How to Onboard a GCP Billing Account

Overview

In this section, we'll help guide you in onboarding a Google Cloud Platform (GCP) Billing Account into CoreStack.

Pre-onboarding

GCP Projects can be onboarded as a Billing Account in CoreStack. Onboarding a Billing Account allows you to discover the cost information of all its linked GCP Projects.

However, before your GCP project can be onboarded into CoreStack, there are certain prerequisites that need to be met.

Set Up Cloud Billing Data Export to BigQuery:

To enable your Cloud Billing usage costs and/or pricing data to be exported to BigQuery, please do the following:

1. in the Google Cloud console, go to the Billing export page.

2. Click to select the cloud Billing account for which you would like to export the billing data. The Billing export page opens for the selected billing account.

3. On the BigQuery export tab, click Edit settings for each type of data you'd like to export. Each type of data is configured separately.

4. From the Projects list, select the project that you set up which will contain your BigQuery dataset.

   The project you select is used to store the exported Cloud Billing data in the BigQuery dataset.

   • For standard and detailed usage cost data exports, the Cloud Billing data includes usage/cost data for all Cloud projects paid for by the same Cloud Billing account.
   • For pricing data export, the Cloud Billing data includes only the pricing data specific to the Cloud Billing account that is linked to the selected dataset project.

5. From the Dataset ID field, select the dataset that you set up which will contain your exported Cloud Billing data.

   For all types of Cloud Billing data exported to BigQuery, the following applies:

   • The BigQuery API is required to export data to BigQuery. If the project you selected doesn't have the BigQuery API enabled, you will be prompted to enable it. Click Enable BigQuery API to enable the API.

   • If the project you selected doesn't contain any BigQuery datasets, you will be prompted to create one. If necessary, follow these steps to create a new dataset.

   • If you use an existing dataset, review the limitations that might impact exporting your billing data to BigQuery, such as being unable to export data to datasets configured to use customer-managed key encryption.

     For pricing data export, the BigQuery Data Transfer Service API is required to export the data to BigQuery. If the project you selected doesn't have the BigQuery Data Transfer Service API enabled, you are prompted to enable it. If necessary, follow these steps to enable the API.

6. Click Save.

Onboarding a GCP Billing Account with Terraform

Perform the following steps to onboard GCP billing account:

1. Sign in to the GCP console: https://console.cloud.google.com.
2. Sign in to your organization’s cloud account with a user ID and a password.
3. Click the icon for Command Line Interface as shown in the image below.

4. On the Cloud Shell Terminal screen, clone the GitHub repository by running the below command in a specific folder.
   git clone https://github.com/corestacklabs/Onboarding_Templates.git

The repo is now downloaded.

5. To switch to a particular directory, use the command provided below.

cd Onboarding_Templates/GCP/Billing-account/

6. To execute the file, run the command: chmod +x run.sh

On the Cloud Shell CLI screen, type the following details when prompted:

• Role self-check
• Project ID
• Bucket location
• Table ID

7. If the BigQuery data transfer service was never used before, then provide the auth for BigQuery transfer when prompted.
8. Next, you need the Project ID which is going to be onboarded as billing account and can be found in the hierarchy.

9. To get the table ID and the data location, perform the following steps:
   a. Click BigQuery > SQL Workspace.

On the left panel, click the arrow icon to expand the main project > click the required dataset > click the relevant billing export file.

Copy the Table ID and Data location.

10. On the Cloud Shell Editor screen, run the command: sh run.sh

A message is displayed asking if you have Project Owner role and BigQuery Admin role to successfully run the script.

11. In the command prompt, type yes or no.

• If you type no, the script will exit without executing it.
• If you type yes, then you will get prompts to enter project ID, bucket location, and table ID.

12. Type the project ID, bucket location, and table ID.

🚧

Note:

• Ensure that the location entered is same as the BigQuery dataset location (refer to step 11).
• Refer to step 10 to get the project ID.
• Refer to step 11 to get the bucket location and table ID.

The terraform init command should run now.

If the project is a new project, the auth prompt will appear and you must click the link to get the verification code.

13. Click Allow and then you will get the verification code.

14. Copy the verification code and paste it in the Cloud Shell terminal when you see the prompt for version_info.

If it works successfully, you will see that transfer configuration is created and Terraform starts executing.

Run the Shell script to see the resources created through Terraform.

Generating JSON File for Account Onboarding

A key file, also known as JSON file, can be downloaded from the service account which you created from the onboarding script. After the key file is downloaded, you can use the same file to onboard an account in CoreStack.

1. Navigate to IAM & Admin > Service Accounts.

2. Click Service accounts and then click the service account name created for CoreStack. In this case, click corestack-auth.

3. In the KEYS tab, click ADD KEY list and then select Create new key.

4. In the Create private key for “corestack-auth” dialog box, do the following:
   1. In the Key type field, click to select JSON.
   2. Click CREATE.

After the key is downloaded, proceed with GCP account onboarding in the CoreStack portal.

Generating Authentication Credentials for Onboarding Account

For onboarding an account in CoreStack, you will need bucket name, account ID, dataset name, and project ID.

Perform the following steps to get the account credentials:

1. To get the bucket name, perform the following:
   1. On the GCP Cloud Console, click Cloud Storage > Buckets.
   2. Identify the bucket for account onboarding and copy the bucket name.

2. To get the billing account ID, perform the following:
   1. Click Billing.
   2. In the Billing Account list, click to select the account name.
   3. Click Overview > BILLING ACCOUNT OVERVIEW.
   4. Note the billing account ID from Billing account field.

3. To find the dataset name in the billing data export to BigQuery, perform the following:
   1. Click Billing.
   2. In the Billing Account list, click to select the account name.
   3. Click Billing export > BIGQUERY EXPORT.
   4. In the Dataset name field, note the name of the dataset.

4. Identify the project ID from the hierarchy.

Onboarding GCP Billing Account

Perform the following steps to onboard a GCP billing account:

1. Sign in to the CoreStack application.
2. Click ADD NEW > Start Now.

🚧

Note:

Ensure that the option Single Account is selected.

3. On the CHOOSE A CLOUD TO START? screen, do the following:
   1. In the Public Cloud field, click to select GCP.
   2. Click GET STARTED.

4. On the CHOOSE ACCOUNT & ACCESS TYPE screen, perform the following:
   1. In the Access Type field, click to select Assessment + Governance.
   2. In the Account Type field, click to select Billing Account.
   3. Click NEXT.

5. On the next screen, do the following:
   1. In the Account Type field, click to select Billing Account.
   2. In the Authentication Protocol field, click to select Service Account.
   3. In the Currency list, click to select an appropriate currency. The option US Dollars (USD) is selected here.
   4. In the Environment list, click to select Production.
   5. Click NEXT.

6. On the AUTHENTICATE YOUR ACCOUNT CREDENTIALS screen, perform the following:

Fill the following fields:

• Bucket Name
• Billing Account ID
• Dataset ID
• Project ID

📘

Note:

Refer to Generating Authentication Credentials for Onboarding Account to get details to be filled in the above four fields.

In the Upload Credentials File (JSON) field, click Upload and select the file to be uploaded.

• Refer to Generating JSON File for Account Onboarding.

Click VALIDATE.

7. In the Advanced Settings section, perform the following steps:
   1. In the Name box, type the new account name.
   2. In the Scope field, click to select Tenant.
   3. Click I’m Done.

A confirmation message displays that says that the GCP account is successfully onboarded.