(Old Copy)Onboarding GCP Linked Projects with Terraform (Assessment + Governance)

After onboarding your GCP Billing Account, please wait for 12 hours for the cost reports to be populated, then you may proceed with the onboarding of your linked projects.

Before starting, collect the following details that will be prompted when run.sh is executed:

  • Project ID
  • The service account email that is created during the onboarding of billing account.
  • Role ID (optional)

Perform the following steps to onboard a GCP linked project account with Terraform:

  1. To get the project ID, click the dropdown on the left of the Search box.
  1. In the ID section, select the project ID and copy it.
  1. To get the email ID for the service account, navigate to the IAM section and search for the service account by name: “corestack-auth@$projectid.iam.gserviceaccount.com”.

  2. Copy the email ID.

  1. Open the cloud console and navigate to the following directory:
    cd Onboarding_Templates/GCP/Assesment+gov-module-proj/core

  2. Run this command in the directory: chmod +x run.sh. This will execute the script.

  1. Run the command: sh run.sh

  2. Type either yes or no when prompted for the pre-check condition of whether you have the necessary permissions or not.

    • If you type no, the script will terminate with exit code 0.
  • If you type yes, it will ask for further input: the project ID and service account email ID.
  1. Type yes or no when prompted to provide the GCP predefined roles.

    If you type yes:

  • The Terraform template will take all the pre-defined roles as shown in the screenshot below.
  • Check the terminal for all the provisioning steps that will be executed by Terraform.
  • Return to the CoreStack portal and continue with the onboarding process.

If you type no:

  • When the prompt asks for the assigned pre-defined role, type the role ID in this format: "^[a-zA-Z0-9\.]{3,64}$_"
    This role is configured as the least permission required by CoreStack to function.
  • Check the Terraform execution flow in the terminal.
  • Return to the CoreStack portal and continue with the onboarding process.
  1. In the CoreStack portal, click ADD NEW > Single Account > Start New.

The CHOOSE A CLOUD TO START screen displays.

  1. In the Public Cloud setion, click to select GCP and click GET STARTED.
  1. In the Access Type section, click to select Assessment +Governance.
  1. Perform the following:
    a. In the Account Type section, click to select Linked Project Account.
    b. In the Authentication Protocol field, click to select Service Account, and then click NEXT.
  1. Perform the following on the AUTHENTICATE YOUR ACCOUNT CREDENTIALS screen:
    a. In the Hierarchy Scope field, click to select Project.
    b. In the Project ID box, type the project ID. Refer to step 2 for where to find the project ID.
    c. Click Upload and select the JSON file to be uploaded.
    d. Click VALIDATE.

This completes the onboarding of a GCP linked project account with Terraform.