> For the complete documentation index, see [llms.txt](https://docs.archera.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.archera.ai/help-center/gcp-onboarding/gcp.md). # Onboarding Archera on GCP This is the installation guide for Archera's GCP integration via **Infrastructure Manager**. Archera supports one integration per billing account. If you have multiple billing accounts, you'll need to create multiple integrations — if you have many, reach out to Archera for assistance. The first step is to create an Archera account if you don't already have one. Visit [app.archera.ai/signup](https://app.archera.ai/signup), then select **GCP** as the cloud you'd like to onboard and proceed with this guide. {% hint style="info" %} **This guide is also a worksheet.** As you work through the steps, jot down the seven values listed below — Organization ID, Project ID, Billing Account ID, Billing Export Project ID, and the three dataset IDs (Billing, Pricing, CUD). You'll enter all of them into the Archera installation form in Step 8. The [Summary of values collected](#summary-of-values-collected) table at the end of the guide shows an example of what each one looks like. {% endhint %} ## Prerequisites Before you start, please make sure you have: * **Permissions** on the target GCP organization sufficient to create projects, link billing accounts, edit organization policies, and run Infrastructure Manager deployments — typically **Organization Owner**. For the full list of ongoing permissions granted to Archera, see [What Permissions Does the GCP Deployment Require?](/help-center/gcp-onboarding/required-permissions.md). * **Access to GCP Cloud Shell** (or a local environment with the `gcloud` CLI installed). Cloud Shell can be opened by clicking the terminal icon in the top-right of the GCP Console. * **The Archera deployment script URL** (provided on your Archera onboarding page). The URL is only valid for **7 days** after Archera generates it — if more time has passed, request a fresh one from your Archera contact. During this installation, please make sure to write down the following values. You'll enter them into the Archera portal at the final step: | Value | Description | | ----------------------------- | ------------------------------------------------------------ | | **Organization ID** | Your GCP organization identifier | | **Project ID** | Hosts required resources and default datasets | | **Billing Account ID** | The account this integration is associated with | | **Billing Export Project ID** | Project containing the billing, pricing, and CUD exports | | **Billing Export Dataset ID** | BigQuery dataset with the Billing export table | | **Pricing Export Dataset ID** | BigQuery dataset with the Pricing export (can match billing) | | **CUD Export Dataset ID** | BigQuery dataset with the CUD export (must be different) | ## Installation Steps ### 1. Start the integration on Archera's website Open the Archera installation form. Navigate to [app.archera.ai](https://app.archera.ai) → **Integration Settings** → **Google Cloud (GCP)** → **Create New Installation**. Keep this tab open — you'll fill in the form with the values you collect in the following steps. {% hint style="info" %} This step requires an Archera account. Please register at [app.archera.ai](https://app.archera.ai). Sign up and reach out if you have any questions. {% endhint %} ### 2. Organization & Project IDs {% hint style="info" %} **Best practice:** Create a new dedicated project for the integration unless you already have pricing, billing, and CUD exports configured (see steps 4–5). We recommend creating a new project (e.g. `archera-integration`) to host the billing exports and Archera-deployed resources. This project is **not** the scope of what Archera will see — Archera reports on every project under your billing account, regardless of which project hosts the exports. Keeping the integration in its own project just makes permissions, costs, and lifecycle easier to manage. {% endhint %} Make sure you are in the correct organization and project (use an existing project or create a new one) by clicking on the organization selector in the top left. **Write down the Organization ID and Project ID.**
GCP organization selector showing Organization ID and Project ID
### 3. Billing Navigate to the **Billing** dashboard by searching in the top bar or the navigation bar on the left. ### 4. Billing Account ID Write down the **Billing Account ID** of the billing account that you will be installing Archera on. If you do not see this page, you can find it by clicking the **Billing account** dropdown in the top left and selecting **Manage billing accounts**. Once you've recorded the ID, click on the correct billing account.
GCP Billing dashboard with the Billing account ID column highlighted
### 5. Billing Export Navigate to the **Billing Export** subsection of the Billing dashboard. ### 6. Detailed Usage Cost, Pricing, and CUD Exports Enable **Detailed usage cost**, **Pricing**, and **Committed Use Discounts** exports. Three distinct billing exports are needed for the Archera integration: * **Detailed usage cost (Billing) Export** * **Pricing Export** * **CUD (Committed Use Discounts) Export** All three exports must reside in the same project. Although the exports reside in one project, they provide visibility into all projects and resources running under your billing account. When initially configured, these exports will reside in BigQuery. The Billing and Pricing exports **can** reside in the same BigQuery dataset, but the CUD export **must** reside in a separate dataset.
Detailed usage cost, Pricing, and Committed Use Discounts exports all enabled in the GCP Billing Export settings
{% hint style="warning" %} **Heads up — backfill takes time.** After you enable the exports, GCP can take **24–48 hours** to start populating the underlying tables (`gcp_billing_export_*`, `cloud_pricing_export`, `committed_use_discount_*`). If verification fails with a "table not found" error shortly after enabling exports, this is expected — wait for the backfill. {% endhint %} ### 7. Dataset IDs Copy the **Detailed usage cost** export dataset ID, the **Pricing** export dataset ID, and the **CUD** export dataset ID. For each of the three exports, click the dataset link (e.g. `billing_export`) under **Dataset name** in the export settings panel — this opens the dataset details page, where the full dataset ID is shown at the top under the **Details** tab. Copy the entire dataset ID, e.g. `project-001.export_dataset` — the dataset ID will contain a project ID prefix.
Detailed usage cost panel with the dataset name link highlighted
BigQuery dataset details page showing the full Dataset ID at the top
### 8. Enter your values and copy the deployment link Return to the Archera installation form you opened in Step 1. Enter the seven values you collected in Steps 2–7: Organization ID, Project ID, Billing Account ID, Billing Export Project ID, and the three dataset IDs (Billing, Pricing, CUD). Press **Continue**. Archera will generate a Terraform deployment link based on your inputs. **Copy the link** — you'll paste it into GCP Cloud Shell in the next step to deploy the integration. ### 9. Deploying via Infrastructure Manager Archera's onboarding process uses the GCP Infrastructure Manager service to deploy the required resources: * **API enablements** in your billing project — Cloud Billing API (`cloudbilling.googleapis.com`), Consumer Procurement API (`cloudcommerceconsumerprocurement.googleapis.com`), and Recommender API (`recommender.googleapis.com`) — to allow Archera to access billing data, view CUD recommendations, and manage Marketplace procurement orders. * **An organization-level custom IAM role** `archera_application` for the Archera service account, covering Compute Engine and BigQuery commitments and reservations, CUD recommendations, organization structure (folders and projects), monitoring, and service usage — plus (in full mode) the ability to place and manage procurement orders. * **A second organization-level custom IAM role** `archera_bq_export` bound at the dataset level on your BigQuery billing, pricing, and CUD export datasets only — providing read access plus the ability for Archera to manage authorized dataset access on its own derived views. * **A project-level `roles/bigquery.jobUser` binding** on your billing project so Archera can run queries against your billing data. * **Billing-account-level predefined roles** bound directly to the billing account — `roles/consumerprocurement.orderViewer` and `roles/billing.viewer` (plus `orderAdmin` and `billing.admin` in full mode) — since procurement orders and CUD recommendations are scoped to billing accounts and can't always be controlled via organization-level roles. * **A GCS storage bucket** (`archerastorage_`, US region, STANDARD storage class, uniform bucket-level access, public access prevented, objects auto-deleted after 7 days) to stage billing data exports. * **Permissions on the storage bucket** for use by Archera's Storage Transfer Service account to copy the billing, pricing, and CUD data for analysis. For a permission-by-permission breakdown, including the difference between Visibility Only and Full Access mode, see [What Permissions Does the GCP Deployment Require?](/help-center/gcp-onboarding/required-permissions.md). {% hint style="info" %} **Visibility-only mode (optional).** By default, the deployment grants Archera full access — read permissions plus the ability to place, modify, and cancel commitment orders on your behalf. If you'd prefer read-only access (Archera surfaces recommendations but never executes purchases), you can run the Terraform in visibility-only mode: download the Terraform source from the GCS URL referenced below (see the **Advanced users** note at the bottom of this step), set `visibility_only = true` in `locals.tf`, then deploy via the Infrastructure Manager console. {% endhint %} The Infrastructure Manager service requires a temporary service account with appropriate permissions to create and apply the required resources. The service account and its permissions will be removed automatically following deployment. Paste the deployment link you copied in the previous step into GCP Cloud Shell. The link will look something like this: ```bash gsutil cat gs://archera-production-onboarding/HvtzuOrtQ_ei4A519CdMwIb89iT30ci_QzhKEraR9Ps/deploy.sh | bash ``` Paste it into GCP Cloud Shell. The script will download and execute the deployment, generating a temporary service account along the way. The script URL will only be available for **seven days**. {% hint style="warning" %} **If errors occur**, copy the script output for Archera support. Retrying the script may overcome transient errors. For more detail, run in debug mode by inserting `DEBUG=true` into the command: ```bash gsutil cat gs://archera-production-onboarding/.../deploy.sh | DEBUG=true bash ``` {% endhint %} **Advanced users** may download the deployment script and Terraform source from the GCS `gs://` URL for inspection. The Terraform deployment configuration can be run directly in the Infrastructure Manager console using the GCS URL (not including the `deploy.sh` portion) as the source. #### Deployment errors The following error may occur when deploying the infrastructure configuration: > One or more users named in the policy do not belong to a permitted customer Please ensure that no existing organization-level constraints restrict IAM policy bindings for external service accounts such as Archera's. If this is the case, Archera's service account `application@archera.iam.gserviceaccount.com` or customer ID `C02c8qgso` should be added to the constraint's allow list. This error may occur due to the standard `iam.managed.allowedPolicyMembers` or `iam.allowedPolicyMemberDomains` organization constraints, or any custom organization policy referencing the `iam.googleapis.com/AllowPolicy` resource. See [Restricting identities by domain](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains) for details. * If the `iam.managed.allowedPolicyMembers` policy is set, add `serviceAccount:application@archera.iam.gserviceaccount.com` to the `allowedMemberSubjects` parameter. Refer to the GCP documentation for configuring `iam.managed.allowedPolicyMembers`. * If the `iam.allowedPolicyMemberDomains` policy is set, add Archera's customer ID `C02c8qgso` to the `allowedValues` parameter. Refer to the GCP documentation for configuring `iam.allowedPolicyMemberDomains`. ### 10. Archera — Subscription Search for "Archera" and subscribe to **Archera - Subscription**. Be sure to select the correct billing account corresponding to this install.
Archera - Subscription product page in the GCP Marketplace with the Subscribe button highlighted
### 11. Sign up with Provider Select **"Sign up with provider"**. You will be redirected and asked to sign into a service called `clazar.io` — this is Archera's trusted partner for marketplace transactions.
GCP confirmation that your order request has been sent to Archera, with a Sign up with Provider button
### 12. Complete Registration with Archera Fill in the required information to complete your registration with Archera, or log into your existing Archera account.
Clazar Complete your registration form with Company Name and Full Name fields
## Summary of values collected Use this table as a quick reference when filling out Archera's installation form: | Field | Example | | ------------------------- | ---------------------------------------- | | Organization ID | `302636258399` | | Project ID | `archera-integration` | | Billing Account ID | `01478A-B65ABA-BCFDED` | | Billing Export Project ID | `archera-integration` | | Billing Export Dataset ID | `archera-integration.billing_export` | | Pricing Export Dataset ID | `archera-integration.billing_export` | | CUD Export Dataset ID | `archera-integration.billing_export_cud` | ## Troubleshooting ### Pricing or CUD table not found on verification If verification fails with an error like `Table 'cloud_pricing_export' not found in pricing dataset`, the export table simply hasn't been backfilled yet. GCP can take 24–48 hours after exports are enabled to start populating these tables. Wait and retry — no configuration change is required. ### Infrastructure Manager deployment fails with "blueprint fetch failed" An error such as `blueprint fetch failed: invalid path: stat /workspace/apply/content: no such file or directory` is a transient Infrastructure Manager issue. The deployment is idempotent — safely re-run the deploy script. It typically succeeds on the second attempt. ### Deployment script URL has expired The script URL provided by Archera is valid for 7 days. If more time has passed, the URL will return a not-found error. Contact your Archera representative to generate a fresh URL. ### "Not Installed" on the Archera GCP integration page Running the GCP deployment script alone does not register the installation with Archera. You must also complete Step 8 (submitting your values in the Archera installation form) using the values collected in earlier steps. If the GCP integration page still reads **Not Installed** after running the deployment, Step 8 has likely been missed. ## Related Resources * [What Permissions Does the GCP Deployment Require?](/help-center/gcp-onboarding/required-permissions.md) ## Appendix — APIs enabled and resources deployed For reference, the deployment script will enable the following GCP APIs in the integration project (if not already enabled): | | | | ----------------------------------------- | ------------------------------------- | | `bigquery.googleapis.com` | `bigquerydatatransfer.googleapis.com` | | `billingbudgets.googleapis.com` | `cloudbilling.googleapis.com` | | `cloudcommerceprocurement.googleapis.com` | `cloudresourcemanager.googleapis.com` | | `config.googleapis.com` | `iam.googleapis.com` | | `storage.googleapis.com` | `storagetransfer.googleapis.com` | The Terraform configuration applied by Infrastructure Manager creates: an organization-level IAM role for Archera's application service account, a role binding from that role to Archera's service account, a Cloud Storage bucket for exported billing data, and Storage Transfer Service permissions so that Archera can copy billing, pricing, and CUD data for analysis. The temporary deployment service account created during this process is granted Owner, Role Administrator, Organization Administrator, Organization Role Administrator, and Billing Administrator roles, and is deleted automatically when the deployment completes. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.archera.ai/help-center/gcp-onboarding/gcp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.