(Old Copy)Onboarding GCP Linked Projects with Terraform (Assessment)


In this user guide, we'll cover how to onboard GCP Linked Projects after onboarding a GCP Cloud Billing acocunt.

After onboarding a GCP Cloud Billing account, please wait for 12 hours for the cost reports to populate, and then onboarding of Linked Projects can proceed.

Before starting, be sure to collect the following values that will be requested when run.sh is executed:

  • Project ID
  • The service account email that is created during the onboarding of a Billing account.
  • Role ID (Optional)
  1. To get the Project ID, follow the steps as shown in the following screenshots:

Click on the drop-down menu before the search box. You should see the Project ID in the ID section. Select and copy it.

  1. To get the email ID for the service account, navigate to the IAM section and search for the service account by name: “,” then copy the email ID.

  1. The Role ID will only be requested if you enter ‘No’ for the “Assign predefined role” condition.

    Since it requires a user input, be sure to follow the regular expression rules: "^[a-zA-Z0-9_\\.]{3,64}$"

Executing Terraform in the Cloud Shell console

Next, start the Cloud Shell console and navigate to the following directory:
cd terraform_gcp_pre_onboarding_template/Assesment-module-proj/core

After this, run the following command in the directory:

chmod +x run.sh

This will make the script executable by the user.

Next, run the following command:

sh run.sh

You will be asked whether you have the necessary permissions or not as part of the pre-check condition.

If you enter ‘No’, the script will terminate with exit code 0.

If you enter ‘Yes’, it will ask for further input: Project ID and service account email ID.

After this, users will be asked whether or not they want to provide GCP predefined roles or not:

If you enter ‘Yes’, Terraform will take all the pre-defined roles that can be seen in the following screenshot.

All the provisioning steps will be executed by Terraform, which you can see in the terminal.

Users will then be prompted to get the vulnerabilities and threats from the GCP console

If you enter ‘No’, you will be prompted to give the input for the Role ID, which should follow the regular expression pattern: "^[a-zA-Z0-9_\\.]{3,64}$"

This role is configured as part of the least permissions required by CoreStack to function.

The Terraform execution will start, and you should be able to see the execution flow in the terminal.

Onboarding in the CoreStack portal

At this point, you can switch to the CoreStack web portal to continue the onboarding process.