🕵️ GCP Forgotten Resource Detective

A comprehensive PowerShell script designed to identify and analyze Google Cloud resources that may be forgotten, unused, or misconfigured, potentially leading to unnecessary costs.

Overview

The GCP Forgotten Resource Detective is a comprehensive PowerShell script designed to identify and analyze Google Cloud resources that may be forgotten, unused, or misconfigured, potentially leading to unnecessary costs. This tool is part of the "FinOps for Everyone" series and helps organizations optimize their GCP spending by detecting orphaned resources and suspicious patterns.

Features

Resource Detection Capabilities

Orphaned Persistent Disks

Unattached disks consuming storage costs

Unattached Static IPs

Reserved public IPs not associated with any resource

Suspicious Firewall Rules

Rules with test/temp naming patterns

Empty Load Balancers

Backend services with no instances

Old Snapshots & Images

Aging snapshots and custom images

Unused Service Accounts

Service accounts with suspicious naming patterns

Cloud SQL Analysis

Identify potentially underutilized databases

Cloud Functions Review

Detect rarely invoked or test functions

Cost Analysis

  • Estimates monthly costs for identified resources
  • Calculates potential savings from cleanup activities
  • Provides cost impact assessments (High/Medium/Low)

Reporting

  • HTML Report: Rich, interactive report with visual styling and actionable insights
  • CSV Export: Structured data export for further analysis
  • Console Summary: Real-time progress and summary information

Prerequisites

System Requirements

  • PowerShell: Version 5.1 or later
  • Google Cloud SDK: Latest version installed and configured
  • GCP Authentication: User must be logged in with gcloud auth login

Required Permissions

  • Viewer: Access to project resources
  • Billing Viewer: For cost analysis (optional but recommended)

Google Cloud SDK Setup

# Install Google Cloud SDK (if not already installed)
# Download from: https://cloud.google.com/sdk/docs/install

# Login to Google Cloud
gcloud auth login

# Verify access to project
gcloud config get-value project

Usage

Basic Syntax

.\gcp-forgotten-resources-detector.ps1 -ProjectId "<project-id>"

Parameters

ParameterTypeRequiredDefaultDescription
ProjectIdString✅ Yes-GCP project ID to analyze
RegionString❌ No""Specific region to analyze (empty for all regions)
DaysThresholdInteger❌ No30Age threshold for resource analysis (days)
OutputPathString❌ Noforgotten-resources-report.htmlPath for HTML report output
CsvOutputPathString❌ Noforgotten-resources-report.csvPath for CSV export

Example Usage

Basic Analysis

# Analyze project with default settings
.\gcp-forgotten-resources-detector.ps1 -ProjectId "my-production-project"

Region-Specific Analysis

# Analyze resources in a specific region
.\gcp-forgotten-resources-detector.ps1 \
    -ProjectId "my-project" \
    -Region "us-central1" \
    -OutputPath "C:\Reports\gcp-analysis.html" \
    -CsvOutputPath "C:\Reports\gcp-analysis.csv"

Enterprise Analysis

# Analyze multiple projects
$projects = @(
    "project-prod-123",
    "project-dev-456",
    "project-test-789"
)

foreach ($project in $projects) {
    .\gcp-forgotten-resources-detector.ps1 \
        -ProjectId $project \
        -OutputPath "report-$project.html" \
        -CsvOutputPath "report-$project.csv"
}

Detection Patterns

Orphaned Resources

The script identifies truly orphaned resources that incur costs without providing value:

Orphaned Persistent Disks

Criteria: status == "READY" AND users == null || users.Count == 0

Cost Impact: High (direct storage costs)

Estimated Savings: ~$4-17/month per 100GB disk (varies by type)

Unattached Static IPs

Criteria: status == "RESERVED" AND users == null || users.Count == 0

Exclusions: None

Cost Impact: Medium (~$1.46/month per IP)

Empty Backend Services

Criteria: backends == null || backends.Count == 0

Cost Impact: High (~$16/month per load balancer)

Suspicious Patterns

PatternRisk LevelDescriptionDetection Logic
No LabelsHighResources without proper labelinglabels == null || labels.Count == 0
Test/Temp NamesMediumResources with temporary naming patternsname -match "(test|temp|demo)"
Old SnapshotsMediumSnapshots older than threshold(Now - creationTimestamp).Days > DaysThreshold
Legacy Machine TypesMediumPrevious generation machine typesmachineType -match "n1-"

Cost Estimation

The script provides estimated monthly costs for each identified resource based on Google Cloud pricing. These estimates help prioritize cleanup efforts based on potential savings.

Cost Calculation Methodology

Persistent Disk Cost Estimation

# Example cost calculation for persistent disks
function Calculate-PersistentDiskCost {
    param($diskType, $sizeGB)
    
    switch -regex ($diskType) {
        "pd-standard" { return $sizeGB * 0.04 }  # $0.04 per GB-month
        "pd-balanced" { return $sizeGB * 0.10 }  # $0.10 per GB-month
        "pd-ssd" { return $sizeGB * 0.17 }       # $0.17 per GB-month
        "pd-extreme" { return $sizeGB * 0.25 }   # $0.25 per GB-month
        default { return $sizeGB * 0.04 }        # Default to standard pricing
    }
}

Sample Cost Impact

Resource TypeTypical Monthly CostImpact Level
Unattached Persistent Disk (100GB, pd-standard)$4.00Medium
Unattached Persistent Disk (100GB, pd-ssd)$17.00High
Unattached Static IP$1.46Medium
Empty Load Balancer$16.00High
Old Snapshot (100GB)$2.60Medium

Report Output

The script generates comprehensive reports to help you analyze and act on the findings:

HTML Report

A rich, interactive HTML report with visual styling that includes:

  • Executive summary with total potential savings
  • Resource breakdown by type and risk level
  • Detailed findings with resource IDs, ages, and estimated costs
  • Cleanup recommendations and best practices
  • Sample gcloud commands for remediation

CSV Export

A structured CSV file containing all findings for further analysis or integration with other tools:

ResourceId,ResourceType,Name,Age,EstimatedMonthlyCost,RiskLevel,RecommendedAction
disk-1,Persistent Disk,unused-disk-1,45,$4.00,Medium,Delete or snapshot if needed
address-1,Static IP,N/A,120,$1.46,Medium,Release if not needed
backend-service-1,Backend Service,test-backend,90,$16.00,High,Delete if not in use
snapshot-1,Snapshot,backup-2024-01-15,150,$2.60,Medium,Delete if outdated

Safety & Best Practices

Safe Usage Guidelines

⚠️ Important Safety Notes

  • This script is read-only and does not modify any resources
  • Always review findings before taking action
  • Consider business context before deleting resources
  • Take snapshots of disks before deletion if data might be needed
  • Test in non-production environments first

Recommended Workflow

  1. Run the script with default settings to get an initial assessment
  2. Review the HTML report to understand the findings
  3. Export CSV data for team review or ticketing system integration
  4. Create a remediation plan for identified resources
  5. Implement cleanup actions with appropriate approvals
  6. Re-run the script to verify improvements

Troubleshooting

Common Issues

IssuePossible CauseResolution
gcloud CLI not foundGoogle Cloud SDK not installed or not in PATHInstall Google Cloud SDK and ensure it's in your system PATH
Authentication failureNot logged in to gcloudRun gcloud auth login to authenticate
Permission denied errorsInsufficient IAM permissionsEnsure your account has Viewer role on the project
Script runs slowlyLarge number of resources to analyzeUse region-specific analysis or increase timeout settings

Debugging Tips

  • Run gcloud commands manually to verify access and permissions
  • Check Cloud Audit Logs for API access denied errors
  • Verify project ID spelling and existence
  • Ensure PowerShell execution policy allows script execution

Integration Options

Automation Scenarios

The GCP Forgotten Resource Detective can be integrated into various workflows:

  • Scheduled Tasks: Run weekly/monthly for ongoing monitoring
  • CI/CD Pipelines: Include in infrastructure validation steps
  • Cloud Governance: Part of regular compliance checks
  • Cost Optimization Initiatives: Regular cleanup campaigns

Integration with GCP Organization

# Example script to run across all projects in a GCP Organization
$projects = gcloud projects list --format="value(projectId)"

foreach ($project in $projects) {
    # Set project context
    gcloud config set project $project
    
    # Run detective script
    .\gcp-forgotten-resources-detector.ps1 -ProjectId $project -OutputPath "report-$project.html"
}

Performance

Resource Requirements

The script's performance depends on the size of your GCP environment:

  • Small environments (< 100 resources): 1-2 minutes
  • Medium environments (100-1000 resources): 2-5 minutes
  • Large environments (1000+ resources): 5-15+ minutes

Optimization Tips

  • Run region-specific analysis instead of global scans
  • Use gcloud pagination settings for large environments
  • Consider running in parallel for multiple projects
  • Use Cloud Asset Inventory queries where available for faster results

Version History

VersionDateChanges
1.0.02025-06-01Initial release with core detection capabilities
1.1.02025-06-10Added support for Cloud SQL and Cloud Functions analysis
1.2.02025-06-15Enhanced HTML reporting and added CSV export

Conclusion

The GCP Forgotten Resource Detective is a powerful tool for identifying cost optimization opportunities in your Google Cloud environment. By regularly scanning for orphaned and suspicious resources, you can significantly reduce your cloud spend and improve your cloud governance posture.

Remember that this tool is part of a broader FinOps strategy. Combine it with proper labeling policies, resource lifecycle management, and regular reviews to maximize your cloud cost efficiency.

Ready to Optimize Your GCP Costs?

Download the GCP Forgotten Resource Detective and start identifying savings opportunities today.