This policy is no longer being updated. The Google Rightsize VM Recommender policy now includes this functionality and is the recommended policy for getting idle VM recommendations.
This Policy finds Idle Virtual Machine Recommendations and reports when it finds them. You can then delete the idle instances
This policy uses the GCP recommender google.compute.instance.IdleResourceRecommender, which identifies instances (VM) that have not been used over the previous 1 to 14 days, or, for new VMs, starting one day after VM creation: the algorithm considers the CPU and network usage in the last observation period. If CPU and network usage are below predefined thresholds, the Recommender classifies the VM as idle.
After a VM is created and running for at least one day during the observation period, Compute Engine begins generating idle VM recommendations for it. New recommendations are generated once per day.
It is important that the policy GCP credentials have at least one of the following permissions:
recommender.computeInstanceIdleResourceRecommendations.list
You also need to enable the Recommender API
Check the following official GCP docs for more:
This policy has the following input parameters required when launching the policy.
- Email addresses - A list of email addresses to notify
- Zone - Location to check, it is specifically Google zones
- Project ID - Google Projects to Query. Leave blank to query all projects.
- Unattached Days - Days a volume has been unattached. Default is 30 days
The following policy actions are taken on any resources found to be out of compliance.
- Send an email report
- Terminate idle VM after an approval
This policy uses credentials for connecting to the cloud -- in order to apply this policy you must have a credential registered in the system that is compatible with this policy. If there are no credentials listed when you apply the policy, please contact your cloud admin and ask them to register a credential that is compatible with this policy. The information below should be consulted when creating the credential.
The recommender API also needs to be enabled..
For administrators creating and managing credentials to use with this policy, the following information is needed:
Provider tag value to match this policy: gce
Required APIs to have enabled in the provider:
- Resource Manager API
- Compute Engine API
- Recommender API
Required permissions in the provider:
- resourcemanager.projects.get
- monitoring.timeSeries.list
- compute.instances.list
Required roles in the provider:
- Compute Recommender Viewer
- Compute Recommender Admin*
* Only required for taking action (termination); the policy will still function in a read-only capacity without these permissions.
This policy template does not incur any cloud costs.
The google api sets quotas on the recommender api, which will generate a 429 RESOURCE_EXHAUSTED. See Quotas & Limits