Set up your Organization for Google Cloud Part II
In part I we saw how to create a new Cloud Identity account and create an organization in Google Cloud.
This was the first task about to set up an organization for Google Cloud as shown below.
To set up an organization in Google Cloud, you finally need to configure several tasks to build the Google Cloud foundation for.
This post will show the remaining tasks to set up the organization and Google Cloud foundation.
So click on the second task Provision users and groups to create your administrative users and a bunch of predefined groups. Afterwards click on Continue to add the users to these groups.
Now I can add my administrative users to the previously created predefined groups.
After that I can click on Confirum Users & Groups to finish this task.
Click on Continue to Administrative Access
Do the same for all of the administrative access sections.
Finally the checklist now looks like below.
After Set up billing the next task is Configure hierarchy and assign access
Therefore I need to request an increase in project quota associated with my billing account in order to complete the next few tasks.
You need to request an increase in project quota associated with your billing account (My Billing Account) in order to complete the next few tasks.
Setting up a secure foundation on Google Cloud requires several billing-enabled projects for networking, logging, and monitoring.
Request to increase your billing-enabled project quota to ensure that all your new projects are linked to your billing account, My Billing Account.
So after clicking on the Request Quota Increase button you will get an email with further instructions. One is to make a payment of $10 from the transaction history page and replying to the email when the charges clears.
Besides the $10 can be applied to any charges in future.
In the email also is noted that a member of the Cloud Platform/API team will provide you with an update on this request within 2 business days.
One day later I was getting the following email replay to my request.
Your payment of €10.00 (reference CLOUD **** on Mastercard ****) was applied to Google Cloud Platform & APIs on Nov 24, 2022.
Unfortunately two more days later I wasn’t able to set up the hirarchy & access setup and getting still the following warning message.
So I was clicking another time on the button REQUEST QUOTA INCREASE and further asking in the form field when they finally will increase the project quota. I was getting an immediately email reply (must be automated) that the quota is granted and should take effect within one hour of receiving that reply message.
So I am not really sure if this is how it should works to click the REQUEST QUOTA INCREASE button a second time after the reply message about your payment was applied to Google Cloud Platform & APIs is appeared in your inbox to finally get the quota increased.
At least it was then also immediately increased and I was able to start the resource hierarchy & access setup.
After clicking on the Start button above, you can choose between the following starting configurations. You can modify them later to fit your organization’s need.
Simple, environment-oriented hierarchy
Simple, team-oriented hierarchy
Environment-oriented hierarchy
Business unit-oriented hierarchy
For my lab-environment I will choose the first configuration.
First I will configure the hierarchy here.
Next you will configure the Access Control to various groups within your organization to the folders and projects.
Next task is to set up networking
In this task you configure Shared VPC networks and network security controls; review and configure optional network configurations such as outbound connections to the internet (Cloud NAT).
I am still waiting for the reply to my quota request before I can configure task 5 Hierarchy & access, so here I will get a suggestion from Google how my organization resource hierarchy could look like.
Please note that network configurations will not be deployed in this task. You can deploy from the console directly or download it as Terraform later.
Below I will configure the Subnets for all three recommended environments: Production, Non-production and Development.
Regions and zones
https://cloud.google.com/compute/docs/regions-zones
Now I can confirm the Draft Network Architecture by clicking on the button above.
More about the Shared VPN network you can read in my following post.
The next tasks Centralize logging and Enable monitoring I will skip to show here and going directly to the Enable security capabilities.
First I will enable the Security Command Center dashboard.
To set up the Organization Policy we can follow the steps at Customizing policies for boolean constraints
Go to the Organization policies page in the Google Cloud console.
GCP –> IAM & Admin –> Organization Policies
Finally I can deploy my configuration directly or download it to use later.
I will deploy it directly.
So I have to wait till deploying is finished, meanwhile you can leave this page without losing changes.
As noted above this was lasted about 30 minutes to finish.
Now all tasks to set up my organization on Google Cloud are finished.
For testing purpose I will also add the Google Workspace Business Starter license (subscription) to my organization.
Links
Managing Organizations
https://cloud.google.com/resource-manager/docs/creating-managing-organization
