(Old Copy)Onboarding GCP Linked Projects Under the Org Level with Terraform (Assessment)


In this user guide, we'll cover how to onboard GCP Linked Projects under the organization (org) level after onboarding a GCP Cloud Billing account - configured for assessment-only.

After onboarding a GCP Cloud Billing account, please wait for 12 hours for the cost reports to populate and then the onboarding of the linked projects can proceed.

Before starting, be sure to collect the following values that will be needed when run.sh is executed:

  • Organization ID
  • The service account email that is created during the onboarding of a Billing account.
  • Role-id (optional)

To get the Organization ID and Project ID, follow the steps as shown in the following screenshots:

  1. Click on the drop-down menu before the search box. You will see the Organization ID in the ID section. Select and copy it.

  1. To get the email ID for the service account, navigate to the IAM section and search for the service account by name: “[email protected].com,”then copy the email id.

  1. The Role ID will only be requested if you enter ‘No’ for the “Assign predefined role” condition.

    Since it requires user input, make sure to follow the regular expression rules: "^[a-zA-Z0-9_\\.]{3,64}$"

Executing Terraform in the Cloud Shell console

Next, start the Cloud Shell console and navigate to the following directory:

cd terraform_gcp_pre_onboarding_template/Assesment-module-org/core

After this, run the following command in the directory:

sh run.sh

You will be asked whether you have the necessary permissions or not as part of the pre-check condition.

If you enter ‘No’, the script will terminate with exit code 0.

If you enter ‘Yes’, it will ask for further input: Organization ID and the service account email ID.

After this, users will be asked whether or not they want to provide GCP predefined roles or not:

If you enter ‘Yes’, Terraform will take all the pre-defined roles that can be seen in the screenshot below.

All the provisioning steps will be executed by Terraform, which you can see in the terminal.

At this point, you can switch to the CoreStack web portal to continue the onboarding process.

If you enter ‘No’, you will be prompted to give the input for the Role ID, which should follow the regular expression pattern: "^[a-zA-Z0-9_\\.]{3,64}$"

This role is configured as part of the least permissions required by CoreStack to function.

The Terraform execution will start, and you can see the execution flow in the terminal.

Onboarding in the CoreStack portal

At this point, you can switch to CoreStack web portal to continue the onboarding process.