the name, use the gcloud compute instances describe command. Replace INSTANCE_NAME with the name of the instance.

        gcloud compute instances describe INSTANCE_NAME
        

        The access config appears in the following format:

        networkInterfaces:
          - accessConfigs:
            - kind: compute#accessConfig
              name: external-nat
              natIP: 203.0.113.1
              type: ONE_TO_ONE_NAT
        

        Note: The name of your access config might be different than external-nat; make sure to check for your own access config name. In some cases, an earlier version of the access config name, External NAT, might be used.

     2. Delete the access config by using the gcloud compute instances delete-access-config command:

        gcloud compute instances delete-access-config INSTANCE_NAME \
          --access-config-name="ACCESS_CONFIG_NAME"
        

        Replace the following:

        • INSTANCE_NAME: the name of the instance.
        • ACCESS_CONFIG_NAME: the name of the access config to delete. Be sure to include the full name between quotes.

   • To unassign an IPv6 address range, use the instance network-interfaces update command:

     gcloud compute instances network-interfaces update INSTANCE_NAME \
       --network-interface=nic0 \
       --stack-type=IPV4_ONLY \
       --zone=ZONE
     

     Replace the following:

     • INSTANCE_NAME: the name of the instance that is using the IP address.
     • ZONE: the zone of the instance.

4. Check that your static external IP address is now available and marked as RESERVED instead of IN_USE.

   gcloud compute addresses list \
     --filter="ADDRESS_NAME AND region=REGION"
   

   Replace the following:

   • ADDRESS_NAME: the name of the IP address resource.
   • REGION: the region of the IP address resource.

Now that your static external IP address is available, you can choose to assign it to another instance.

To unassign a static external IPv4 or IPv6 address, perform the following steps:

• For IPv4 addresses, delete the access configuration attached to the instance that's using the address.

  1. To check the access configuration details of a instance, make a GET request to the instances.get method.

     GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME
     

  2. Delete the existing access configuration by making a POST request to the instances.deleteAccessConfig method.

     POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/deleteAccessConfig
     

     Replace the following:

     • PROJECT_ID: the project ID for this request
     • ZONE: the zone where the instance is located
     • INSTANCE_NAME: the name of the instance

• For IPv6 addresses, update the stack type of the network interface for the instance where the IPv6 address is attached.

  1. Make a PATCH request to the instances.updateNetworkInterface method.

  2. In the request body, update the value of the stackType field to IPV4_ONLY.

     For example:

     PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateNetworkInterface
     
     {
       "networkInterfaces": [{
         ...
         "stackType" : "IPV4_ONLY"
         ...
         }]
     }
     

If you no longer need a static external IPv4 or IPv6 address, you can release the IP address by deleting the IP address resource. Deleting an instance doesn't automatically release a static external IP address. You must manually release static external IP addresses when you no longer require them.

To release a static external IP address, see Release a static external IP address in the VPC documentation.

• Learn more about IP addresses.
• Learn more about networks and firewalls.
• Learn how to address Compute Engine instances using internal DNS.
• Review VPC pricing.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-07 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Static external IP addresses can be reserved and assigned to new or existing virtual machine (VM) and bare metal instances, allowing for consistent external connectivity."],["Managing static IP addresses involves several actions, including reserving, assigning, changing, listing, unassigning, and releasing them, which can be performed through the Google Cloud console, `gcloud` CLI, Terraform, or REST API."],["To assign a static external IP to an existing instance, you can modify its network interfaces settings through the console or use specific `gcloud` commands or REST API methods."],["Organization policies can be used to restrict the use of external IP addresses to specific instances, managed via an allowed or denied list of instance URIs."],["Unassigning a static IP from an instance is possible using the Google Cloud console or through `gcloud` commands, REST API calls, or various code samples provided, but it is crucial to manually release the static IP address afterward to avoid unnecessary charges."]]],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4