DEVHIDE
Login Or Sign up

How to Add Required Billing Permissions using Google Cloud Project Factory?

582 Views Asked by At

I am using the following terraform based on this modulehttps://github.com/terraform-google-modules/terraform-google-project-factory:

module "project" {
  source  = "terraform-google-modules/project-factory/google"
  version = "~> 14.1"

  name                        = "project"
  random_project_id           = true
  org_id                      = var.organization_id
  billing_account             = var.billing_account
  default_service_account     = "deprivilege"
  budget_amount               = var.budget_amount
  budget_alert_spent_percents = var.budget_alert_spent_percents
  activate_apis = [
    "compute.googleapis.com",
    "dns.googleapis.com",
    "domains.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "billingbudgets.googleapis.com",
    "serviceusage.googleapis.com",
  ]
}

I am not sure how to add the required billing permissions using this module, and keep getting the following error:

Error: Error creating Budget: googleapi: Error 403: The caller does not have permission
with module.project.module.budget.google_billing_budget.budget[0]
on .terraform/modules/project/modules/budget/main.tf line 41, in resource "google_billing_budget" "budget":
resource "google_billing_budget" "budget" {

No examples related to billing show anything additional that needs to be done apart from activating APIs. Before I manually add permissions, I would like to know how to do this with the module, or what permissions are required to add manually. Help would be greatly appreciated.

I have opened an issue about this here which references some permissions I think may be needed: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/789

google-cloud-platform terraform-provider-gcp google-cloud-billing
Original Q&A
1

There are 1 best solutions below

1
Arpita Shrivastava On

Only the users can create and manage Cloud budgets with a Billing Account Administrator role or a custom role with appropriate budget management permissions. This means that project owners without the Billing Account Admin role cannot create budgets for their respective projects.

It looks like there is a permissions issue. You need a role that includes the following permissions on the Terraform Service Account:

  1. billing.budgets.create to create a new budget.

  2. billing.budgets.get and billing.budgets.list to view all budgets for the Cloud Billing account.

To gain these permissions, ask your administrator to grant you one of the following Cloud Billing IAM roles on your Terraform Service Account:

  • Billing Account Administrator

  • Billing Account Costs Manager

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in TERRAFORM-PROVIDER-GCP

Related Questions in GOOGLE-CLOUD-BILLING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.