Open fmichaelobrien opened 2 years ago
For accounts where the billing account is associated externally (not via direct credit card link) - we need to automate/verify that the "Billing Account Administrator" role is also set on the billing view - just like it already is in the IAM view.
see bootstrap.sh
gcloud organizations add-iam-policy-binding ${org_id} --member=serviceAccount:${act} --role=roles/billing.admin
This is not sufficient to set the billing view context role - the following terraform permission error will occur
Error: failed pre-requisites: missing permission on "billingAccounts/0........": billing.resourceAssociations.create │ │ with module.administration.module.project-factory.google_project.main, │ on .terraform/modules/administration/modules/core_project_factory/main.tf line 65, in resource "google_project" "main": │ 65: resource "google_project" "main" {
update https://github.com/canada-ca/accelerators_accelerateurs-gcp/blob/main/deployment-templates/Terraform/guardrails/README.md
For accounts where the billing account is associated externally (not via direct credit card link) - we need to automate/verify that the "Billing Account Administrator" role is also set on the billing view - just like it already is in the IAM view.
see bootstrap.sh
This is not sufficient to set the billing view context role - the following terraform permission error will occur
update https://github.com/canada-ca/accelerators_accelerateurs-gcp/blob/main/deployment-templates/Terraform/guardrails/README.md