# Resource 'projects/my-project/global/images/my-image' was disallowed by policy. Policy: 'constraints/compute.restrictNonCompliantResource'. Reason: 'The resource location 'eastus2' is not allowed for this project.' - **ID:** `policy/gcp-resource-location-restriction-violation` - **Domain:** policy - **Category:** config_error - **Verification:** ai_generated - **Fix Rate:** 85% ## Root Cause A Google Cloud Organization Policy constraint restricts resource creation to specific locations (e.g., only us-central1), but the resource is being created in a non-compliant region like eastus2. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | Google Cloud SDK 450.0.0 | active | — | — | | Google Cloud Console 2024-03 | active | — | — | ## Workarounds 1. **Check the allowed locations for the project using: gcloud resource-manager org-policies describe constraints/compute.restrictNonCompliantResource --project=my-project, then create the resource in an allowed region.** (90% success) ``` Check the allowed locations for the project using: gcloud resource-manager org-policies describe constraints/compute.restrictNonCompliantResource --project=my-project, then create the resource in an allowed region. ``` 2. **Update the organization policy to add the desired location using: gcloud resource-manager org-policies set-policy --project=my-project policy.yaml, where policy.yaml includes the allowed locations.** (85% success) ``` Update the organization policy to add the desired location using: gcloud resource-manager org-policies set-policy --project=my-project policy.yaml, where policy.yaml includes the allowed locations. ``` 3. **If the policy is inherited from the organization, request an exception from the GCP admin to allow the specific location.** (70% success) ``` If the policy is inherited from the organization, request an exception from the GCP admin to allow the specific location. ``` ## Dead Ends - **** — The policy applies to all resources in the project; only allowed locations will succeed. (90% fail) - **** — The same policy will block the creation again. (95% fail) - **** — The policy may be inherited from the organization level and apply to all projects. (70% fail)