I'm trying to pin pricing on a use case for Identity Platform and would appreciate if anyone can confirm how the pricing works.
The pricing documentation states:
Any account that has signed in within a given month is considered an active user. Inactive users are stored at no cost.
My reading of this is that I could create a user account programmatically (e.g. in a cloud function) and I would not be charged for that account, until and unless someone actually signs in to that account. (As opposed to the user being counted as active for the month in which the account is created, login or no.) Does anyone know if that reading is correct?
You should get verification from the Google itself if yor understanding of the charges is correct; open up a ticket with Google Cloud Billing here: https://cloud.google.com/support/billing
However - documentation clearly describes how do you define an active user here.
Alternatively you can experiment yourself - create a test account and don't login for over a month and then check the billing.
According to this identity platform pricing model document:
Identity Platform charges per Monthly Active User (MAU) for most sign-in methods.
That is, any account that has signed in within a given month is considered an active user. Inactive users are stored at no cost.
Phone and multi-factor authentication users are charged per successful verification.
Related
I run a small research group at a large university that manages hundreds of GCP accounts. The university acts as the Billing Administrator, and my research group was assigned a GCP "project" for all of our work. However, for privacy reasons, they cannot give me access to the Billing API because this would allow me to see the billing details for other labs.
Because we have trainees in our lab who WILL make mistakes, I would like to setup an automated system that monitors our current GCP bill, and (1) sends notifications or (2) terminates all VMs, when that bill reaches certain predefined limits. For example, if our monthly budget is $10k, then I would like to receive a notification at $5k, another notification at $10k, and I would like to terminate all VMs at $15k.
My problem is that in order to implement a system like this, I need access to the Billing API. I have already contacted my system administrator and they have said that this is impossible. Instead, they proposed that I write a script that lists all VMs and uses the Cost Calculator to estimate my monthly GCP bill.
However, this seems a little circuitous. When I am using the Google Cloud Console, I can see the total and forecasted costs for my project, so it seems that I should be able to access this information programmatically. However, I cannot find any information on how to do this, since all solutions require me to activate the Billing API. Any ideas?
There is no API to fetch the data you see in the Google Cloud Console. You will need to export the billing data and then process each row of data to generate reports.
There are two options that I can think of:
Option 1) Ask the admin to set up billing data export to BigQuery. Grant you permission to query the billing tables. You can then query BiGQuery to generate your own cost reports.
Set up Cloud Billing data export to BigQuery
Option 2) Create a separate billing account for your project and grant you permission. A GCP ORG can have multiple Billing Accounts tied to the same Payments Account. This option supports creating budget alerts.
How to pull the list of IAM users from google cloud along with their last activity??
Tried "gcloud projects get-iam-policy"
but it gives only list of iam users/members but not their last activity
Ok, if it's for company, you have this information in the Google Cloud Identity platform. You can log in here: https://admin.google.com
Go to users and boom
Of course you can request these values by API with the admin sdk
It works only for managed accounts. If you have unmanaged account (in gmail.com or from another company) you don't have access to this information.
EDIT 1
To track the service account activity, you can rely on the documentation. Cloud Monitoring allow you to do that. If you need to export the data to BigQuery for analytics for example, let me know I could help on that.
To know the privilege that the users have, you can rely on the Asset Inventory, and especially on the IAM search policy feature.
I would like to create a GCP cost management platform for resellers/MSP. The platform will pule cost data per each of the reseller's end customers.
Where Can I find information on:
How can I access the reseller's data?
What is the data structure? Does a reseller have one dataset for all of his customers, or one dataset per customer?
What are the needed credentials that the reseller needs to provide in order to fetch his customers data, and what permissions need to be provided?
I created a Video Lab on Google Cloud Billing. The first step is to understand how billing works in Google Cloud. Then understand how Identity and Access Management works so that you know what roles you need for credentials to access billing APIs.
Google Cloud Billing
Review the following documentation links for technical API details:
Get Started with the Cloud Billing API
Cloud Billing API
APIs & Reference
To access reseller information you will need to become a Google Partner first. Then request documentation.
Does anyone know the differences between the company account and personal account in terms of functionality in AWS?
The Amazon AWS help page says:
Choose Company Account or Personal Account.
Note: These two account types are identical in functionality.
Seems there are no documents there to state the differences.
Because I have a client who not yet forming a company but would like to kick start the services, should we start with personal account and any possibility to transfer to company account afterwards?
There is no difference in functionality, and if you client ever gets big enough where it matters you can always contact AWS and have them change the account configuration.
IMO, your client is not risking anything by just setting up a personal account to get going, and they may never need to switch it — just make sure that the person who sets up the account isn't someone that is likely to quit and take the account with them or hold it for blackmail — the root account credentials should be controlled by the owner or other officer of the company. All other users should have IAM accounts
How can I create a amazon sandbox account for developer purpose using a dummy credit card number?
I searched lot in amazon website and Google but no information is available for developer. They ask for original credit card access.
UPDATE
As seen in the comments to this post, Amazon no longer provides a staging / test environment.
How-to: Amazon Marketplace Web Services (MWS) Staging Account
We’ve been working on custom web application that integrates our client’s platform with Amazon’s storefront. Trying to understand how a development environment is setup through Amazon is a tricky task. It required hours of scouring Google for answers, contacting Amazon MWS support and hours of waiting. Hopefully this post can be a cheat sheet for developers trying to learn Amazon’s system.
Step 1:
Signup for a seller account on Amazon and select the Professional option. Go through the entire process and fill out you company name and address for your development account. You shouldn’t have to add a credit card or tax documentation even though it asks.
Step 2:
Login to your newly created account and open up a help ticket. Explain what you are developing and the reasons you need a “staging account“. Amazon should respond with instructions and the new account you created should be a development account. It should have all the normal features of a real Amazon account except that you can’t sell on the real Amazon.com, only in ungated categories on the staging version of Amazon. Also request the staging URL and credentials for testing orders at the same time.
Step 3:
After you’ve been informed by Amazon that Step 2 is complete, you can sign up with MWS as a developer. You should receive 5 things back:
Merchant ID
Marketplace ID
Developer Account #
AWS Access Key ID
Secret Key
You will then be able to send your client(s) to the same signup page with your developer ID. You application will then use #2,4,5 for every single client while only replacing #1 for each client’s requests.
Step 4:
Testing orders was one of the most unusual ways we have ever tested. It requires you to signin to: https://mt.amazon.com with the credentials you received in step 2. To test an order you must first list your products in your staging account. Then you must logout of your staging account, login to a real Amazon account and purchase items with a real account and credit card. For this reason Amazon suggests setting all pricing and shipping to $0.01.
Conclusion
Hopefully this helps save some time for many of you as it took our team hours to compile and learn all of the information above from Google and Amazon MWS support.
You can get all inforamtion related to Amazon Sandbox account From Here
CreditCard is for verification only that you are not some milicious user.