GCP

SERVICE_DISABLED

GCP SERVICE_DISABLED means the target Google Cloud API is disabled for the consumer project, so requests are rejected until that service is enabled.

Last reviewed: March 5, 2026|Source-backed guidance under our editorial policy

Start Here

Use the closest compare guide, playbook, or adjacent error page to narrow the decision faster before you start changing production systems.

This page is part of the Error Reference library. Learn more about the project or report a correction.

What Does Service Disabled Mean?

The request reached Google control planes, but the called API is not currently enabled for that project state, so execution is blocked before normal processing.

Common Causes

-The API was never enabled in the project that owns the request quota and billing context.
-The API was previously enabled but later disabled during cleanup, policy hardening, or project template changes.
-The request is sent with credentials from the wrong project, where that API is still disabled.
-Automation lacks required Service Usage permissions to enable the service during bootstrap.

How to Fix Service Disabled

1Read ErrorInfo details and capture the exact service and consumer values returned with SERVICE_DISABLED.
2Enable the required API in the same consumer project used by the failing workload.
3Confirm the operator or automation identity has Service Usage enable permissions before rerunning bootstrap steps.
4Retry the original request after enablement propagation and verify no residual disabled-service errors remain.

Step-by-Step Diagnosis for Service Disabled

1Capture full error payload and verify reason=SERVICE_DISABLED, including the affected service name.
2Verify the effective project identity used by the workload (project ID/number and credential source).
3Check whether the API is enabled in that exact project and environment, not only in neighboring projects.
4Audit IAM on enable workflows and validate required Service Usage permissions for CI/CD identities.

Consumer Project and API State Validation

-Match the consumer project from error metadata to runtime credentials (example: workload runs under project B while engineers enabled API in project A).
-Verify API state for the exact service endpoint (example: run.googleapis.com enabled, but artifactregistry.googleapis.com still disabled for deploy path).

Enablement Permissions and Automation Gaps

-Validate Service Usage IAM for bootstrap actors (example: pipeline can deploy resources but lacks permissions required to enable new APIs).
-Review infra templates for explicit API enable steps and idempotent checks before resource creation.

Seen in Production

New environment provisioned without full API dependency enablement

Frequency: common

Example: Service deploy succeeds partially, then runtime calls fail because one required API was never enabled in that project.

Fix: Add explicit API enable steps to project bootstrap and gate deployment on successful enablement checks.

Project credential drift after workload identity refactor

Frequency: rare

Example: Application starts calling APIs with credentials from a different project where required services are disabled.

Fix: Correct credential source, then validate API enablement state in the effective consumer project.

Debugging Tools

-Service Usage API state checks and gcloud services listing
-ErrorInfo metadata inspection (service, consumer)
-Service Usage IAM permission audit
-Project bootstrap and IaC drift checks

How to Verify the Fix

-Re-run the same request and confirm SERVICE_DISABLED no longer appears in error details.
-Validate dependent workflows (deploy, runtime calls, background jobs) complete without disabled-service failures.
-Check audit and pipeline logs to confirm API enablement steps are now deterministic across environments.

How to Prevent Recurrence

-Codify required APIs per service in infrastructure-as-code and enforce drift detection for disabled dependencies.
-Add pre-deploy checks that fail fast when required APIs are not enabled in target projects.
-Monitor SERVICE_DISABLED occurrences by service and project to catch configuration regressions early.

Pro Tip

-keep a per-workload API dependency manifest and validate it in CI before first deploy to new projects.

Official References

Provider Context

This guidance is specific to GCP services. Always validate implementation details against official provider documentation before deploying to production.

Start Here

Use the closest compare guide, playbook, or adjacent error page to narrow the decision faster before you start changing production systems.

Common Causes

-The API was never enabled in the project that owns the request quota and billing context.

-The API was previously enabled but later disabled during cleanup, policy hardening, or project template changes.

-The request is sent with credentials from the wrong project, where that API is still disabled.

-Automation lacks required Service Usage permissions to enable the service during bootstrap.

How to Fix Service Disabled

1Read ErrorInfo details and capture the exact service and consumer values returned with SERVICE_DISABLED.

2Enable the required API in the same consumer project used by the failing workload.

3Confirm the operator or automation identity has Service Usage enable permissions before rerunning bootstrap steps.

4Retry the original request after enablement propagation and verify no residual disabled-service errors remain.

Step-by-Step Diagnosis for Service Disabled

1Capture full error payload and verify reason=SERVICE_DISABLED, including the affected service name.

2Verify the effective project identity used by the workload (project ID/number and credential source).

3Check whether the API is enabled in that exact project and environment, not only in neighboring projects.

4Audit IAM on enable workflows and validate required Service Usage permissions for CI/CD identities.

Consumer Project and API State Validation

-Match the consumer project from error metadata to runtime credentials (example: workload runs under project B while engineers enabled API in project A).
-Verify API state for the exact service endpoint (example: run.googleapis.com enabled, but artifactregistry.googleapis.com still disabled for deploy path).

Enablement Permissions and Automation Gaps

-Validate Service Usage IAM for bootstrap actors (example: pipeline can deploy resources but lacks permissions required to enable new APIs).
-Review infra templates for explicit API enable steps and idempotent checks before resource creation.

Seen in Production

New environment provisioned without full API dependency enablement

Frequency: common

Example: Service deploy succeeds partially, then runtime calls fail because one required API was never enabled in that project.

Fix: Add explicit API enable steps to project bootstrap and gate deployment on successful enablement checks.

Project credential drift after workload identity refactor

Frequency: rare

Example: Application starts calling APIs with credentials from a different project where required services are disabled.

Fix: Correct credential source, then validate API enablement state in the effective consumer project.

How to Verify the Fix

-Re-run the same request and confirm SERVICE_DISABLED no longer appears in error details.

-Validate dependent workflows (deploy, runtime calls, background jobs) complete without disabled-service failures.

-Check audit and pipeline logs to confirm API enablement steps are now deterministic across environments.

How to Prevent Recurrence

-Codify required APIs per service in infrastructure-as-code and enforce drift detection for disabled dependencies.

-Add pre-deploy checks that fail fast when required APIs are not enabled in target projects.

-Monitor SERVICE_DISABLED occurrences by service and project to catch configuration regressions early.

Start Here

What Does Service Disabled Mean?

Common Causes

How to Fix Service Disabled

Step-by-Step Diagnosis for Service Disabled

Consumer Project and API State Validation

Enablement Permissions and Automation Gaps

Seen in Production

New environment provisioned without full API dependency enablement

Project credential drift after workload identity refactor

Debugging Tools

How to Verify the Fix

How to Prevent Recurrence

Pro Tip

Related Errors

Official References

Provider Context

Start Here

What Does Service Disabled Mean?

Common Causes

How to Fix Service Disabled

Step-by-Step Diagnosis for Service Disabled

Consumer Project and API State Validation

Enablement Permissions and Automation Gaps

Seen in Production

New environment provisioned without full API dependency enablement

Project credential drift after workload identity refactor

Debugging Tools

How to Verify the Fix

How to Prevent Recurrence

Pro Tip

Related Errors

Official References

Provider Context