This module automates creation of the GCP resources required to deploy the Billing Dashboard. Billing Dashboard is a Looker Studio report, which uses Billing Export of the Standard Usage Cost into a BigQuery dataset, and offers drill down and slice and dice capabilities to analyze GCP spend using charts, tables and filters.
This terraform module supports creating:
- BigQuery View for the Standard Usage Cost export BigQuery table.
- If the Looker Studio Service Agent name is provided, then this module will create the following components:
- GCP Service Account to be impersonated by the Looker Studio Service Agent
roles/iam.serviceAccountTokenCreator,roles/bigquery.jobUserandroles/bigquery.dataViewerroles binding for the GCP service account
Due to the Looker Studio API limitations, the output of this script will generate a Looker Studio Linking API link. You need to click the link from terraform output to accept and save the report.
- To deploy this blueprint you must have an active billing account and billing permissions.
- Verify or enable GCP Billing Exports - standard or detailed usage costs export (if enabling for first time, await export tables to be created before proceeding to next step)
- If you plan to share the report in your organization and use a Service Account instead of your own credentials to access the BigQuery View, copy the Service Agent name from the Looker Studio Service Agent page and pass it to the script via the
looker-studio-service-agent-nameparameter.
Basic usage of this module is as follows:
module "billing_dashboard" {
source = "terraform-google-modules/billing-dashboard/google"
version = "~> 0.1"
project_id = "<PROJECT ID>"
bq-billing-export-table-id = "<BILLING EXPORT TABLE ID>"
bq-dashboard-dataset-name = "<BIGQUERY DATASET>"
looker-studio-service-agent-name = "<LOOKER STUDIO SERVICE AGENT>"
}Functional examples are included in the examples directory.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| >= 3.53, < 5.0 |
| Name | Version |
|---|---|
| 4.54.0 |
No modules.
| Name | Type |
|---|---|
| google_bigquery_table.target_view_name | resource |
| google_project_iam_binding.looker_studio_sa_bq_job_user | resource |
| google_project_iam_binding.looker_studio_sa_bq_viewer | resource |
| google_service_account.looker_studio | resource |
| google_service_account_iam_binding.token-creator-iam | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| billing-data-interval | Time interval in month to be showed in billing dashboard. | number |
13 |
no |
| bq-billing-export-table-id | Standard billing export BigQuery table name INCLUDING project id and dataset id. Can be found in BigQuery table details under table id. | string |
n/a | yes |
| bq-dashboard-dataset-name | BigQuery dataset id where the dashboard view will be created. Should already exist. | string |
n/a | yes |
| bq-dashboard-view-labels | A map of labels to apply to BigQuery view. | map(string) |
{} |
no |
| bq-dashboard-view-name | BigQuery view name for the billing export to be created. | string |
"billing-export-view" |
no |
| looker-studio-report-name | Copied report name. | string |
"billing-report" |
no |
| looker-studio-service-account-name | Gcp service account name used to execute looker requests on behalf of looker service agent. | string |
"looker-studio-sa" |
no |
| looker-studio-service-agent-name | Looker studio service agent name to be used with the looker studio dashboard. Can be copied from https://lookerstudio.google.com/c/serviceAgentHelp. If empty no gcp service account will be created and looker dashboard will be used with the executor's personal gcp account only. | string |
null |
no |
| project-id | Project ID to deploy to | string |
n/a | yes |
| Name | Description |
|---|---|
| gcp_service_account_name | Gcp service account name to be used with looker dashboard as datasource credentials. |
| looker_studio_report_link | Looker Linking API url. |
In order to execute this module you must have a Service Account with the following roles on the project:
- roles/bigquery.dataEditor
- roles/iam.serviceAccountAdmin
- roles/iam.projectIamAdmin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
Org policies that could block the deployment of this solution
- constraints/iam.disableServiceAccountCreation
A project with the following APIs enabled must be used to host the resources of this module:
- BigQuery API
bigquery.googleapis.com - Identity and Access Management (IAM) API
iam.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
The following dependencies must be available:
- Terraform v0.13
- Terraform Provider for GCP plugin v3.0
Refer to the contribution guidelines for information on contributing to this module.
Please see our security disclosure process.