This topic guides you through setting up a new folder for Assured Workloads environments. You must create a folder before creating any resources using Assured Workloads. For more information about Assured Workloads, see Assured Workloads overview.
Before you begin
Before you can perform the procedure described in this guide, ensure you have done the following:
Create or select an organization.
In Google Cloud Console, create or select a Google Cloud organization.
To learn how to create a Google Cloud organization, see Creating and managing organizations.
Assign Identity and Access Management permissions.
Assign the Folder Administrator Identity and Access Management (IAM) role, which contains the minimum IAM permission levels to create and access Assured Workloads environments.
To assign the IAM role, run the following
gcloudcommand:gcloud organizations add-iam-policy-binding ORGANIZATION_ID \ --member=USER \ --role="roles/resourcemanager.folderAdmin"Replace the following:
- ORGANIZATION_ID: your organization identifier
- USER: the email address of the user for which you would like to
set the role—for example,
user:example@customer.org
The
roles/resourcemanager.folderAdminrole enables the creation of workload environments.To learn more about how to grant, change, or revoke access to resources using IAM roles, see Granting, changing, and revoking access to resources.
Create a new folder
To create a new folder for Assured Workloads environments, do the following:
Go to Resource Manager.
Learn more about creating and managing folders.
Locate the folder you just created.
Copy the ID in the
IDfield.Complete the Assured Workloads folder onboarding form.
What's next
Create a project in the Assured Workloads environment that supports your compliance regime, as follows: