I am unable to select google cloud individual billing account when trying to enable billing on mine google cloud account. Can't select that option and have Individual profile set for Play developer.
I am not an citizen of EU country (saw on some threads that this could be the cause).
I need this account for development purposes (Google maps API to be more exact).
If you manage your Google Cloud resources using an Organization node, and you are a member of that Google Cloud Organization, then you must be a Billing Account Creator to create a new Cloud Billing account.
Specifically, if you are a Google Cloud user within an Organization, to perform this task, you must have the following permission.
billing.accounts.create
If you are not a member of a Google Cloud Organization but instead are managing your Google Cloud resources or Google Maps Platform APIs using projects, you do not need any specific role or permission to create a Cloud Billing account.
Related
Can Billing Account User or Project Billing Manager create billing account?? As per my understanding User can link project to billing account but can't unlink. whereas manager can link and unlink project to/from billing account.
Can Billing Account User or Project Billing Manager create billing account?
No exactly. Let me give you some insights on how Billing roles works on Google Cloud.
The main question that you have to ask yourself is: my project is inside an Organization node or not?
To check if your project is inside an organization, you could take a look at this piece of documentation where it talks about retrieving your organization's ID.
To sum up, you could spin up the Cloud Shell and run the following command in order to see all your organization's ID if you have any:
gcloud organizations list
This will list all the organizations to which you belong to, and their corresponding organization IDs.
I do not belong to an organization
If you are not a member of a Google Cloud Organization but instead are managing your Google Cloud resources or Google Maps Platform APIs using projects, you do not need any specific role or permission to create a Cloud Billing Account, as stated here.
I do belong to an organization
If you would like to create a new Cloud Billing Account and you manage your Google Cloud resources using an Organization node, and you are a member of that Google Cloud Organization, then you must be a Billing Account Creator to create a new Cloud Billing Account.
As stated here:
Use Billing Account Creator's role for initial billing setup or to allow creation of additional billing accounts.
Users must have this role to sign up for Google Cloud with a credit card using their corporate identity.
A nice tip is to minimize the number of users who have this role to help prevent proliferation of untracked cloud spend in your organization or project.
Project Billing Manager Vs Billing Account User
You basically nailed it, but if you would like to have further information, you can refer here for a more detail explanation, but I will resume it below:
Project Billing Manager is the role in charge of link/unlink the project to/from a billing account as you well said.
This role allows a user to attach the project to the billing account, but does not grant any rights over resources.
As for Billing Account User, the role allows to link projects to billing accounts.
This role allow a user to create new projects linked to the billing account on which the role is granted.
Finally, I attached you some documentation regarding:
Overview of Billing Access Control
How to create a new Cloud Billing Account, in case you do not have any.
Managing organizations, in case you belong to someone.
I am using a Google Cloud Project to automate the creation of some users inside of our organization. I have been using some API's that are hosted using the Google Cloud and have had no problem authenticating and using the API's, however I am not sure if I should be using a service account for this. I am currently using the Google Drive API, the Google Admin SDK(Directory API), the Sheets API, and the Docs API to create some accounts and manage an error log.
What I am asking is, should I be creating a service account to use the API's or is my own personal Google Workspace account okay for creating these? Is there a site/video/something that can guide me in the right direction if I do need to create a service account. I personally would rather have all of the automation using a service account for authentication, but the only videos and tutorials I found on using the service accounts are trying to use resources pertaining to Cloud Computing and service accounts that are impersonating other service accounts.
Using a Service Account is the best course of action for security reasons when you are the one giving authorization and authentication to your organization.
It is identical to granting access to any other identity to allow a service account access to a resource. For instance, suppose you only want an application that runs on Compute Engine to be able to generate items in Cloud Storage.
As a result, instead of managing each and every one of your users, you may limit and manage service accounts, assign certain roles to specific users or groups, and keep track of them because several service accounts can be created in a project.
Since you use Google Workspaces, I also advise you to read the shared documentation posted in the comments by #John Hanley.
I'm new to GCP and trying to set it up for our startup. We are not using GSuite or Cloud Identity. We have one Google account we have setup for billing. My question is around how many Google Accounts should we setup for GCP access for our team (not endusers). Is it best practice to create one for each customer/application or is it better to just to create one master Google account?
We would be creating a project per application/environment.
Any advice or recommendations would be most appreciated.
If you own a domain name, it's free to create a Cloud Identity and thus an organisation. Each user in your team need to have a Google identity (and it's better if it's centrally managed in Cloud Identity for example). Think to the people movement: new team member, resign, creation of groups for simplifying the access management,...
I am using two different Google accounts for Google Developer and Google Cloud Services. I have a live Android app and now I want enable real-time-notifications for monetisation. Is there any way that I can link my Google Developer account to Google Cloud Services Account So I can integrate Pub/Sub service?
If I understand correctly this you could use Cloud IAM and give needed roles Developer account. So you can give ex. Project Owner rights to your Google Developer account and than this account can control the project as the owner.
But I don't think you need project owner for Pub/Sub integration. Please check this document that shows such process.
As well there is possibility to merge accounts via Google Workspace Support, however again I don't think this is needed to integrate pub/sub.
I would like to create a GCP cost management platform for resellers/MSP. The platform will pule cost data per each of the reseller's end customers.
Where Can I find information on:
How can I access the reseller's data?
What is the data structure? Does a reseller have one dataset for all of his customers, or one dataset per customer?
What are the needed credentials that the reseller needs to provide in order to fetch his customers data, and what permissions need to be provided?
I created a Video Lab on Google Cloud Billing. The first step is to understand how billing works in Google Cloud. Then understand how Identity and Access Management works so that you know what roles you need for credentials to access billing APIs.
Google Cloud Billing
Review the following documentation links for technical API details:
Get Started with the Cloud Billing API
Cloud Billing API
APIs & Reference
To access reseller information you will need to become a Google Partner first. Then request documentation.