eBlu Solutions Shared Analytics VPC
Quick Links
Creating ebs-lb-x-host-dev Project
# create project within the org:
# organizations/XXXXXXXXXXX
export PROJECT=ebs-lb-x-host-dev-124
readonly FOLDER=ops
readonly ORGANIZATION=${{gcloud organizations list --format="get(ID)")
readonly BILLING_ACCOUNT=${{gcloud beta billing accounts list --format="get(ACCOUNT_ID)")
# start create
$ gcloud projects create ebs-lb-x-host-dev \
--folder $FOLDER
--set-as-default
....
$ gcloud beta billing projects link $PROJECT \
--billing-account $BILLING_ACCOUNT
Enable the Shared-VPC on ebs-lb-x-host-dev
$ gcloud beta compute shared-vpc enable ebs-lb-x-host-dev-124
# Updated [https://www.googleapis.com/compute/beta/projects/ebs-lb-x-host-dev-124].
$ gcloud compute shared-vpc organizations list-host-projects XXXXXXXXXXX
# NAME CREATION_TIMESTAMP XPN_PROJECT_STATUS
# ebs-lb-x-host-dev-124
$ gcloud compute shared-vpc get-host-project ebs-tf-ops-92821
# kind: compute#project
# name: ebs-lb-x-host-dev-124
Grant Admin Folder Access to Admin Resource Group
$ gcloud beta resource-manager folders add-iam-policy-binding XXXXXXXXXXX --member="group:gcp-organization-admins@eblusolutions.com" --role="roles/compute.xpnAdmin"
# Updated IAM policy for folder [XXXXXXXXXXX].
# bindings:
# - members:
# - group:gcp-organization-admins@eblusolutions.com
# role: roles/compute.xpnAdmin
# - members:
# - user:brettadmin@eblusolutions.com
# role: roles/resourcemanager.folderAdmin
# - members:
# - user:brettadmin@eblusolutions.com
# role: roles/resourcemanager.folderEditor
# etag: BwXNE78i_yM=
# version: 1
$ gcloud beta resource-manager folders add-iam-policy-binding --member="group:gcp-organization-admins@eblusolutions.com" --role="roles/resourcemanager.projectIamAdmin"
# Updated IAM policy for folder [XXXXXXXXXX].
# bindings:
# - members:
# - group:gcp-organization-admins@eblusolutions.com
# role: roles/compute.xpnAdmin
# - members:
# - user:brettadmin@eblusolutions.com
# role: roles/resourcemanager.folderAdmin
# - members:
# - user:brettadmin@eblusolutions.com
# role: roles/resourcemanager.folderEditor
# - members:
# - group:gcp-organization-admins@eblusolutions.com
# role: roles/resourcemanager.projectIamAdmin
# etag: BwXNE8RVbSY=
# version: 1
$ gcloud beta resource-manager folders add-iam-policy-binding XXXXXXXXXXX --member="group:gcp-organization-admins@eblusolutions.com" --role="roles/compute.networkViewer"
# Updated IAM policy for folder [XXXXXXXXXXX].
# bindings:
# - members:
# - group:gcp-organization-admins@eblusolutions.com
# role: roles/compute.networkViewer
# - members:
# - group:gcp-organization-admins@eblusolutions.com
# role: roles/compute.xpnAdmin
# - members:
# - user:brettadmin@eblusolutions.com
# role: roles/resourcemanager.folderAdmin
# - members:
# - user:brettadmin@eblusolutions.com
# role: roles/resourcemanager.folderEditor
# - members:
# - group:gcp-organization-admins@eblusolutions.com
# role: roles/resourcemanager.projectIamAdmin
# etag: BwXNE8V165Y=
# version: 1
Service Project Admins for some subnets
Shared Relative DEV Environment
gcloud compute networks create ebs-lb-x-host-dev --project=ebs-lb-x-host-dev-124 --description=Shared\ VPC\ for\ development\ relative\ services\ and\ eBlu\ Solutions\ Analytics\ Products --subnet-mode=custom --mtu=1500 --bgp-routing-mode=regional
gcloud compute networks subnets create ebs-lb-x-host-dev-subnet --project=ebs-lb-x-host-dev-124 --description=Singular\ subnet\ responsible\ for\ development\ relative\ service\ connectivity\ and\ eBlu\ Solutions\ Analytics\ Products --range=10.0.0.0/16 --network=ebs-lb-x-host-dev --region=us-east4 --enable-private-ip-google-access --enable-flow-logs --logging-aggregation-interval=interval-15-min --logging-flow-sampling=0.5 --logging-metadata=include-all