DevOps
Fix Terraform Error - GCP Network Firewall Rule Already Exists
Fix 'resource already exists' errors when creating GCP firewall rules in Terraform. Import existing rules, handle naming conflicts, and manage default...
2 min read
DevOps
Fix Terraform Error - GCP Service API Not Enabled
Fix googleapi 403 'has not been used in project' or 'is disabled' errors in Terraform. Enable GCP APIs with google_project_service and fix billing/quota issues.
LLuca Berton2 min read
Quick Answer
#The GCP API for the service you're trying to use isn't enabled in your project. Add google_project_service resources to enable APIs via Terraform, or run gcloud services enable <api> manually.
The Error
#Error: googleapi: Error 403: Compute Engine API has not been
used in project 123456789 before or it is disabled. Enable it
by visiting https://console.developers.google.com/...Or:
Error: googleapi: Error 403: Cloud SQL Admin API is disabled
for project my-projectWhat Causes This
#GCP requires you to explicitly enable each API before using it. New projects have most APIs disabled by default. This is different from AWS and Azure where services are always available.
How to Fix It
#Solution 1: Enable APIs with Terraform (Recommended)
#resource "google_project_service" "apis" {
for_each = toset([
"compute.googleapis.com",
"container.googleapis.com",
"sqladmin.googleapis.com",
"storage.googleapis.com",
"iam.googleapis.com",
"cloudresourcemanager.googleapis.com",
"servicenetworking.googleapis.com",
"dns.googleapis.com",
])
project = var.project_id
service = each.value
disable_on_destroy = false # Don't disable if resource is removed
}
# Ensure APIs are enabled before creating resources
resource "google_compute_instance" "web" {
depends_on = [google_project_service.apis]
name = "web-server"
machine_type = "e2-medium"
zone = "${var.region}-a"
# ...
}Solution 2: Enable via gcloud CLI
## Enable a single API
gcloud services enable compute.googleapis.com --project my-project
# Enable multiple APIs at once
gcloud services enable \
compute.googleapis.com \
container.googleapis.com \
sqladmin.googleapis.com \
storage.googleapis.com \
--project my-project
# List currently enabled APIs
gcloud services list --enabled --project my-project
# Check if a specific API is enabled
gcloud services list --enabled --filter="name:compute" --project my-projectSolution 3: Fix Billing Issues
#Some APIs require billing to be enabled:
# Check billing status
gcloud billing projects describe my-project
# Link a billing account
gcloud billing projects link my-project \
--billing-account=BILLING_ACCOUNT_IDCommon APIs Needed for Terraform
#| Resource Type | Required API |
|---|---|
| Compute Engine VMs | compute.googleapis.com |
| GKE clusters | container.googleapis.com |
| Cloud SQL | sqladmin.googleapis.com |
| Cloud Storage | storage.googleapis.com |
| IAM | iam.googleapis.com |
| VPC / Networking | compute.googleapis.com |
| DNS | dns.googleapis.com |
| Cloud Functions | cloudfunctions.googleapis.com |
| Cloud Run | run.googleapis.com |
| Pub/Sub | pubsub.googleapis.com |
| BigQuery | bigquery.googleapis.com |
API Enablement Takes Time
#After enabling an API, it can take 30-60 seconds to propagate:
resource "google_project_service" "compute" {
service = "compute.googleapis.com"
}
resource "time_sleep" "wait_for_api" {
depends_on = [google_project_service.compute]
create_duration = "60s"
}
resource "google_compute_instance" "web" {
depends_on = [time_sleep.wait_for_api]
# ...
}Troubleshooting Checklist
#- ✅ Is the required API enabled? (
gcloud services list --enabled) - ✅ Is billing enabled on the project?
- ✅ Does the service account have permission to enable APIs?
- ✅ Did you wait for API propagation after enabling?
- ✅ Is the correct project ID set in the provider?
Prevention Tips
#- Enable all required APIs in a single
for_eachblock at the top of your config - Set
disable_on_destroy = false— accidentally disabling APIs can break other services - Use
depends_onto ensure APIs are enabled before resources are created - Document required APIs in your project README
Related Articles
#Conclusion
#GCP requires explicit API enablement — unlike AWS and Azure. Use google_project_service with for_each to enable all required APIs in Terraform, set disable_on_destroy = false, and add depends_on to resources that need those APIs. Check billing if enablement fails.
#Terraform#Troubleshooting#DevOps#Error Fix#Google Cloud
Related articles
Troubleshooting
Fix Terraform Error - Docker Provider Connection Refused
Fix Docker provider connection refused errors in Terraform. Covers Docker daemon socket permissions, TLS configuration, and remote host setup.
2 min read
DevOps
Fix Terraform Error: CloudWatch Log Group Already Exists
Fix terraform CloudWatch Log Group ResourceAlreadyExistsException. Import orphaned log groups, prevent Lambda auto-creation
3 min read
DevOps
Fix Terraform Error: Cannot Import Into Existing State
Fix terraform import errors when a resource already exists in state. Covers state rm, state show, reimport workflow, import blocks
3 min read