Configuring stateful IP addresses in MIGs

By configuring stateful IP addresses in amanaged instance group (MIG),you ensure that IP addresses are preserved when VM instances in the group areautohealed, updated, and recreated.

You can preserve internal and external IPv4 addresses. You canconfigure IP addresses to be assigned automatically or assign specific IPaddresses to each VM instance in a MIG.

Before you begin

Review when to use stateful MIGs andhow stateful MIGs work.
If you haven't already, set upauthentication. Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
1. Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:
  gcloudinit
  If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
  Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.
2. Set a default region and zone.
Terraform
To use the Terraform samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
For more information, see Set up authentication for a local development environment.
REST
To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Limitations

A MIG with stateful IP addresses has the following limitations:

IPv6 addresses are not supported.
Internal IP addresses are not supported in networks that have nosubnetworks–for example, legacy networks.

A MIG withstateful configuration—astateful MIG—has the following limitations:

You cannot use autoscaling if your MIG has stateful configuration.
If you want to use automated rolling updates, you must set thereplacement methodtoRECREATE.
For stateful regional MIGs, you mustdisable proactive redistribution (set the redistribution type toNONE) to prevent deletion of statefulinstances by automatic cross-zone redistribution.
If you use anall-instances configurationto override instance template properties, you cannot specify those propertiesin any per-instance configuration and at the same time in the group'sall-instances configuration.

Pricing

You are charged for external IP addresses according to networkingpricing.

Caution: Unused reserved external static IP addresses incur charges, so makesure to delete them if you don't intend to keep them for future use. Whenconfiguring stateful IPs, you can use the auto-delete rule to automaticallydelete a static IP address when its instance is permanently deleted.

When to use stateful IP addresses

Preserving instances' IP addresses is useful in the following scenarios:

Your application requires an IP address to remain static after it has beenassigned—for example, Kafka.
Your application's configuration depends on specific IP addresses—for example,a DNS server.
Users, including other applications, access your server through a dedicatedstatic IP address—for example, a file server.
You need to migrate existing workloads without changing network configuration.

Configuring stateful IP addresses for all VMs in a group

Configuring stateful IP addresses for all VMs in a MIG is useful in thefollowing scenarios:

Your application requires an IP address to remain static after it has beenassigned. But your application doesn't require assigning specific IP addressesto specific instances. IP addresses can be auto-assigned on instance creation.
Your users, including other applications, access your servers through staticIP addresses that you publish after deploying your application.
You would like to benefit from instance autohealing and automated updateswhile preserving the static IP address that is auto-assigned on instancecreation.

To maintain static internal or external IP addresses for existing and future VMinstances in the group, configure that in the stateful policy.

When you add stateful IP address configuration to the group's stateful policy,the MIG applies the configuration in the following way:

For new instances, the MIG automatically assigns and reserves static IPaddresses.

For existing instances, the MIG promotes in-use ephemeral internal orexternal IP addresses to static addresses by reserving the corresponding static IPaddresses.
For existing instances without external IP addresses, the MIG assigns andreserves static IP addresses, and addsaccess configuration to the corresponding network interface with the following default values:
```
"accessConfigs": [  {    "kind": "compute#accessConfig",    "name": "External NAT",    "natIP": "XX.XX.XX.XX",    "networkTier": "PREMIUM",    "type": "ONE_TO_ONE_NAT"  }]
```

To reserve a static IP address, the MIG creates anAddress resource.

Note: All VM instances have a network interface with the namenic0 and thisnetwork interface is used by default when you configure a stateful IP.

You have the option to create instances that have multiple network interfaces bysetting multiple network interfaces in your group's instance template. In thiscase, separately specify each internal or external IP that you want to make stateful for each network interface.

Configuring stateful IP addresses on MIG creation

Use the Google Cloud console, gcloud CLI, Terraform, orREST.

Permissions required for this task

To perform this task, you must have the followingpermissions:

For zonal MIGs, all permissions required to call theinstanceGroupManagers.insert method
For regional MIGs, all permissions required to call theregionInstanceGroupManagers.insert method

A MIG uses theGoogle APIsService Agent service account to manage its instances. This service accounthasEditor role by default,which includes all necessary permissions for managing stateful IP addresses.

If you need to create a custom role, the following permissions are required for managing stateful network interfaces:

compute.addresses.create for creating static external IP addresses
compute.addresses.createInternal for creating static internal IP addresses
compute.addresses.use for assigning a static external IP address to an instance
compute.addresses.useInternal for assigning a static internal IP address to an instance
compute.addresses.delete for deleting static IP addresses on permanent instance deletion
compute.subnetworks.use for creating static external IP addresses
compute.subnetworks.useInternal for creating static internal IP addresses
Compute Network User (roles/compute.networkUser) role to either the whole host project or select subnets of its Shared VPC networks for creating VM instances with static IP addresses in Shared VPC networks or subnets that belong to the host project

Console

In the Google Cloud console, go to theInstance groups page.
Go to Instance groups
Select your project and clickContinue.
ClickCreate instance group.
SelectNew managed instance group (stateful).
Specify aName for the instance group.
Select anInstance template.
UnderNumber of instances, specify the number of instances that youwant to include in the managed instance group.
UnderStateful configuration, expand the External IP and the InternalIP sections to configure those IP address types as stateful.
1. ForStateful, selectYes.
2. In theOn permanent instance deletion list, select theaction to perform on the stateful IP address when the VM instance isdeleted. The available options are:
  - Detach IP: (Default.) Unassign the address on instance deletionand keep the address reserved.
  - Delete IP: Delete the static IP address reservation when aninstance is permanently deleted from the instance group—forexample, when you delete an instance manually or decrease thegroup's size.
3. After you finish the stateful configuration, clickDone.
ClickCreate.

gcloud

When creating a MIG, to specify which IP addresses in network interfacesfrom the instance template should be stateful, use one or multiple of thefollowing flags with thegcloud compute instance-groups managed create command:

--stateful-internal-ip to mark an internal IP address of a givennetwork interface as stateful.
--stateful-external-ip to mark an external IP address of a givennetwork interface as stateful.

gcloud compute instance-groups managed createINSTANCE_GROUP_NAME \    --templateINSTANCE_TEMPLATE \    --sizeSIZE \    --instance-redistribution-type NONE \    --stateful-internal-ip [enabled | interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    --stateful-external-ip [enabled | interface-name=NI_NAME][,auto-delete=DELETE_RULE]

Replace the following:

INSTANCE_GROUP_NAME: The name of the MIGto create.
INSTANCE_TEMPLATE: The name of the instance template touse when creating new instances.
SIZE: The initial number of instances you need in this group.
NI_NAME: (Optional.) Network interface name. If not provided,then theenabled option is required and the primary network interfacenamednic0 is assumed by default. If you have multiple networkinterfaces, you can specify this flag for each IP in eachnetwork interface.
DELETE_RULE: (Optional.) Prescribes what should happen to theassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- never: (Default.) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- on-permanent-instance-deletion: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.

Example

You need to create a regional group of VM instances with static internal IPaddresses for the default and custom networks and static external IP addressesonly for the default network. You want the addresses to be assignedautomatically, but need them to be preserved through instance autohealing,updates, and recreation events. You store instance configuration in aninstance template namednode-template.

To create the group, run the following command:

gcloud compute instance-groups managed create example-group \    --region us-east1 \    --template node-template \    --base-instance-name node \    --instance-redistribution-type NONE \    --size 3 \    --stateful-internal-ip interface-name=nic0,auto-delete=on-permanent-instance-deletion    --stateful-internal-ip interface-name=nic1,auto-delete=on-permanent-instance-deletion    --stateful-external-ip enabled,auto-delete=on-permanent-instance-deletion

The internal IPs within thenic0 andnic1 network interfaces and theexternal IP within thenic0 network interface are configured as statefulfor all instances in the group. The group automatically reserves staticinternal and external IP addresses for each instance. Because theauto-delete flagis set toon-permanent-instance-deletion, the group will automaticallydelete the static IP address reservations when you delete the associatedinstances or the whole group.

To verify that the internal IPs within thenic0 andnic1 networkinterfaces and the external IP within thenic0 network interface areconfigured as stateful, run the following command:

gcloud compute instance-groups managed describe example-group \    --zone us-east1-c

The output resembles the following:

baseInstanceName: node...name: example-group...statefulPolicy:  preservedState:    internalIPs:      nic0:        autoDelete: ON_PERMANENT_INSTANCE_DELETION      nic1:        autoDelete: ON_PERMANENT_INSTANCE_DELETION    externalIPs:      nic0:        autoDelete: ON_PERMANENT_INSTANCE_DELETION...

You can see that the group's stateful policy declares internal IPs withinthenic0 andnic1 network interfaces and external IPs within thenic0network interface as stateful with the rule to delete static IPreservations on permanent instance deletion.

Terraform

If you haven't already created an instance template, which specifies themachine type, boot disk image, network, and other VM properties that youwant for each VM in your MIG,create an instance template.

When creating a MIG, to specify which IP addresses within network interfacesfrom the instance template should be stateful, use one or multiple of thefollowing blocks:

stateful_internal_ip to mark an internal IP address of a given networkinterface as stateful.
stateful_external_ip to mark an external IP address of a given networkinterface as stateful.

The following sample configures stateful IP addresses when creating a regionalMIG. For more information about theresource used in the sample, seegoogle_compute_region_instance_group_managerresource.

resource "google_compute_region_instance_group_manager" "default" {  name               = "example-group"  base_instance_name = "node"  target_size        = 3  region             = "us-east1"  version {    instance_template = google_compute_instance_template.default.id    name              = "primary"  }  update_policy {    type                         = "OPPORTUNISTIC"    minimal_action               = "REFRESH"    instance_redistribution_type = "NONE"    max_unavailable_fixed        = 3  }  stateful_internal_ip {    interface_name = "nic0"    delete_rule    = "ON_PERMANENT_INSTANCE_DELETION"  }  stateful_internal_ip {    interface_name = "nic1"    delete_rule    = "ON_PERMANENT_INSTANCE_DELETION"  }  stateful_external_ip {    interface_name = "nic0"    delete_rule    = "ON_PERMANENT_INSTANCE_DELETION"  }}

To learn how to apply or remove a Terraform configuration, seeBasic Terraform commands.

REST

When creating a MIG, to specify which IP addresses within network interfacesfrom the instance template should be stateful, include them in thestatefulPolicy field in the request body of theinstanceGroupManagers.insert orregionInstanceGroupManagers.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/instanceGroupManagers{  "name": "INSTANCE_GROUP_NAME",  "versions": [    {      "instanceTemplate": "global/instanceTemplates/INSTANCE_TEMPLATE"    }  ],  "targetSize":SIZE,  "statefulPolicy": {    "preservedState": {      "internalIPs": {        "NI_NAME": {"autoDelete": "DELETE_RULE" }      },      "externalIPs": {        "NI_NAME": {"autoDelete": "DELETE_RULE" }      }    }  },  "updatePolicy": {    "instanceRedistributionType": "NONE"  }}

Replace the following:

PROJECT: The project ID for the request.
REGION: For regional MIGs, theregion where the group islocated. For zonal MIGs, replaceregions/REGION withzones/ZONEand specify the zone where the MIG is located.
NAME: The name of the MIG to create.
INSTANCE_TEMPLATE: The name of the instance template to usewhen creating new instances.
SIZE: The initial number of instances you need in this group.
NI_NAME: (Optional.) Network interface name. If not provided,then theenabled option is required and the primary network interfacenamednic0 is assumed by default. If you have multiple networkinterfaces, you can specify multipleNI_NAMES.
DELETE_RULE: (Optional) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- NEVER: (Default) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- ON_PERMANENT_INSTANCE_DELETION: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.

Example

You need to create a regional group of VM instances with static internal IPaddresses for the default and custom networks and static external IPaddresses only for the default network. You want the addresses to be assignedautomatically, but need them to be preserved through instance autohealing,updates, and recreation events. You store instance configuration in aninstance template namednode-template.

To create the group, use theregionInstanceGroupManagers.insert method:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers{  "name": "example-group",  "baseInstanceName": "node",  "versions": [    {      "instanceTemplate": "global/instanceTemplates/node-template"    }  ],  "targetSize": 3,  "statefulPolicy": {    "preservedState": {      "internalIPs": {        "nic0": {"autoDelete": "ON_PERMANENT_INSTANCE_DELETION" },        "nic1": {"autoDelete": "ON_PERMANENT_INSTANCE_DELETION" }      }      "externalIPs": {        "nic0": {"autoDelete": "ON_PERMANENT_INSTANCE_DELETION" }      }    }  },  "updatePolicy": {    "instanceRedistributionType": "NONE"  }}

The internal IPs within thenic0 andnic1 network interfaces and theexternal IPs within thenic0 network interface are configured as statefulfor all instances in the group. The group automatically reserves staticinternal and external IP addresses for each instance. Because theauto-delete field is settoON_PERMANENT_INSTANCE_DELETION, the group will automatically delete thestatic IP address reservations when you delete associated instances or thewhole group.

Use theregionInstanceGroupManagers.get method to verify that the internal IPs within thenic0 andnic1 networkinterfaces and external IPs within thenic0 network interface areconfigured in the stateful policy of the newregionInstanceGroupManagersresource:

GET https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/example-group

The response contains the configured stateful policy:

{  "name": "example-group",  "baseInstanceName": "node",  ...  "statefulPolicy": {    "preservedState": {      "internalIPs": {        "nic0": {"autoDelete": "ON_PERMANENT_INSTANCE_DELETION" },        "nic1": {"autoDelete": "ON_PERMANENT_INSTANCE_DELETION" }      }      "externalIPs": {        "nic0": {"autoDelete": "ON_PERMANENT_INSTANCE_DELETION" }      }    }  }  ...}

You can see that the group's stateful policy declares internal IPs withinthenic0 andnic1 network interfaces and external IPs within thenic0 network interface as stateful with the rule to delete the associated staticIP address reservations on permanent instance deletion.

Setting and updating stateful configuration for IP addresses in existing MIG

If you run a workload on a stateless MIG (a MIG without any statefulconfiguration) and the workload requires static IP addresses, you can configureIP addresses already assigned to the managed VM instances to become stateful.This ensures that the IP addresses of your existing VMs are preserved oninstance autohealing, updates, and recreation events. You can optionally keepthe static IP address reservations after the instances have been deleted.

By configuring a stateful policy for IP addresses in an existing MIG, you can dothe following:

Configure IP addresses as stateful for all existing and future instances inthe group. This promotes the corresponding ephemeral IP addresses of allexisting instances to static IP addresses.
Update the existing stateful configuration for IP addresses.

The MIG applies the updated configuration in the stateful policy automaticallyand asynchronously to all instances. Updates to IP address configurations in astateful policy don't disrupt running VM instances. To learn more, read aboutapplying stateful policy updates.

Permissions required for this task

To perform this task, you must have the followingpermissions:

For zonal MIGs, all permissions required to call theinstanceGroupManagers.patch method
For regional MIGs, all permissions required to call theregionInstanceGroupManagers.patch method

If you need to create a custom role, the following permissions are required for managing stateful network interfaces:

compute.addresses.create for creating static external IP addresses
compute.addresses.createInternal for creating static internal IP addresses
compute.addresses.use for assigning a static external IP address to an instance
compute.addresses.useInternal for assigning a static internal IP address to an instance
compute.addresses.delete for deleting static IP addresses on permanent instance deletion
compute.subnetworks.use for creating static external IP addresses
compute.subnetworks.useInternal for creating static internal IP addresses
Compute Network User (roles/compute.networkUser) role to either the whole host project or select subnets of its Shared VPC networks for creating VM instances with static IP addresses in Shared VPC networks or subnets that belong to the host project

Console

In the Google Cloud console, go to theInstance groups page.
Go to Instance groups
Click the name of the instance group for which you want to specifystateful IP addresses.
ClickEdit to modify the managed instance group.
ClickStateful & per-instance configuration to expand the section.
In theGroup config section, click theExternal IP and theInternal IP that you want to make stateful.
1. ForStateful, selectYes.
2. In theOn permanent instance deletion list, select theaction to perform on the stateful IP address when the VM instance isdeleted. The available options are:
  - Detach IP: (Default.) Unassign the address on instance deletionand keep the address reserved.
  - Delete IP: Delete the static IP address reservation when aninstance is permanently deleted from the instance group—for example, when you delete an instance manually or decreasethe group's size.
3. After you update the stateful configuration, clickDone.
4. ClickSave to complete the update.

gcloud

To specify which IP addresses should be stateful or to update the statefulIP configuration for an existing MIG, use one or multiple--stateful-internal-ip or--stateful-external-ip flags with thegcloud compute instance-groups managed update command.

gcloud compute instance-groups managed updateINSTANCE_GROUP_NAME \    --stateful-internal-ip [enabled | interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    --stateful-external-ip [enabled | interface-name=NI_NAME][,auto-delete=DELETE_RULE]

Replace the following:

INSTANCE_GROUP_NAME: The name of the MIGto update.
NI_NAME: (Optional.) Network interface name. If not provided,then theenabled option is required and the primary network interfacenamednic0 is assumed by default. If you have multiple networkinterfaces, you can specify this flag for each IP in eachnetwork interface.
DELETE_RULE: (Optional.) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- never: (Default.) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- on-permanent-instance-deletion: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.

If a specified IP address is already configured in the stateful policy for agiven network interface, the command updates the configuration.

Example

You need to expose a file server, running on a stateful MIG namedexample-fs-group, to external users through static external IP addresses.The instances in the group have ephemeral external IP addresses.You must make sure that the IP addresses are preserved on instanceautohealing and updates so that external users have continuous access to theservers through the published IP addresses. You also need to keep the IPaddresses reserved for continuity in the event of unintended group deletion.

Update the MIG to define the external IP addresses as stateful by using thefollowing command:

gcloud compute instance-groups managed update example-fs-group \    --stateful-external-ip enabled

As a result, the group promotes ephemeral external IP addresses within thenic0 network interface to static IP addresses for all managed instancesasynchronously.

The external IP addresses are now preserved on instance autohealing, update,and recreation events. The associated static IP address reservations areunassigned and preserved on instance deletion because the unspecifiedauto-delete rule is set tonever by default.

You can verify that the stateful external IP is configured in the statefulpolicy by running thegcloud compute instance-groups managed describe example-fs-group command.

REST

To specify which IP addresses should be stateful or to update the statefulIP configuration for an existing MIG, use theinstanceGroupManagers.patch orregionInstanceGroupManagers.patch method:

PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/instanceGroupManagers/INSTANCE_GROUP_NAME{  "statefulPolicy": {    "preservedState": {      "internalIPs": {        "NI_NAME": {"autoDelete": "DELETE_RULE" }      },      "externalIPs": {        "NI_NAME": {"autoDelete": "DELETE_RULE" }      }    }  }}

Replace the following:

PROJECT: The project ID for the request.
REGION: For regional MIGs, theregion where the group islocated. For zonal MIGs, replaceregions/REGION withzones/ZONEand specify the zone where the MIG is located.
NAME: The name of the MIG to create.
NI_NAME: (Required) Network interface name. The primarynetwork interface is namednic0. If you have multiple networkinterfaces, you can specify multipleNI_NAMES.
DELETE_RULE: (Optional) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- NEVER: (Default) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- ON_PERMANENT_INSTANCE_DELETION: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.

If a specified IP address is already configured in the stateful policy, themethod patches the configuration.

Example

You need to expose a file server, running on a stateful MIG namedexample-fs-group, to external users through static external IP addresses.The instances in the group have ephemeral external IP addresses.You must make sure that the IP addresses are preserved on instanceautohealing and updates so that external users have continuous access to theservers through the published network interface. You also need to keep theIP addresses reserved for continuity in the event of unintended groupdeletion.

Patch the MIG to define the external IP addresses as stateful:

PATCH https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/example-fs-group{  "statefulPolicy": {    "preservedState": {      "externalIPs": {        "nic0": {"autoDelete": "NEVER" }      }    }  }}

As a result, the group promotes ephemeral external IP addresses within thenic0 network interface to static IP addresses for all managed instancesasynchronously.

The external IP addresses are now preserved on instance autohealing, update,and recreation events. The associated static IP address reservations will beunassigned and preserved on instance deletion because theautoDelete ruleis set toNEVER.

Verify that the external IP address is configured in the stateful policy byviewing theregionInstanceGroupManagers resource, returned by theregionInstanceGroupManagers.get method.

Declaring previously stateful IP addresses as stateless

You might need to configure a stateful IP address to become ephemeral–forexample, for the following reasons:

You rearchitect your app to no longer rely on static IP addresses.
You configured the IP to be stateful by mistake and would like to revert it.

You can remove stateful IP configuration from the group's stateful policy todeclare an IP address within a given network interface as ephemeral for allmanaged instances.

Note: If stateful IP configuration for the same network interface is present ina per-instance configuration, the IP address remain stateful for an associatedinstance even if you remove its configuration from the stateful policy. In suchcase, to make the IP ephemeral, you must also remove the IP addressesconfiguration from the per-instance configuration.

When you remove stateful IP configuration from the stateful policy, the MIGremoves the IP addresses automatically and asynchronously from thepreserved state of all instances in the group. This operation does not disrupt running VMinstances. The IP addresses remain active on the instances, but are no longerstateful. When you recreate or update the instances, or when the instances areautohealed, the MIGunassigns the associated static IP addresses and auto-assigns ephemeral addresses. If youno longer need to keep the static external IP address reservations, you can nowrelease them.

Note: Static IP addresses remain reserved after you remove stateful IPconfiguration from a MIG's stateful policy. Because the stateful configurationhas been removed, the group no longer manages the static IP addresses. If youdon't need to keep the static IP addresses, make sure to releasethe reservations to avoid unnecessarycharges.

To learn more, read the following documents:

Permissions required for this task

To perform this task, you must have the followingpermissions:

For zonal MIGs, all permissions required to call theinstanceGroupManagers.patch method
For regional MIGs, all permissions required to call theregionInstanceGroupManagers.patch method

If you need to create a custom role, the following permissions are required for managing stateful network interfaces:

compute.addresses.create for creating static external IP addresses
compute.addresses.createInternal for creating static internal IP addresses
compute.addresses.use for assigning a static external IP address to an instance
compute.addresses.useInternal for assigning a static internal IP address to an instance
compute.addresses.delete for deleting static IP addresses on permanent instance deletion
compute.subnetworks.use for creating static external IP addresses
compute.subnetworks.useInternal for creating static internal IP addresses
Compute Network User (roles/compute.networkUser) role to either the whole host project or select subnets of its Shared VPC networks for creating VM instances with static IP addresses in Shared VPC networks or subnets that belong to the host project

Console

In the Google Cloud console, go to theInstance groups page.
Go to Instance groups
Click the name of the instance group from which you want to removethe stateful configuration for IP addresses.
ClickEdit to modify the managed instance group.
ClickStateful & per-instance configuration to expand the section.
In theGroup config section, expand theExternal IP and theInternal IP that you want to make stateless.
1. Change theStateful option toNo.
2. ClickDone.
After you make the changes, clickSave.

gcloud

To specify which IP addresses from a MIG's stateful policy to makeephemeral, use the--remove-stateful-internal-ips or--remove-stateful-external-ips flag with thegcloud compute instance-groups managed update command:

gcloud compute instance-groups managed updateINSTANCE_GROUP_NAME \    --remove-stateful-internal-ipsNI_NAME[,NI_NAME,...] \    --remove-stateful-external-ipsNI_NAME[,NI_NAME,...]

Replace the following:

INSTANCE_GROUP_NAME: The name of the MIG to update.
NI_NAME: (Required.) Network interface name. The primarynetwork interface is namednic0. If you've multiple networkinterfaces, you can specify multipleNI_NAMES.

Note: You can see the network interface names of IP addresses that areconfigured in a MIG's stateful policy by running the gcloud compute instance-group managed describe command.

If you need to turn a stateful IP address from the default primary networkinterface namednic0 into an ephemeral IP address, you can also use thefollowing command:

gcloud compute instance-groups managed updateINSTANCE_GROUP_NAME \    --stateful-internal-ip disabled \    --stateful-external-ip disabled

Example

Your application has been exposed to users through published staticexternal IP addresses of the VM instances in a MIG calledexample-group.You have rearchitected your service bydeploying a load balancer in front of the MIG and routing the traffic to the managed VMs through it.You no longer need to maintain the static external IP addresses and wouldlike to make the external IP addresses of the VMs ephemeral.

To make the stateful external IP addresses of the VMs in a MIG ephemeral,run the following command:

gcloud compute instance-groups managed update example-group \    --remove-stateful-external-ips nic0

The MIG removes the static external IP addresses of thenic0 networkinterface automatically and asynchronously from thepreserved state of all instances in the group. The external IP addresses remain active onthe instances, but are no longer stateful. When you recreate or update theinstances, or when the instances are autohealed, the MIGunassigns the associated static IP addresses and auto-assigns ephemeral addresses. Ifyou no longer need to keep the static external IP address reservations, youcan nowrelease them.

REST

To specify which IP addresses from a MIG's stateful policy to makeephemeral, remove each IP's configuration from the MIG's stateful policyusing theinstanceGroupManagers.patch orregionInstanceGroupManagers.patch method:

PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/instanceGroupManagers/INSTANCE_GROUP_NAME{  "statefulPolicy": {    "preservedState": {      "internalIPs": {        "NI_NAME": null      },      "externalIPs": {        "NI_NAME": null      }    }  }}

Replace the following:

PROJECT: The project ID for the request.
REGION: For regional MIGs, theregion where the group islocated. For zonal MIGs, replaceregions/REGION withzones/ZONEand specify the zone where the MIG is located.
INSTANCE_GROUP_NAME: The name of the MIG to create.
NI_NAME: (Required) Network interface name. The primarynetwork interface is namednic0. If you have multiple networkinterfaces, you can specify multipleNI_NAMES.

Note: You can see the network interface names of IP addresses that areconfigured in a MIG's stateful policy by calling the instanceGroupManagers.get orregionInstanceGroupManagers.get method.

Example

Your application has been exposed to users through published static externalIP addresses of the VM instances in a MIG calledexample-group. You haverearchitected your service by deploying a load balancer in front of the MIGand routing the traffic to the managed VMs through it. You no longer need tomaintain the static external IP addresses and would like to make theexternal IP addresses of the VMs ephemeral.

To make the stateful external IP addresses of the VMs in a MIG ephemeral,patch the MIG:

PATCH https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/example-group{  "statefulPolicy": {    "preservedState": {      "externalIPs": {        "nic0": null      }    }  }}

The MIG removes the static external IP addresses of thenic0 networkinterface automatically and asynchronously from thepreserved state of all instances in the group. The external IP addresses remain active onthe instances, but are no longer stateful. When you recreate or update theinstances, or when the instances are autohealed, the MIGunassigns the associated static IP addresses and auto-assigns ephemeral addresses.If you no longer need to keep the static external IP address reservations,you can nowrelease them.

Configuring stateful IP addresses individually for VMs in a MIG

Configuring stateful IP addresses individually for VMs in a MIG is useful in thefollowing scenarios:

Migrating existing workloads (bringing existing reserved static IPaddresses) from standalone VM instances to stateful MIGs in order to benefitfrom autohealing and automated updates.
Assigning specific reserved static IP addresses required by the architectureor workload configuration.

Pro Tip: Where feasible, consider configuring and auto-assigning stateful IP addresses for all VM instances in a MIG, instead of assigning specific IP addresses individually to each instance. Maintaining a group's stateful policy is less work compared to maintaining a set of individual per-instance configurations.

Configuring static IP addresses on VM creation in a MIG

You can reserve and assign static IP addresses to specific instances whenindividually creating those instances in a MIG. This is useful for migrating astateful application from existing standalone VMs to a stateful MIG in asituation when architecture, configuration, or users rely on specific static IPaddresses.

When you manually create an instance in a MIG and supply a static IP address,the MIG performs the following actions:

Creates a staticinternal orexternal IP address reservation for the supplied IP addresses if they don't existyet.
Creates an instance from the instance template using the provided instancename and IP addresses.
Creates aper-instance configuration with the provided stateful configuration for the IP addresses.

Permissions required for this task

To perform this task, you must have the followingpermissions:

For zonal MIGs, all permissions required to call theinstanceGroupManagers.createInstances method
For regional MIGs, all permissions required to call theregionInstanceGroupManagers.createInstances method

If you need to create a custom role, the following permissions are required for managing stateful network interfaces:

compute.addresses.create for creating static external IP addresses
compute.addresses.createInternal for creating static internal IP addresses
compute.addresses.use for assigning a static external IP address to an instance
compute.addresses.useInternal for assigning a static internal IP address to an instance
compute.addresses.delete for deleting static IP addresses on permanent instance deletion
compute.subnetworks.use for creating static external IP addresses
compute.subnetworks.useInternal for creating static internal IP addresses
Compute Network User (roles/compute.networkUser) role to either the whole host project or select subnets of its Shared VPC networks for creating VM instances with static IP addresses in Shared VPC networks or subnets that belong to the host project

gcloud

To create an instance with a predefined static IP address, use thegcloud compute instance-groups managed create-instance commandwith one or multiple of the following flags:

--stateful-internal-ip to set a static internal IP address of agiven network interface.
--stateful-external-ip to set a static external IP address of agiven network interface.

gcloud compute instance-groups managed create-instanceINSTANCE_GROUP_NAME \    --instance INSTANCE_NAME \    --stateful-internal-ip address=ADDRESS[,interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    --stateful-external-ip address=ADDRESS[,interface-name=NI_NAME][,auto-delete=DELETE_RULE]

Replace the following:

INSTANCE_GROUP_NAME: The name of the MIG.
INSTANCE_NAME: The name of the instance to create.
NI_NAME: (Optional.) Network interface name. If not provided,the primary network interface namednic0 is assumed by default. Ifyou've multiple network interfaces, you can specify this flagfor each IP in each network interface.
ADDRESS: (Required.) Static IP address to assign to theinstance in one of the following formats:
- Address. URL of a static IP address reservation–for example:"projects/example-project/regions/us-east1/addresses/example-ip-name".
- Literal–for example:"130.211.181.55".
  - If the provided IP address is not yet reserved, the MIGautomatically creates a corresponding IP address reservation.
  - If the provided IP address is reserved, the MIG assigns thereservation to the instance.
DELETE_RULE: (Optional.) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- never: (Default.) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- on-permanent-instance-deletion: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.

Example

You need to add one more VM instance to your proxy server cluster, runningon a MIG namedproxy-cluster. You have created a static internal IPaddressreservation namedproxy-node-03-ip and need to assign it to the new node. You want tokeep the IP address reservation even if you decide to delete the node in thefuture.

Run the following command to create the node:

gcloud compute instance-groups managed create-instance proxy-cluster \    --instance proxy-node-03 \    --stateful-internal-ip address="projects/example-project/regions/us-east1/addresses/proxy-node-03-ip",auto-delete=never

The command creates an instance namedproxy-node-03, assigns theprovided static internal IP address namedproxy-node-03-ip to theinstance, and stores stateful configuration for the IP in the correspondingper-instance configuration.Because theauto-delete flag is set tonever, the IP remains reserved ifyou delete the instance later.

Terraform

To create a VM with a predefined static IP address, use one or multiple ofthe following blocks:

preserved_state.internal_ip to mark an internal IP address of a givennetwork interface as stateful.
preserved_state.external_ip to mark an external IP address of a givennetwork interface as stateful.

The following sample configures static IP addresses on VM creation in aregional MIG. For more information about theresource used in the sample, seegoogle_compute_region_per_instance_configresource.For a zonal MIG, use thegoogle_compute_per_instance_config resource.

resource "google_compute_region_per_instance_config" "default" {  region_instance_group_manager = google_compute_region_instance_group_manager.default.name  region                        = google_compute_region_instance_group_manager.default.region  name                          = "proxy-node-03-ip"  preserved_state {    internal_ip {      interface_name = "nic0"      auto_delete    = "NEVER"      ip_address {        address = google_compute_address.default.id      }    }  }}

To learn how to apply or remove a Terraform configuration, seeBasic Terraform commands.

REST

To create one or multiple instances in a MIG, set custom instance names, andassign predefined static IP addresses to these instances, use theinstanceGroupManagers.createInstances orregionInstanceGroupManagers.createInstances method.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/instanceGroupManagers/INSTANCE_GROUP_NAME/createInstances{  "instances": [    {      "name": "INSTANCE_NAME",      "preservedState" : {        "internalIPs": {          "NI_NAME" : {            "ipAddress": {              "address": "ADDRESS",              "literal": "LITERAL"            },            "autoDelete": "DELETE_RULE"          },          ...        },        "externalIPs": {          "NI_NAME" : {            "ipAddress": {              "address": "ADDRESS",              "literal": "LITERAL"            },            "autoDelete": "DELETE_RULE"          },          ...        },        ...      }    },    ...  ]}

Replace the following:

PROJECT_ID: The project ID for the request.
NAME: The name of the MIG.
REGION: For regional MIGs, theregion where the group islocated. For zonal MIGs, replaceregions/REGION withzones/ZONEand specify the zone where the MIG is located.
INSTANCE_NAME: The name of the instance to create.
NI_NAME: (Required.) Network interface name. The primarynetwork interface is namednic0. If you have multiple networkinterfaces, you can specify multipleNI_NAMES.
ADDRESS: (Optional.) Static IP address to assign to theinstance in the format of a URL of a static IP address reservation–forexample:"projects/example-project/regions/us-east1/addresses/example-ip-name".You must and can only set one field at a time, eitheraddress orliteral, when assigning a static IP address.
LITERAL: (Optional.) Static IP address to assign to theinstance in the literal format–for example:"130.211.181.55". Youmust and can only set one field at a time, eitheraddress orliteral, when assigning a static IP address.
- If the provided literal IP address is not yet reserved, the MIGautomatically creates a corresponding IP address reservation.
- If the provided literal IP address is reserved, the MIG assigns thereservation to the instance.
DELETE_RULE: (Optional.) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- NEVER: (Default.) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- ON_PERMANENT_INSTANCE_DELETION: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.

Example

Call theregionInstanceGroupManagers.createInstances methodto create an additional instance:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/proxy-cluster/createInstances{  "instances": [    {      "name": "proxy-node-03",      "preservedState" : {        "internalIPs": {          "nic0" : {            "ipAddress": {              "address": "projects/example-project/regions/us-east1/addresses/proxy-node-03-ip"            },            "autoDelete": "NEVER"          }        }      }    }  ]}

The method creates an instance namedproxy-node-03, assigns the providedstatic internal IP address namedproxy-node-03-ip to the instance, andstores stateful configuration for the IP in the correspondingper-instance configuration.Because theautoDelete field is set toNEVER, the IP remains reserved ifyou delete the instance later.

Configuring static IP addresses for an existing VM in a MIG

You can set a predefined static IP address or update the stateful IPconfiguration for a managed instance individually–for example:

Assign a static IP address to an existing instance in a MIG. For staticexternal IPs, this operation requires instance refresh, and for staticinternal IPs, this requires instance recreation.
Update the deletion rule for an already assigned static IP address. Thisoperation can be done without disrupting the running instance.

For an existing instance without an external IP address, for which youconfigure an external stateful IP, the MIG addsaccess configuration to the corresponding network interface with the following default values:

"accessConfigs": [  {    "kind": "compute#accessConfig",    "name": "External Nat",    "natIP": "XX.XX.XX.XX",    "networkTier": "PREMIUM",    "type": "ONE_TO_ONE_NAT"  }]

Note: If you need to promote ephemeral IP addresses to static IP addresses forall instances in an existing MIG, configure the corresponding IP addresses to bestateful for the entire MIGin a stateful policy. The group will then promote the ephemeral IP addresses tostatic for all instances.

If you need to promote the ephemeral IP addressof an individual instance in an existing MIG, specify the literal value of theephemeral IP address (e.g. "130.211.181.55").

Permissions required for this task

To perform this task, you must have the followingpermissions:

For zonal MIGs, all permissions required to call theinstanceGroupManagers.updatePerInstanceConfigs method
For regional MIGs, all permissions required to call theregionInstanceGroupManagers.updatePerInstanceConfigs method

If you need to create a custom role, the following permissions are required for managing stateful network interfaces:

compute.addresses.create for creating static external IP addresses
compute.addresses.createInternal for creating static internal IP addresses
compute.addresses.use for assigning a static external IP address to an instance
compute.addresses.useInternal for assigning a static internal IP address to an instance
compute.addresses.delete for deleting static IP addresses on permanent instance deletion
compute.subnetworks.use for creating static external IP addresses
compute.subnetworks.useInternal for creating static internal IP addresses
Compute Network User (roles/compute.networkUser) role to either the whole host project or select subnets of its Shared VPC networks for creating VM instances with static IP addresses in Shared VPC networks or subnets that belong to the host project

gcloud

To configure a stateful IP address individually for a VM instance in a MIG,add or update stateful IP configuration in the associatedper-instance configuration.

If a per-instance configuration doesn't yet exist for the instance, use thegcloud compute instance-groups managed instance-configs create commandwith one or multiple of the following flags:

--stateful-internal-ip to set a static internal IP address of agiven network interface.
--stateful-external-ip to set a static external IP address of agiven network interface.

gcloud compute instance-groups managed instance-configs createINSTANCE_GROUP_NAME \    --instanceINSTANCE_NAME \    --stateful-internal-ip address=ADDRESS[,interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    --stateful-external-ip address=ADDRESS[,interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    [--no-update-instance | --update-instance]    [--instance-update-minimal-actionMINIMAL_ACTION]

If a per-instance configuration already exists for the instance, use thegcloud compute instance-groups managed instance-configs update commandwith one or multiple--stateful-internal-ip or--stateful-external-ipflags:

gcloud compute instance-groups managed instance-configs updateINSTANCE_GROUP_NAME \    --instanceINSTANCE_NAME \    --stateful-internal-ip address=ADDRESS[,interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    --stateful-external-ip address=ADDRESS[,interface-name=NI_NAME][,auto-delete=DELETE_RULE] \    [--no-update-instance | --update-instance]    [--instance-update-minimal-actionMINIMAL_ACTION]

Replace the following:

INSTANCE_GROUP_NAME: The name of the MIG.
INSTANCE_NAME: The name of the instance for which toconfigure stateful IP addresses.
NI_NAME: (Optional.) Network interface name. If not provided,the primary network interface namednic0 is assumed by default. Ifyou've multiple network interfaces, you can specify this flag for eachIP in each network interface.
ADDRESS: Static IP address to assign to the instance in oneof the following formats:
- Address. URL of a static IP address reservation–for example:"projects/example-project/regions/us-east1/addresses/example-ip-name".
- Literal. For example:"130.211.181.55".
  - If the provided IP address is not yet reserved, the MIGautomatically creates a corresponding IP address reservation.
  - If the provided IP address is reserved, the MIG assigns thereservation to the instance.
- This subflag is optional if the address is already defined in theinstance's per-instance configuration. Otherwise it is required.
- If omitted, the configured address remains unchanged.
DELETE_RULE: (Optional.) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- never: (Default.) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- on-permanent-instance-deletion: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
- If omitted, the default value is set for a new stateful IPconfiguration; the value remains unchanged in an existingconfiguration.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.
--update-instance: (Optional. Default.) Apply the changes immediatelyto the instance. If you use the--no-update-instance flag, the changesremain unapplied and will beapplied when you recreate or apply the update to the instance later.
MINIMAL_ACTION: (Optional.) Perform at least the specifiedaction when applying per-instance configuration update to the instance.Must be used together with--update-instance flag. The value must beone of the following:
- none: No action.
- refresh: Apply updates that are possible to apply withoutstopping the instance.
- restart: Stop the instance and then start it again.
- replace: Recreate the instance.

If omitted, the least disruptive action required by the update is used.

Example

You have a file server instance calledfile-server, which is a singleinstance in a stateful MIG calledfs-group. The group has a correspondingper-instance configuration, where a stateful data disk is configured. Thefile server has only been accessible internally, but now you have users whoneed to access it externally through a static IP address. You have reservedthe static external IP by creatingfile-server-ip address reservation. Nowyou need to assign this IP to the file server instance.

Run the following command to configure the stateful external IP for thefile server instance:

gcloud compute instance-groups managed instance-configs update fs-group \    --instance file-server \    --stateful-external-ip interface-name=nic0,address="projects/example-project/regions/us-east1/addresses/file-server-ip",auto-delete=never \    --update-instance

The command does the following:

Updates the per-instance configuration for thefile-server instance:
1. Adds stateful external IP configuration, pointing tothefile-server-ip address reservation.
2. Keeps the existing stateful data disk configuration unchanged.
Applies the per-instance configuration update to thefile-serverinstance immediately because the--update-instance flag is included:refreshes the instance and assigns the static external IP address fromfile-server-ip reservation.

REST

To configure stateful IPs individually for VM instances in a MIG, add orupdate the stateful IP configuration in the associated per-instanceconfigurations.

If per-instance configurations don't yet exist for the given instances, usetheinstanceGroupManagers.updatePerInstanceConfigs method orregionInstanceGroupManagers.updatePerInstanceConfigs method with stateful configuration for one or multiple IP addresses:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/instanceGroupManagers/INSTANCE_GROUP_NAME/updatePerInstanceConfigs{  "perInstanceConfigs": [    {      "name": "INSTANCE_NAME",      "preservedState" : {        "internalIPs": {          "NI_NAME" : {            "ipAddress": {              "address": "ADDRESS",              "literal": "LITERAL"            },            "autoDelete": "DELETE_RULE"          },          ...        },        "externalIPs": {          "NI_NAME" : {            "ipAddress": {              "address": "ADDRESS",              "literal": "LITERAL"            },            "autoDelete": "DELETE_RULE"          },          ...        },        ...      },      "fingerprint: "FINGERPRINT"    },    ...  ]}

Note: While you can use theupdatePerInstanceConfigs method for updatingexisting per-instance configurations, this method fully replaces thespecified per-instance configurations with new values. We recommend youuse thepatchPerInstanceConfigs method to update existingper-instance configurations, as patching keeps the omitted configurationunchanged and prevents the risk of accidental deletion of stateful itemsor reset of any values to defaults.

If per-instance configurations already exist for the given instances, usethe instanceGroupManagers.patchPerInstanceConfigs method orregionInstanceGroupManagers.patchPerInstanceConfigs method with stateful configuration for one or multiple IP addresses:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/instanceGroupManagers/INSTANCE_GROUP_NAME/patchPerInstanceConfigs{  "perInstanceConfigs": [    {      "name": "INSTANCE_NAME",      "preservedState" : {        "internalIPs": {          "NI_NAME" : {            "ipAddress": {              "address": "ADDRESS",              "literal": "LITERAL"            },            "autoDelete": "DELETE_RULE"          },          ...        },        "externalIPs": {          "NI_NAME" : {            "ipAddress": {              "address": "ADDRESS",              "literal": "LITERAL"            },            "autoDelete": "DELETE_RULE"          },          ...        },        ...      },      "fingerprint: "FINGERPRINT"    },    ...  ]}

Replace the following:

PROJECT_ID: The project ID for the request.
NAME: The name of the MIG.
REGION: For regional MIGs, theregion where the group islocated. For zonal MIGs, replaceregions/REGION withzones/ZONEand specify the zone where the MIG is located.
INSTANCE_NAME: (Required.) The name of the instance forwhich to configure stateful IPs.
NI_NAME: (Required.) Network interface name. The primarynetwork interface is namednic0. If you have multiple networkinterfaces, you can specify multipleNI_NAMES.
ADDRESS: (Optional.) Static IP address to assign to theinstance in the format of a URL of a static IP address reservation–forexample:"projects/example-project/regions/us-east1/addresses/example-ip-name".You must and can only set one field at a time, either address or literal,when assigning a static IP address.
LITERAL: (Optional.) Static IP address to assign to theinstance in the literal format. For example:"130.211.181.55". You mustand can only set one field at a time, either address or literal, whenassigning a static IP address.
- If the provided literal IP address is not yet reserved, the MIGautomatically creates a corresponding IP address reservation.
- If the provided literal IP address is reserved, the MIG assigns thereservation to the instance.
DELETE_RULE: (Optional.) Prescribes what should happen to anassociated staticAddress resource when a VM instance is permanently deleted. The availableoptions are as follows:
- NEVER: (Default.) Never delete the static IP address. Instead,unassign the address on instance deletion and keep the addressreserved.
- ON_PERMANENT_INSTANCE_DELETION: Delete the static IP addressreservation when an instance is permanently deleted from theinstance group–for example, when you delete an instance manually ordecrease the group's size.
- If omitted, the default value is set for a new stateful IPconfiguration; the value remains unchanged in an existingconfiguration.
Regardless of the value of the delete rule, the group always preservesstateful IP addresses on instance autohealing, update, and recreationoperations.
FINGERPRINT: (Optional.) The fingerprint for the givenconfiguration if it already exists. Used for optimistic locking. Theoperation fails if the fingerprint is different than provided, as itindicates that the per-instance configuration was changed since it waslast read. To see the latest fingerprint, see the output of thelistPerInstanceConfigs method for aregional orzonal MIG. Iffingerprint is omitted, the operation proceeds withoutfingerprint comparison.

TheupdatePerInstanceConfigs andpatchPerInstanceConfigs methods updatethe specified per-instance configurations but don't apply the configurationupdates to the associated managed instances. The changes are applied to aninstance when the MIG is instructed to recreate or update the instance. Youcanapply the update manually to apply the changes to an instance.

Example

To update the per-instance configuration forfile-server with the newstateful external IP, call thepatchPerInstanceConfigs method:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/fs-group/patchPerInstanceConfigs{  "perInstanceConfigs": [    {      "name": "file-server",      "preservedState" : {        "externalIPs": {          "nic0" : {            "ipAddress": {              "address": "projects/example-project/regions/us-east1/addresses/file-server-ip"            },            "autoDelete": "NEVER"          }        }      }    }  ]}

The method patches the per-instance configuration forfile-serverinstance:

Adds stateful external IP configuration, pointing to thefile-server-ip address reservation.
Keeps the existing stateful data disk configuration unchanged.

The configuration update is not yet applied to thefile-server VMinstance. The MIG will apply the configuration update when you recreate orapply the update to the instance later.

To apply the per-instance configuration update tofile-server VM instance,call theregionInstanceGroupManagers.applyUpdatesToInstances method for the instance:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/gs-group/applyUpdatesToInstances{  "instances": ["/zones/us-east1-b/instances/file-server"]}

The method assigns the configured static external IP address fromfile-server-ip reservation to the managed instance. The method refreshesthefile-server instance to assign an external IP address.

BecauseautoDelete is set toNEVER in the stateful IP configuration, theIP will remain reserved if you delete the instance later.

Disassociating static IP addresses from an existing VM in a MIG

You might need to disassociate a static IP address from an existing VM, makingthe network interface ephemeral for the VM. This is useful in the followingscenarios:

You rearchitect your app to no longer rely on static IP addresses.
You configured the IP to be stateful by mistake and would like to revert it.

You can disassociate a static IP address from an existing VM in MIG and make theIP address ephemeral for an individual VM by removing the IP's statefulconfiguration from the associated per-instance configuration ordeleting the entire per-instance configuration if it doesn't contain any other state.Applying the change has the following effects:

The IP address remains active on the instance, but is no longer stateful.
When you recreate or update the instance, or when the instance isautohealed, the MIGunassigns the associated static IP address reservation and auto-assigns an ephemeraladdress.
After having been unassigned, the static IP address remains reserved.

Note: If stateful IP configuration for the same network interface is present inthe group's stateful policy, the IP address remains stateful for the instanceeven if you remove its configuration from the per-instance configuration. Insuch a case, you should also remove the IP addresses configuration from thestateful policy to make the IP ephemeral.

Removing a stateful IP configuration from a per-instance configuration does notdisrupt running VM instances, unless you explicitly choose to do so.

To learn more, see the following documents:

Permissions required for this task

To perform this task, you must have the followingpermissions:

For zonal MIGs, all permissions required to call theinstanceGroupManagers.patchPerInstanceConfigs method
For regional MIGs, all permissions required to call theregionInstanceGroupManagers.patchPerInstanceConfigs method

If you need to create a custom role, the following permissions are required for managing stateful network interfaces:

compute.addresses.create for creating static external IP addresses
compute.addresses.createInternal for creating static internal IP addresses
compute.addresses.use for assigning a static external IP address to an instance
compute.addresses.useInternal for assigning a static internal IP address to an instance
compute.addresses.delete for deleting static IP addresses on permanent instance deletion
compute.subnetworks.use for creating static external IP addresses
compute.subnetworks.useInternal for creating static internal IP addresses
Compute Network User (roles/compute.networkUser) role to either the whole host project or select subnets of its Shared VPC networks for creating VM instances with static IP addresses in Shared VPC networks or subnets that belong to the host project

gcloud

To remove a stateful IP configuration from the associated per-instanceconfiguration, use thegcloud compute instance-groups managed instance-configs update command with the--remove-stateful-internal-ips or--remove-stateful-external-ips flags:

gcloud compute instance-groups managed instance-configs updateINSTANCE_GROUP_NAME \    --instanceINSTANCE_NAME \    --remove-stateful-internal-ipsNI_NAME[,NI_NAME,...] \    --remove-stateful-external-ipsNI_NAME[,NI_NAME,...]    [--no-update-instance | --update-instance] \    [--instance-update-minimal-actionMINIMAL_ACTION]

Replace the following:

INSTANCE_GROUP_NAME: The name of the MIG.
INSTANCE_NAME: (Required.) The name of the instance forwhich to remove stateful IP configuration.
NI_NAME: (Required.) Network interface name. The primarynetwork interface is namednic0. If you've multiple networkinterfaces, you can specify multipleNI_NAMES.
--update-instance: (Optional. Default.) Apply the changes immediatelyto the instance. If you use the--no-update-instance flag, the changesremain unapplied and will beapplied when you recreate or apply the update to the instance later.
MINIMAL_ACTION: (Optional.) Perform at least the specifiedaction when applying per-instance configuration update to the instance.This flag can only be used together with--update-instance flag. Thevalue must be one of the following:
- none: No action.
- refresh: Apply updates that are possible to apply without stopping the instance.
- restart: Stop the instance and then start it again.
- replace: Recreate the instance.
If omitted, the least disruptive action required by the update is used.

Example

Your application has been exposed to users through specific published staticexternal IP addresses of the VM instances in a MIG calledexample-group.You have rearchitected your service by deploying a load balancer in front ofthe MIG and routing the traffic to the managed VMs through it. You no longerneed to maintain the static external IP addresses and would like to makethe external IP addresses of the VMs ephemeral.

To make the stateful external IP addresses of the VMs in a MIG ephemeral,run the following command for each instance, for example, fornode-1:

gcloud compute instance-groups managed instance-configs update example-group \    --instance node-1 \    --remove-stateful-external-ips nic0 \    --update-instance

The command does the following:

Removes stateful configuration for the external IP address withinthenic0 network interface from the per-instance configuration fornode-1.
Applies the per-instance configuration update tonode-1 VM instanceimmediately because the--update-instance flag is included. The VMinstance is not disrupted and keeps serving from the same IP, which isno longer stateful. The MIG removes the reference to static IPreservation from the managed instance'spreservedStateFromConfig andtreats the external IP address as ephemeral. The MIG will auto-assignan external IP on subsequent instance recreation, update, orautohealing events.
After having beenunassigned,the original static IP remains reserved. You canrelease the IP if you no longer need it.

REST

To remove a stateful IP configuration from the associated per-instanceconfiguration, use theinstanceGroupManagers.patchPerInstanceConfigs method orregionInstanceGroupManagers.patchPerInstanceConfigs method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/instanceGroupManagers/INSTANCE_GROUP_NAME/patchPerInstanceConfigs{  "perInstanceConfigs": [    {      "name": "INSTANCE_NAME",      "preservedState" : {        "internalIPs": {          "NI_NAME" : null        },        "externalIPs": {          "NI_NAME" : null        }      },      "fingerprint: "FINGERPRINT"    },    ...  ]}

Replace the following:

PROJECT_ID: The project ID for the request.
NAME: The name of the MIG.
REGION: For regional MIGs, theregion where the group islocated. For zonal MIGs, replaceregions/REGION withzones/ZONEand specify the zone where the MIG is located.
INSTANCE_NAME: (Required.) The name of the instance forwhich to remove stateful IP configuration.
NI_NAME: (Required.) Network interface name. The primarynetwork interface is namednic0. If you have multiple networkinterfaces, you can specify multipleNI_NAMES.
FINGERPRINT: (Optional.) The fingerprint for the givenconfiguration if it already exists. Used for optimistic locking. Theoperation fails if the fingerprint is different than provided, as itindicates that the per-instance configuration was changed since it waslast read. To see the latest fingerprint, see the output of thelistPerInstanceConfigs method for aregional orzonal MIG. Iffingerprint is omitted, the operation proceeds withoutfingerprint comparison.

ThepatchPerInstanceConfigs method updates the specified per-instanceconfigurations but does not apply the configuration updates to theassociated managed instances. The changes are applied to an instance whenthe MIG is instructed to recreate or update the instance. You canapply the update manually to apply the changes to an instance.

Example

Your application has been exposed to users through specific publishedstatic external IP addresses of the VM instances in a MIG calledexample-group. You have rearchitected your service by deploying aload balancer in front of the MIG and routing the traffic to the managedVMs through it. You no longer need to maintain the static external IPaddresses and would like to make the external IP addresses of the VMsephemeral.

To make the stateful external IP addresses of the VMs in a MIG ephemeral,run the following method for each instance, for example, fornode-1,and providenull value to the network interface's stateful configuration:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/example-group/patchPerInstanceConfigs{  "perInstanceConfigs": [    {      "name": "node-1",      "preservedState" : {        "externalIPs": {          "nic0" : null        }      }    }  ]}

The method removes configuration for the stateful IP address withinnic0network interface from the per-instance configuration fornode-1. Theconfiguration update is not yet applied to thenode-1 VM instance. The MIGapplies the configuration update on the next instance recreation or update.

To apply the per-instance configuration update to thenode-1 VM instance,run theregionInstanceGroupManagers.applyUpdatesToInstances method for the instance:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-east1/instanceGroupManagers/example-group/applyUpdatesToInstances{  "instances": ["/zones/us-east1-c/instances/node-1"]}

The MIG removes the reference to static IP reservation from thepreservedStateFromConfig field for thenode-1 instance and treats theIP address as ephemeral. The MIG will auto-assign an external IP onsubsequent instance recreation, update, or autohealing events.

After having beenunassigned,the original static IP remains reserved. You canrelease the IP if you no longer need it.

Removing stateful configuration

To remove configuration from a stateful policy for all VMs in a MIG, see thefollowing documents:

To only remove stateful IP addresses, seeDeclaring previously stateful IP addresses as stateless.
To remove all stateful configuration from a stateful policy, seeRemoving a stateful policy.

To remove configuration from a per-instance configuration for a specificVM in a MIG, see the following documents:

To only remove stateful IP addresses, seeDisassociating a static IP address from an existing VM in a MIG.
To remove all stateful configuration from a per-instance configuration, seeRemoving stateful configuration for a specific VM.

Cleaning up unused static IP addresses

When configuring stateful IP address for managed instances in a group, you canchoose whether to release the associated static IP address reservations manuallyor automatically when an instance ispermanently deleted:

To release static IP address reservations automatically on permanentinstance deletion, set theautoDelete parameter toON_PERMANENT_INSTANCE_DELETION.
To release static IP address reservations manually, set theautoDeleteparameter toNEVER. To clean up unused static IP address reservations, forexample, in order to avoid unnecessarycharges,see the following documents:
- Delete a static internal IP address
- Release a static external IP address

If you have instructed the MIG to never delete the associated IP reservations,the static IP addresses remain reserved after the corresponding instances orthe MIG ceases to exist.

Feedback

We want to learn about your use cases, challenges, and feedback about statefulMIGs. You can share your feedback with our team atmig-discuss@google.com.

What's next

Learn aboutapplying, viewing, and removingstateful configuration.
Get info abouta specific MIG and its managed instances, including VM status and properties.
Learn more aboutworking with managed instances.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.

Movatterモバイル変換

Configuring stateful IP addresses in MIGs Stay organized with collections Save and categorize content based on your preferences.

Before you begin

Console

gcloud

Terraform

REST

Limitations

Pricing

When to use stateful IP addresses

Configuring stateful IP addresses for all VMs in a group

Configuring stateful IP addresses on MIG creation

Permissions required for this task

Console

gcloud

Terraform

REST

Setting and updating stateful configuration for IP addresses in existing MIG

Permissions required for this task

Console

gcloud

REST

Declaring previously stateful IP addresses as stateless

Permissions required for this task

Console

gcloud

REST

Configuring stateful IP addresses individually for VMs in a MIG

Configuring static IP addresses on VM creation in a MIG

Permissions required for this task

gcloud

Terraform

REST

Configuring static IP addresses for an existing VM in a MIG

Permissions required for this task

gcloud

REST

Disassociating static IP addresses from an existing VM in a MIG

Permissions required for this task

gcloud

REST

Removing stateful configuration

Cleaning up unused static IP addresses

Feedback

What's next

Configuring stateful IP addresses in MIGs