GCP Billing Kill Switch
Since hyperscalers do not support an automated way to stop billing, this repo aims to provide a way to spin up such a feature using Terraform and GCP´s native services - to avoid waking up to an exceptionally high bill because you forgot to turn off a GCE instance...
The way it works is quite simple. GCP offers a service called "budgets", which can send mails or publish to a Pub/Sub topic once a defined threshold is reached. This mechanism is used to trigger a Cloud Function that will disable the project´s billing account.
Disclamer: Disabling billing on a project may result in data loss. The account can be manually reactivated but Google does not guarantee that all services remain in place. -- cf. Google Cloud, Disable billing for a project
Usage
Simply reference the GitHub release as a Terraform module and provide the required input parameters.
module "kill-switch" {
source = "github.com/TrisNol/gcp-billing-kill-switch?ref=v1.0.0"
project_id = var.project_id
region = var.region
billing_account = var.billing_account
storage_bucket = google_storage_bucket.bucket.name
}
Note that the storage bucket should already exist and that the account deploying the resources has to have the following additioal roles besides the ones required to actually deploy a cloud function:
- roles/billing.admin (to be granted on billing account level, not project)
- roles/security.admin (project level)
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| >= 4.57.0 |
Providers
| Name | Version |
|---|---|
| archive | 2.3.0 |
| 4.61.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| google_billing_account_iam_member.admin | resource |
| google_billing_budget.default | resource |
| google_cloudfunctions2_function.function | resource |
| google_pubsub_topic.budget_topic | resource |
| google_service_account.cloud_function_sa | resource |
| google_storage_bucket_object.object | resource |
| archive_file.archive_cloud_function | data source |
| google_billing_account.account | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| billing_account | ID of the billing account to attach the budget to | string |
n/a | yes |
| budget | Max. monthly budget | number |
15 |
no |
| currency | Currency to be used for the budget | string |
"EUR" |
no |
| functions_sa_email | Email of a pre-defined service account with roles/billing.admin permission. Defaults to: null | string |
null |
no |
| project_id | n/a | string |
n/a | yes |
| region | Region to create resources in | string |
n/a | yes |
| storage_bucket | Name of the storage bucket where the central cloud function will be placed | string |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| billing_budget_id | ID of the created billing budget |
| cloud_function_id | ID of the cloud function managing the billing account |