Register your Organization
As an organization manager you easily apply for your organization to join RosettaHUB by submitting an application here: Join as an Organization . RosettaHub can manage your organization's AWS, Azure and GCP accounts. Putting your root cloud accounts under the management of RosettaHUB allows for mass on-boarding to AWS, Azure and GCP for all members of your organization. The platform creates individual cloud accounts for each member whilst allowing you to control costs and define budgets, permissions and limits on each cloud account. A RosettaHub cloud account maps an AWS sub-account an Azure resource group or a GCP project.
Organization Registration Process:
Pre-requisites for AWS Registration:
The organization owns an AWS account
Pre-requisites for Azure Registration:
The organization owns an Azure subscription
Pre-requisites for GCP Registration:
The organization owns a GCP account
The organization creates an Organization within GSuite:Â https://gsuite.google.com/signup/gcpidentity/welcome
If the GCP account is new, the organization requests a quota increase on the number of GCP projects:Â https://support.google.com/code/contact/billing_quota_increaseÂ
GCP Gcloud Setup
To give access to RosettaHub to administer a GCP folder, the organization needs to execute the following script and replace folder_id with the rosettahub folder id and rh-email with the email that has been communicated by RosettaHUB.
gcloud resource-manager folders add-iam-policy-binding folder_id --member="user:rh-email" --role="roles/owner"
gcloud resource-manager folders add-iam-policy-binding folder_id --member="user:rh-email" --role="roles/resourcemanager.projectCreator"
gcloud resource-manager folders add-iam-policy-binding folder_id --member="user:rh-email" --role="roles/resourcemanager.projectDeleter"
gcloud resource-manager folders add-iam-policy-binding folder_id --member="user:rh-email" --role="roles/resourcemanager.folderAdmin" |
Â
In order for RH to manage users access to GCP regions, the organization can grant these additional rights and replace project_id with the project id communicated by RosettaHUB and org_id with the organization's organization id under GCP:
gcloud organizations add-iam-policy-binding org_id --member="serviceAccount:administrator@project_id.iam.gserviceaccount.com" --role="roles/orgpolicy.policyAdmin"
gcloud organizations add-iam-policy-binding org_id --member="user:rh-email" --role="roles/orgpolicy.policyAdmin" |
If the organization wants to restrict all users to one region, the organization can simply enforce an organization policy for regions at the folder level and communicate the selected region to RosettaHUB.
Â
Â