203051 - Failed to Update VPC Firewall Rule
Agent error code #203051 indicates that the agent could not update (patch) the VPC firewall rule in GCP. The error message includes additional detail about the underlying cause (e.g., authentication, authorization, or timeout).
This error occurs during the PATCH phase of a grant or revocation operation, after the rule was successfully retrieved.
Common causes include:
- The service account lacks
compute.firewalls.updatepermission (see also #203002) - The firewall rule was deleted between the GET and PATCH operations
- A GCP organization policy is preventing modifications to firewall rules
- The GCP API returned an error during the update
Steps to Resolve
Check IAM Permissions
- Ensure the service account has the
compute.firewalls.updatepermission - The
compute.firewalls.getpermission alone is not sufficient — update permission is also required - See error #203002 for detailed IAM troubleshooting steps
Verify the Firewall Rule Still Exists
- In the GCP Console, navigate to VPC Network > Firewall
- Confirm the firewall rule has not been deleted or renamed since the backend was configured
Check Organization Policies
- Some GCP organizations enforce policies that restrict modifications to firewall rules
- Check for constraints like
compute.restrictFirewallRuleCreationor similar