Terraform

To switch billing account of projects managed via Terraform, you have to grant the Terraform service account appropriate permissions on the Cloud Billing account provided by DoiT and update the billing_account value in your script.

Caution

Make sure to check your marketplace subscriptions and spend-based CUDs before proceeding. Failing to do so may result in data loss.

Grant permission

To grant permission to the Terraform service account:

1. Sign in to the Google Cloud Console, using an account with the Billing Account Administrator role on the DoiT Cloud Billing account.

2. Open the Cloud Console Navigation menu and select Billing.

   If you have more than one Cloud Billing account:

   • To manage Cloud Billing for the current project, select Go to linked billing account.

   • To use a different Cloud Billing account, select Manage billing accounts and then choose the account of interest.

3. In the Billing Account Overview window, select the Manage option next to the billing account.

   

4. In the Info Panel pane on the right, select Add Principal.

5. In the New principals field, enter the Terraform service account.

6. From the Select a role drop-down list, select the Billing Account Administrator role.

   Tip

   If you unlink projects on the project level (with the Project Billing Manager or Project Owner role), then you can grant the Terraform service account the Billing Account User role instead of the Billing Account Administrator role.

7. Save your changes.

See also

• Google Cloud Docs: Overview of Cloud Billing roles in IAM

• Google Cloud Docs: Enable, disable, or change billing for a project

Set/Replace value for billing_account

As noted on Terraform documentation for Google Cloud Platform google_project, one of the arguments supported is billing_account.

To associate the projects, set or replace its value with your DoiT Billing account ID.

Example:

resource "google_project" "my_project" {
  name       = "My Project"
  project_id = "your-project-id"
  org_id     = "1234567"
  billing_account = "DoiT-Billing-Account-ID"
}

Default Billing Account

If an identity (in this case the Terraform service account) only has access to a single billing account, Google Cloud will use that as the default billing_account value in Terraform.

To ensure your DoiT Billing account is selected as the default, you can remove the Terraform service account's permission to other billing accounts and/or explicitly set the DoiT Billing account ID in your Terraform script.