GCP Billing Subaccounts for Resellers
A service account is the object that gets added to Commander as a Cloud Account. For more information on creating service accounts, see Create a service account for Commander to access GCP. In the Google Cloud Console, you can create service accounts to group your customer's project resources.
If you're a reseller, you can create Cloud Billing subaccounts to manage your customers' project resources in Commander. Cloud Billing subaccounts are owned by a reseller's parent Cloud Billing account. Subaccounts allow you to group project costs for chargeback and IT costing purposes.
In the scenario below, four service accounts would be added to Commander by creating four service accounts in the GCP console:
- Reseller service account
- Customer1 service account
- Customer2 service account
- Customer3 service account
To manage resources better, place all the customer's projects and the resource management projects in a suitable folder structure.
Billing account structure
Main billing account — The main billing account is linked to the payment profile in GCP. Only the subaccounts should be associated with Commander billing retrieval. The recommended structure is shown in the scenario above. Note that Commander doesn't need access to the main billing account.
Billing subaccounts — A billing subaccount can be created for each customer. Multiple projects can be created and attached to the customer’s billing subaccount. For more information about the main account/subaccount structure, see Subaccounts in the Google Cloud documentation.
Customer service account
Each customer can have a service account, with the appropriate permission and each customer can see multiple projects within that service account.
Reseller management project
The reseller should create a project for each customer. This project will be used to store resources that are specific to the customer (ProjectToManageCustomerX). The project will include:
- The customer service account.
- The dataset for the billing export from the subaccount.
- Other required data.
This project shouldn't be visible to customers.
Billing extract
The billing extract can be configured to extract data to the dataset that's in the reseller management project (ProjectToManageCustomerX). The billing extract can be configured for each subaccount.
When the reseller configures markup on the resources, the customer shouldn't have access to the raw billing data. This is important because customers shouldn't see pre-marked-up data.
Reseller service account
The reseller service account should be added to Commander as a cloud account and should be able to see the projects which store customer billing data. The reseller cloud account will see all of the reseller-managed projects but not the customer projects.
The reseller cloud account can be configured to retrieve billing reports in Commander. Once the data is retrieved, the data will be distributed to the customer cloud accounts.
Configuration of billing retrieval
Billing retrieval can be configured for the reseller service account or the individual client accounts.
It's recommended to configure all of the billing accounts on the reseller account. The Commander user who configures billing retrieval must have access to the client service accounts and to the reseller service account.