From 45adcf11870df96bd47da8e4c9f1d3e339a88e15 Mon Sep 17 00:00:00 2001 From: lcaggio Date: Fri, 23 Jun 2023 15:52:08 +0200 Subject: [PATCH] First commit. --- blueprints/data-solutions/shielded-folder/README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/blueprints/data-solutions/shielded-folder/README.md b/blueprints/data-solutions/shielded-folder/README.md index 30c230dc..86d3c62c 100644 --- a/blueprints/data-solutions/shielded-folder/README.md +++ b/blueprints/data-solutions/shielded-folder/README.md @@ -104,17 +104,20 @@ To deploy this blueprint in your GCP organization, you will need - a folder or organization where resources will be created - a billing account that will be associated with the new projects -The Shielded Folder blueprint is meant to be executed by a Service Account (or a regular user) having this minimal set of permission: +The Shielded Folder blueprint is meant to be executed by a Service Account having this minimal set of permission: -- Billing account +- **Billing account** - `roles/billing.user` -- Folder level +- **Organization level**: + - `roles/logging.configWriter` - `roles/resourcemanager.folderAdmin` + - `roles/compute.orgFirewallPolicyAdmin` - `roles/resourcemanager.projectCreator` + - `roles/orgpolicy.policyAdmin` -The shielded Folder blueprint assumes [groups described](#user-groups) are created in your GCP organization. +The shielded Folder blueprint assumes [groups described](#user-groups) are created in your GCP organization. Please create them from the [https://admin.google.com/][Google Admin] console. -### Variable configuration PIPPO +### Variable configuration There are several sets of variables you will need to fill in: