(Old Copy)Onboarding a GCP Billing Account with Terraform

Suggest Edits

Introduction

Terraform is mainly used for infrastructure management in Google Cloud Platform (GCP). Thus, it helps to manage different resources using providers.

To get started with Terraform, GCP needs to be configured first and a service account needs to be created for the main project. This service account must have the necessary roles and permissions. Users must also ensure that a bucket is created to hold the Terraform template, then they must initialize the Terraform code and execute it.

Initializing and Executing Terraform

Perform the following steps to initialize and execute Terraform:

  1. Sign in to the GCP console: https://console.cloud.google.com.
  2. Sign in to your organization’s cloud account with a user ID and a password.
  3. In the Search box on the top of the screen, type Cloud Shell Editor and click Search.

  1. Click to open the Cloud Shell Editor.
  2. On the Cloud Shell Editor screen, click Terminal > New Terminal.

  1. On the Cloud Shell Terminal screen, clone the GitHub repository by running the below command in a specific folder.

    git clone https://github.com/corestacklabs/Onboarding_Templates.git

The repo is now downloaded.

  1. To switch to the path Billing-account directory, use the command provided below.

    cd terraform_gcp_pre_onboarding_template/Billing-account

  1. To execute the file, run the command: chmod +x run.sh

On the Cloud Shell Editor screen, type the following details when prompted:

  • Role self-check
  • Project ID
  • Bucket location
  • Table ID
  1. If the BigQuery data transfer service was never used before, then provide the auth for BigQuery transfer when prompted.
  2. Next, you need the Project ID which is going to be onboarded as billing account and can be found in the hierarchy.

  1. To get the table ID and the data location, perform the following steps:
    a. Click BigQuery > SQL Workspace.

On the left panel, click the arrow icon to expand the main project > click the required dataset > click the relevant billing export file.

Copy the Table ID and Data location.

  1. On the Cloud Shell Editor screen, run the command: sh run.sh

    A message is displayed asking if you have Project Owner role and BigQuery Admin role to successfully run the script.

  2. In the command prompt, type yes or no.

  • If you type no, the script will exit without executing it.
  • If you type yes, then you will get prompts to enter project ID, bucket location, and table ID.
  1. Type the project ID, bucket location, and table ID.

🚧

Note:

  • Ensure that the location entered is same as the BigQuery dataset location (refer to step 11).
  • Refer to step 10 to get the project ID.
  • Refer to step 11 to get the bucket location and table ID.

The terraform init command should run now.

If the project is a new project, the auth prompt will appear and you must click the link to get the verification code.

  1. Click Allow and then you will get the verification code.

  1. Copy the verification code and paste it in the Cloud Shell terminal when you see the prompt for version_info.

If it works successfully, you will see that transfer configuration is created and Terraform starts executing.

Run the Shell script to see the resources created through Terraform.

Generating JSON File for Account Onboarding

A key file, also known as JSON file, can be downloaded from the service account which you created from the onboarding script. After the key file is downloaded, you can use the same file to onboard an account in CoreStack.

  1. Navigate to IAM & Admin > Service Accounts.

  1. Click Service accounts and then click the service account name created for CoreStack. In this case, click corestack-auth.

  1. In the KEYS tab, click ADD KEY list and then select Create new key.

  1. In the Create private key for “corestack-auth” dialog box, do the following:
    1. In the Key type field, click to select JSON.
    2. Click CREATE.

After the key is downloaded, proceed with GCP account onboarding in the CoreStack portal.

Generating Authentication Credentials for Onboarding Account

For onboarding an account in CoreStack, you will need bucket name, account ID, dataset name, and project ID.

Perform the following steps to get the account credentials:

  1. To get the bucket name, perform the following:
    1. On the GCP Cloud Console, click Cloud Storage > Buckets.
    2. Identify the bucket for account onboarding and copy the bucket name.

  1. To get the billing account ID, perform the following:
    1. Click Billing.
    2. In the Billing Account list, click to select the account name.
    3. Click Overview > BILLING ACCOUNT OVERVIEW.
    4. Note the billing account ID from Billing account field.

  1. To find the dataset name in the billing data export to BigQuery, perform the following:
    1. Click Billing.
    2. In the Billing Account list, click to select the account name.
    3. Click Billing export > BIGQUERY EXPORT.
    4. In the Dataset name field, note the name of the dataset.

  1. Identify the project ID from the hierarchy.

Onboarding GCP Billing Account

Perform the following steps to onboard a GCP billing account:

  1. Sign in to the CoreStack application.
  2. Click ADD NEW > Start Now.

🚧

Note:

Ensure that the option Single Account is selected.

  1. On the CHOOSE A CLOUD TO START? screen, do the following:
    1. In the Public Cloud field, click to select GCP.
    2. Click GET STARTED.

  1. On the CHOOSE ACCOUNT & ACCESS TYPE screen, perform the following:
    1. In the Access Type field, click to select Assessment + Governance.
    2. In the Account Type field, click to select Billing Account.
    3. Click NEXT.

  1. On the next screen, do the following:
    1. In the Account Type field, click to select Billing Account.
    2. In the Authentication Protocol field, click to select Service Account.
    3. In the Currency list, click to select an appropriate currency. The option US Dollars (USD) is selected here.
    4. In the Environment list, click to select Production.
    5. Click NEXT.

  1. On the AUTHENTICATE YOUR ACCOUNT CREDENTIALS screen, perform the following:

Fill the following fields:

  • Bucket Name
  • Billing Account ID
  • Dataset ID
  • Project ID

📘

Note:

Refer to Generating Authentication Credentials for Onboarding Account to get details to be filled in the above four fields.

In the Upload Credentials File (JSON) field, click Upload and select the file to be uploaded.

  • Refer to Generating JSON File for Account Onboarding.

Click VALIDATE.

  1. In the Advanced Settings section, perform the following steps:
    1. In the Name box, type the new account name.
    2. In the Scope field, click to select Tenant.
    3. Click I’m Done.

A confirmation message displays that says that the GCP account is successfully onboarded.

Onboarding Linked Project Account

Perform the following steps to onboard linked project account:

  1. Sign in to the CoreStack application.
  2. Click ADD NEW > Start Now. Ensure that the option Single Account is selected.

  1. On the CHOOSE A CLOUD TO START? screen, click to select GCP and then click GET STARTED.

  1. On the next screen, fill the following details:
    1. In the CHOOSE ACCOUNT & ACCESS TYPE field, click to select Assessment + Governance.
    2. In the Account Type field, click to select Linked Project Account.
    3. In the Authentication Protocol field, click to select Service Account (man with a cloud symbol).
    4. Click NEXT.

  1. On the AUTHENTICATE YOUR ACCOUNT CREDENTIALS screen, perform the following:
    1. In the Hierarchy Scope field, click to select Organization.
    2. In the Upload Credentials File (JSON) field, click Upload and select the JSON file to upload it.
      1. Refer to Generating JSON File for Account Onboarding.
    3. Click VALIDATE.

You have successfully completed the onboarding of a GCP billing account and have onboarded all the cloud accounts (projects) from the organization.

Updated 3 days ago