As a cloud administrator or a cloud account owner, you can onboard all GCP accounts under a GCP organization.

Prerequisites

  • Locate and record the Org ID by logging into the Google Cloud Platform and selecting the organization.

    The Select a Resource window in the Google Cloud Platform console displaying the org ID location and value.

  • Locate and record the Project ID.

Procedure

  1. On the left navigation pane, click Settings > Public Cloud Accounts.
  2. On the Public Cloud Accounts page, click Add Account.
    The Add Public Cloud Account window displays.
  3. Under Cloud Provider, select GCP. Under Method, select Organization (multi accounts). Click Next.
  4. Enter the Project ID and run the provided script in Google Cloud Shell together with the organization ID to create a service account key. 
    curl https://dev.cwp.cbdtest.io/public-cloud/dev01/gcp/pre-
onboarding-setup/shell/setup-trust-relationship-multi-
account.sh -o setup-trust-relationship-multi-account.sh && 
bash setup-trust-relationship-multi-account.sh --
CBAwsAccountId xxxxxxxxxxxx --CBAwsRoleName mcs2-app-kcdev01-
pub-cloud-gcp-service-role --GCPProjectId Test --
OrganizationId <GCP_Org_ID>
    The output provides the project number, service account email, Identity pool ID, and Identity provider ID.
  5. Using the provided details, fill in the Connect Service Account Fields.
  6. Select and enter the details in the Account Details fields and click Next.
  7. Use the search text box to narrow the results, select the accounts to onboard, and click Next.
    Connect Account page display all GCP projects available for onboarding.
    Note: The org account is the management account. All other accounts are member accounts.
  8. Depending on your selections, copy and run the script in Google Cloud Shell:
    1. To onboard all accounts, in the Google Console, navigate to the service account within the Master account. Select Permissions and add the Service Account Token Creator permission to the user account that is running the script. Copy and run the script in Google Cloud Shell.
    2. To onboard one or more individual accounts, copy and run the script in Google Cloud Shell.
  9. (Optional) Enable Event Streaming by copying the provided command and running it in Google Cloud Shell.
  10. Click Add Account to onboard the selected accounts.

Results

The newly added GCP accounts display at the top of the listed projects on the Public Cloud Accounts page. Refresh the page to see the status change from In Progress to Active after validation completes. All of the resources that are associated with these projects are available on the Inventory > Public Cloud > GCP page.