Troubleshooting
Fix Terraform Error - GCP IAM Member Already Exists
Fix Google Cloud IAM binding conflicts in Terraform. Covers authoritative vs non-authoritative bindings, member format, conditions, and import patterns.
2 min read
Troubleshooting
Fix: GCP Project Quota Exceeded for Networks
Fix Google Cloud network quota exceeded errors in Terraform. Request quota increases, clean up unused VPCs, and optimize shared VPC configurations.
LLuca Berton2 min read
Quick Answer
#You've hit the VPC network quota for your GCP project (default: 5-15 networks). Request a quota increase, delete unused VPCs, or use shared VPC to reduce the number of networks per project.
The Error
#Error: Error creating Network: googleapi: Error 403:
Quota 'NETWORKS' exceeded. Limit: 15.0 in project my-project.Error: Error creating Subnetwork: googleapi: Error 403:
Quota 'SUBNETWORKS' exceeded.What Causes This Error
#- Too many VPC networks — each project has a default quota (typically 5-15)
- Default network still exists — GCP creates a
defaultnetwork in new projects - Unused networks from old deployments — orphaned VPCs consuming quota
- Separate VPCs per environment in the same project instead of using subnets
How to Fix It
#Solution 1: Request Quota Increase
## Check current quota
gcloud compute project-info describe --project my-project \
--format='value(quotas[name=NETWORKS])'
# Request increase via Console:
# IAM & Admin → Quotas → search "Networks"
# Or via gcloud:
gcloud alpha services quota update \
--consumer=projects/my-project \
--service=compute.googleapis.com \
--metric=compute.googleapis.com/networks \
--value=25Solution 2: Delete Unused Networks
## List all networks
gcloud compute networks list --project my-project
# Delete the default network (recommended for IaC projects)
gcloud compute firewall-rules list --filter="network=default" \
--format="value(name)" | xargs -I {} gcloud compute firewall-rules delete {}
gcloud compute networks delete default --project my-project
# Find and delete orphaned networks
gcloud compute networks list --project my-project --format="table(name,subnetworks.len())"Solution 3: Use Shared VPC
## Host project — single VPC shared across service projects
resource "google_compute_shared_vpc_host_project" "host" {
project = var.host_project_id
}
resource "google_compute_network" "shared" {
project = var.host_project_id
name = "shared-vpc"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "app" {
project = var.host_project_id
name = "app-subnet"
ip_cidr_range = "10.0.1.0/24"
region = var.region
network = google_compute_network.shared.id
}
# Service project uses the shared VPC
resource "google_compute_shared_vpc_service_project" "service" {
host_project = var.host_project_id
service_project = var.service_project_id
}Solution 4: Use Subnets Instead of Separate VPCs
## ONE network with multiple subnets per environment
resource "google_compute_network" "main" {
name = "main-vpc"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "dev" {
name = "dev-subnet"
ip_cidr_range = "10.0.0.0/20"
region = var.region
network = google_compute_network.main.id
}
resource "google_compute_subnetwork" "prod" {
name = "prod-subnet"
ip_cidr_range = "10.1.0.0/20"
region = var.region
network = google_compute_network.main.id
}GCP Network Quotas
#| Quota | Default | Can Increase |
|---|---|---|
| Networks per project | 15 | ✅ Yes |
| Subnetworks per project | 100 | ✅ Yes |
| Firewall rules per project | 500 | ✅ Yes |
| Routes per project | 250 | ✅ Yes |
Troubleshooting Checklist
#- ✅ How many networks exist? (
gcloud compute networks list) - ✅ What's your current quota? (
gcloud compute project-info describe) - ✅ Are there unused or default networks to delete?
- ✅ Can you use subnets instead of separate VPCs?
- ✅ Would shared VPC reduce your network count?
Prevention Tips
#- Delete the default network in all new projects
- Use subnets for isolation instead of separate VPCs per environment
- Use shared VPC for multi-project architectures
- Request quota increases proactively before large deployments
- Tag networks with
managed-by = terraformto identify orphans
Related Articles
#Conclusion
#Network quota exceeded means you've hit the VPC limit for your project. Delete unused networks (especially the default), use subnets instead of separate VPCs, consider shared VPC for multi-project setups, and request quota increases before large deployments.
#Terraform#Google Cloud#Troubleshooting#Error Fix
Related articles
Troubleshooting
Fix Terraform Error - GCP Cloud SQL Instance Already Exists
Fix Google Cloud SQL instance name conflicts in Terraform. Handle deletion cooldowns, name reuse restrictions, imports, and instance restoration.
3 min read
Troubleshooting
Fix Terraform Error - GCP Quota Exceeded
Fix Google Cloud quota exceeded errors in Terraform. Learn to request quota increases, optimize resource usage, and handle regional quota limits.
2 min read
Troubleshooting
Fix: Azure Cosmos DB Account Name Already Taken
Fix Azure Cosmos DB global name conflicts in Terraform. Handle unique naming, DNS resolution, and account restoration after soft deletion.
2 min read