Pre-Onboarding for GCP Organization Accounts (Read/Read-Write)

Introduction

Before onboarding a GCP billing project with Read or Read-Write permissions into the platform, there are some pre-onboarding steps that need to be followed.

These begin with retrieving the Organization ID and service account email address. After that, users must access the Cloud Shell Terminal in GCP, navigate to the appropriate directory, and run a few scripts – as explained in the steps provided below.

After the successful execution of these scripts, users can proceed with onboarding the GCP Organization account into the platform. 

📘

NOTE: Before going ahead with the organization onboarding process, ensure to complete the billing account onboarding pre-requisites. Refer to this guide for more details -- https://docs.corestack.io/docs/onboarding-a-gcp-billing-account-with-terraform

Pre-Onboarding Steps

Perform the following pre-onboarding steps:

  1. Get the organization ID from the hierarchy.

    After you get the organization ID, paste the details into a notepad and use it when prompted.

  2. Perform the following steps to retrieve the service account email:

    1. Navigate to the billing project.

    2. To get the service account that you had created to onboard the billing project into CoreStack, navigate to IAM > Principal column.

      Paste the service account email in a notepad so that you can access this information when prompted.

  3. On the Cloud Shell Terminal screen, switch the directory using this command:

    • For Read only permission: cd Onboarding_Templates/GCP/Assesment-module-org/core

    • For Read-Write permission: cd Onboarding_Templates/GCP/Assesment+gov-module-org/core

  4. On the Cloud Shell Editor screen, run this command: sh run.sh
    A message is displayed asking if you have the Organization level Security Admin Role and Service Usage Admin permissions that is required to successfully run the script.

  5. In the command prompt, type yes or no.

    • If you type no, the script will exit without executing it.
    • If you type yes, then you will get prompts to enter the organization ID and service account email.
  6. Enter the organization ID and service account email from the notepad where you had pasted these details earlier.

    A message is displayed asking if you have assigned predefined role to successfully run the script.

  7. In the command prompt, type yes.

  8. After the script execution is successful, run the following commands:

    cd ..
    cd GCP_Proj_Org_API_Enabler/
    sh run.sh

  9. Enter the organization ID when prompted.

After the successful execution of the script, proceed with GCP account onboarding in the platform.