pubsub/ERR/2024_002

Creating Pub/Sub Push didn’t fail because of organization policy.

Product: Cloud Pub/Sub
Rule class: ERR - Something that is possibly wrong

Description

Creating New Pub/Sub Push Subscription in VPC-SC enabled project is not allowed.

Unable to create new Push Subscription if the project is VPC-SC enabled. The following filter can be used to find the log lines that are matched by the rule:

resource.type='pubsub_subscription'
log_name="cloudaudit.googleapis.com/activity"
severity=ERROR
protoPayload.methodName="google.pubsub.v1.Subscriber.CreateSubscription"
protoPayload.status.message="Request is prohibited by organization's policy"

Remediation

The workaround is to remove VPC-SC temporarily and create the new Push subscription and then reapply VPC-SC again.

Further information

Please find below for more information about this limitation. Pub/Sub New Push Subscription