Skip to main content
Skip table of contents

GCP Account Onboarding Security FAQs

As part of our commitment to a smooth and secure onboarding process, we've prepared the following FAQs to help address any queries you might have about GCP account onboarding with DigitalEx.

Q1. What is the process for onboarding an GCP account with DigitalEx?

In GCP, there are two main types of organization entities:

  • Billing Account

  • Projects

In DigitalEx, the Billing Account is onboarded as a billing account and Projects as usage accounts. These can be onboarded either using GCP Cloud shell templates or manually with a step-by-step guide.

Q2. What is a billing account and why does DigitalEx need it?

In DigitalEx, a "billing account" refers to the GCP Billing Account. It provides access to cost data, allowing the DigitalEx platform to perform analysis, waste identification, budget management, and more.

Q3. What is a usage account and why does DigitalEx need it?

A "usage account," a term used by DigitalEx, refers to GCP Projects. We recommend onboarding all of them as usage accounts in DigitalEx. This allows real-time resource inventory across all your accounts, cost analysis of resources over time, identification of unused resources, and more.

Q4. How do I access the guide for onboarding my billing account?

The guide for onboarding your billing account is available at this link: GCP Billing Account Onboarding Guide

Q5 How do I access the guide for onboarding my usage account?

The guide for onboarding your usage account can be found at this link: GCP Usage Account Onboarding Guide

 Q6. Is it secure to onboard my GCP account with DigitalEx? If so, why?

Yes, DigitalEx has implemented strict measures to ensure the security of your account and data. We use Service accounts for access and grant our export only the minimum required read-only permissions. The service account  JSON are securely stored in a vault. For billing accounts, DigitalEx has read access only at the BigQuery dataset where cost exports are stored. For usage accounts, you can create a custom role with specific read permissions for asset tracking.

Q7: How does GCP CLI onboarding for billing accounts work?

Using GCP cloudshell for onboarding can improve efficiency and reduce the risk of mistakes. When you execute the onboarding command, the system will:

  • Display a list of accessible projects for you to select the one, where are exports are stored.

  • Check for cloud billing export to BigQuery enabled?

  • Create a new IAM Role & Service account and grant it read-only access to the BigQuery dataset where the cost export is stored.

Your understanding and cooperation will significantly improve the onboarding process, ensuring we can provide the best possible service.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close