Hello, I’m seeking to delete a Serverless VPC Access connector that appears to be in a stuck state. I’ve exhausted all the troubleshooting steps I can think of and am hoping for some direction.
The connector’s status in the console shows: “Connector is in a bad state, manual deletion recommended”. However, all attempts to delete it, via the Cloud Console or gcloud, fail with the same error: "Failed to delete run-sql-connector: Unknown error. Original error message: Operation failed: Forbidden". The gcloud command log provides a similar message: ERROR: (gcloud.compute.networks.vpc-access.connectors.delete) { “code”: 7, “message”: “Operation failed: Forbidden” } - but no other details are provided.
To rule out an IAM issue, I’ve tried performing the deletion with an account that has Owner privileges. I also explicitly granted the roles/vpcaccess.admin role to my user, but the error persists in all cases. I have verified that there are no active Cloud Run, Cloud Functions, or App Engine services configured to use this connector.
I tried disabling the “Serverless VPC Access API” for the project and re-enabling it, but the connector was not forcibly removed and remains undeletable. My main concern is that this undeletable resource may continue to incur charges, even though it is non-functional and cannot be removed.
Since I’ve been unable to resolve this on my own, it seems like an internal state issue that I can’t correct. Could someone from the Google Cloud team please advise on the next steps to get this resource manually deleted?
I had this issue too and it was linked to assimilated resources with the Connector. As mentioned in the Deleting a Connector documentation:
Before you delete a connector, you must remove it from any serverless resources that still use it. Deleting a connector before removing it from your serverless resources prohibits you from deleting the VPC network later.
Hi Leo, thanks for the response, but unfortunately, this does not seem to be related to my issue.
I understand that, reading thoroughly the cited documentation, if connector is not removed from serverless resources (like Cloud Run, which was the only serverless resource I used at the time) then the VPC network cannot be deleted.
But this is not what is happening. I tried removing all serverless resources, and I could successfully delete the VPC network, but I am unable to remove the connector even if there is nothing else in the same Google Cloud Project but this connector.
Right now, neither do I have the VPC network, nor any remaining resources that could be associated with either that network or the connector - but the connector, pointing to a non-existent network, remains lingering in the project. I can even click on the non-existent network name specified in the connector, and get redirected to an error page saying “Unable to find the resource that you requested” which validates that the network no longer exists.
I tried re-creating the network with the same name, then attempting to delete the Serverless VPC access connector, but still got the same error.
Then, you can try checking your project’s Asset Inventory to identify any conflicting resources that might be preventing the connector from being deleted.
