Documentation and Best Practices

Learn how to use Cloudability and get the most out of our cloud cost management tool.

Follow

Setup Overview Guide - Billing

Introduction and Layout

The purpose of this guide is to help walk you through the process of credentialing your organization's billing account so that Cloudability can start ingesting your Google Cloud Platform (GCP) billing data. If your organization has multiple GCP billing accounts, then this process must be repeated for each of those billing accounts.

The process, at a high-level,

  1. Review prerequisites here
  2. Migrate your existing account credential
    • Migrate your existing GCP token-based credential to a role-based credential
  3. Add a new account credential
    • Create a new GCP role-based billing account credential
  4. Run script
    • Cloudability uses your billing Table ID to generate a shell script that uses IAM to
      1. add a custom role to your billing project
      2. add Cloudability's Service Account as a member of your billing project with that custom role
  5. Verify credentials
    • Verify that our Service Account has access to read your billing data

Migrate your Existing Account Credential

If you have existing GCP token-based credentials and would like to migrate them to role-based credentials, then edit the credential and click on Migrate Credential.

Follow the steps below to generate and download the shell script that contains the gcloud IAM commands.

1. Edit your credential. Click on Migrate Credential, and then Download Script.

migrate.pngspace.pngmigrate-download-script.png

2. Select Keep if your browser prompts you with a warning when downloading the shell script

chrome-warning.png

Add a New Account Credential

The following steps will help you get started on creating a new GCP role-based credential for your billing account.

1. To create a new credential, go to Vendor Credentials, select the GCP tab, and click on the Add Credentials button

gcp-creds-landing4.png

2. Enter in the billing Table ID, click Generate Setup Script, and then Download Script

generate-script.pngspace.pngverify.png

3. Select Keep if your browser prompts you with a warning when downloading the shell script

chrome-warning.png

Run Script

Follow the steps below to run the script via Cloud Shell within your cloud console. It does not matter from where, within the Cloud Shell, you run the script so long as you have the permissions listed in IAM Permissions.

1. Activate Cloud Shell and select Upload file. Choose the downloaded script from the file explorer and confirm.

cloudshell-upload.png

2. Run the script from within the Cloud Shell.

Note: In the commands below, replace script-name with the full name and extension of the actual script.

You need to let Cloud Shell know that the script is executable. You can do this by running the following command in your Cloud Shell,

chmod +x script-name

Next, run the script in your Cloud Shell,

./script-name

3. Check for any errors.

Errors in the Cloud Shell are easy enough to spot. For example,

errors.png

Please see our Troubleshooting section for help with these errors.

If the script is successful, you will see output similar to the following in your Cloud Shell,

success-og.png

Verify Credentials

1. Click Verify Credentials.

verify.png

2. Your billing account is added and a green balloon notifies you of success.

green-1.png

3. Click the refresh icon to update status.

creds-refresh.png

4. The green check mark indicates that this billing account has been successfully credentialed.

green-2.png

Conclusion

You have now successfully added your billing account to Cloudability. We ingest data at regular intervals and your billing data will be available starting from the next ingest cycle. Upon the next ingest, we will also enumerate the projects associated with this billing account; return to the GCP credentials page to see the list of projects linked to the billing account.

Lastly, if your organization has additional GCP billing accounts that you would like to add then please repeat this process for each of those billing accounts.

Troubleshooting Script Errors

1. ERROR: (gcloud.iam.roles.create) FAILED_PRECONDITION: You can't create a role with role_id (CloudabilityRole_Billing) where there is an existing role with that role_id in a deleted state.

gcp-error-deletedrole.png

Context: This can occur when you run the script after deleting an existing role, from your billing project, with role_id CloudabilityRole_Billing. The role could be in a deleted state and the script cannot create a new role with that role_id. You can view the role's status -- Enabled, Disabled, Deleted -- in your cloud console.

Solution: Undelete the existing role with role_id CloudabilityRole_Billing, from your billing project, and re-run the script.

2. ERROR: (gcloud.iam.roles.create) Resource in project is the subject of a conflict.

gcp-error-ok.png

Context: This can occur when you have an existing role, within your billing project, with role_id CloudabilityRole_Billing. The error indicates that the script is unable to create a new role with role_id CloudabilityRole_Billing because one already exists.

Solution: Ignore this error.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk