policy auth_error ai_generated true

Error: Error creating resource: google_project_service: googleapi: Error 403: Cloud Resource Manager API has not been used in project 'my-project' before or it is disabled.

ID: policy/gcp-resource-manager-api-not-enabled

Also available as: JSON · Markdown · 中文
95%Fix Rate
90%Confidence
1Evidence
2023-02-20First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Google Cloud SDK 400+ active
Terraform Google Provider 4.0+ active

Root Cause

The Google Cloud project does not have the Cloud Resource Manager API enabled, which is required to manage project-level resources like IAM policies and service accounts via Terraform or gcloud.

generic

中文

Google Cloud 项目未启用 Cloud Resource Manager API,这是通过 Terraform 或 gcloud 管理项目级资源(如 IAM 策略和服务账户)所必需的。

Official Documentation

https://cloud.google.com/resource-manager/docs/creating-managing-projects

Workarounds

  1. 95% success Enable the Cloud Resource Manager API via gcloud: gcloud services enable cloudresourcemanager.googleapis.com --project=my-project 
    Enable the Cloud Resource Manager API via gcloud: gcloud services enable cloudresourcemanager.googleapis.com --project=my-project
  2. 90% success Enable the API via the Google Cloud Console: go to APIs & Services > Library, search for 'Cloud Resource Manager API', and click Enable. 
    Enable the API via the Google Cloud Console: go to APIs & Services > Library, search for 'Cloud Resource Manager API', and click Enable.
  3. 95% success In Terraform, add a google_project_service resource to enable the API before creating other resources: resource "google_project_service" "crm" { project = "my-project" service = "cloudresourcemanager.googleapis.com" } 
    In Terraform, add a google_project_service resource to enable the API before creating other resources: resource "google_project_service" "crm" { project = "my-project" service = "cloudresourcemanager.googleapis.com" }

中文步骤

  1. 通过 gcloud 启用 Cloud Resource Manager API:gcloud services enable cloudresourcemanager.googleapis.com --project=my-project
  2. 通过 Google Cloud 控制台启用 API:转到 APIs & Services > Library,搜索 'Cloud Resource Manager API',然后点击启用。
  3. 在 Terraform 中,添加 google_project_service 资源以在创建其他资源之前启用 API:resource "google_project_service" "crm" { project = "my-project" service = "cloudresourcemanager.googleapis.com" }

Dead Ends

Common approaches that don't work:

  1. Re-authenticate with gcloud auth login to refresh credentials 95% fail

    The error is not about authentication but about the API not being enabled; re-login does not enable APIs.

  2. Use a different service account or user account to run the command 90% fail

    The API disablement is project-wide; all accounts in the project face the same issue until the API is enabled.

  3. Set the project ID in gcloud config and retry without enabling the API 85% fail

    The API must be explicitly enabled; setting the project ID only changes the target project but does not enable the API.