Cloud Billing Budget API Setup

This guide provides all required setup steps to start using the Cloud Billing Budget API.

Before you begin

You should do the following before reading this guide:

  1. Read Cloud Billing Budget API Overview.
  2. Read Cloud Billing Budget API Prerequisites.

About the Cloud Console

The Google Cloud Console (visit documentation, open console) is a web UI used to provision, configure, manage, and monitor systems that use Google Cloud products. You use the Cloud Console to set up and manage Google Cloud and Cloud Billing resources.

1. Select or Create a project

To use services provided by Google Cloud, you must create a project. A project organizes all your Google Cloud resources. A project consists of a set of collaborators, enabled APIs (and other resources), monitoring tools, billing information, and authentication and access controls. You can create one project, or you can create multiple projects and use them to organize your Google Cloud resources in a resource hierarchy. For more information on projects, see the Resource Manager documentation.

Recommendation: We recommend that you configure a separate, single Google Cloud project to contain all of your billing administration needs, including the Cloud Billing Budget API. Your billing administration Google Cloud project can also be used for things like Cloud Billing Account API access, Cloud Billing exported data, Pub/Sub channels for programmatic budget notifications, and so on.

GCP プロジェクトを選択または作成します。

プロジェクト セレクタのページに移動

2. Enable billing

You need to make sure that billing is enabled on the project you are using for calling the Cloud Billing Budget API. If you followed the recommendation in the project section, this is your billing administration Google Cloud project.

A Cloud Billing Account is used to define who pays for a given set of Google Cloud resources. Resources, such as enabled APIs, are organized in projects. A Cloud Billing Account can be linked to one or more projects. Project usage is charged to the linked billing account. In most cases, you configure billing when you create a project. For more information, see the Billing documentation.

You set up Cloud Billing budgets to monitor a Cloud Billing Account. The Cloud Billing Account you are monitoring can be the same Cloud Billing Account that is linked to the project you use to call the Cloud Billing Budget API. Note that the Cloud Billing Budget API is free to use for Google Cloud customers. If you choose to configure programmatic budget notifications, you will be charged the standard Pub/Sub prices.

Google Cloud Platform プロジェクトに対して課金が有効になっていることを確認します。 詳しくは、課金を有効にする方法をご覧ください。

3. Enable the API

You must enable the Cloud Billing Budget API in the project you are using to call the Cloud Billing Budget API. If you followed the recommendation in the project section, this is your billing administration Google Cloud project.

For more information on enabling APIs, see the Service Usage documentation.

Cloud Billing Budget API を有効にします。

APIを有効にする

4. Set up authentication

If you plan to use the Cloud Billing Budget API, you need to set up authentication. Any client application that uses the API must be authenticated and granted access to the requested resources. This section describes important authentication concepts and provides steps for setting it up. For more information, see the GCP authentication overview.

About service accounts

There are multiple options for authentication, but we recommend that you use service accounts for authentication and access control. A service account provides credentials for applications, as opposed to end-users.

Service accounts are owned by projects, and you can create many service accounts for a project. For more information, see Service accounts.

About roles

When an identity (the service account) calls an API, Google Cloud requires the identity to have the appropriate permissions. You grant permissions by granting roles to a service account. For more information, see the Cloud Identity and Access Management documentation.

To use all of the Cloud Billing Budget API methods, you will need to add the service account as a member to each Cloud Billing Account where you want to use the Cloud Billing Budget API to programmatically manage budgets, and assign the appropriate roles to the service account.

If you plan to configure a Pub/Sub topic for programmatic budget notifications, you also need to add the service account as a member of the project where your Pub/Sub topic resides, and assign the Cloud IAM Security Admin role to the service account. This role is needed so that the service account has permission to grant the Pub/Sub Publisher role on the topic to allow Cloud Billing to publish messages to it.

For more information on roles specific to Cloud Billing APIs, see the Cloud Billing APIs access control document.

About service account keys

Service accounts are associated with one or more public/private key pairs. When you create a new key pair, you download the private key. Your private key is used to generate credentials when calling the API. You are responsible for security of the private key and other management operations, such as key rotation.

A. Create a service account and download the private key file

The service account needs to be created in the same project where you registered the Cloud Billing Budget API. If you followed the recommendation in the project section, this is your billing administration Google Cloud project.

  1. In the Cloud Console, go to the Create service account key page.

    Go to the Create Service Account Key page
  2. From the Service account list, select New service account.
  3. In the Service account name field, enter a name.
  4. Don't select a value from the Role list (this service account will not be managing project resources). In a later step, you will grant the service account the permissions needed to manage budgets for your Cloud Billing Account.
  5. Click Create. A note appears, warning that this service account has no role.
  6. Click Create without role. A JSON file that contains your key downloads to your computer.

B. Grant your service account permissions to use the Cloud Billing Budget API

Grant Cloud Billing and Cloud IAM roles to your service account to assign the permissions needed to use all of the Cloud Billing Budget API methods for all budgets in your Cloud Billing Account.

  1. Find your service account email address inside the json file you just downloaded, with the key client_email. The email will look like service-account-name@project-id.iam.gserviceaccount.com.
  2. In the Cloud Console, navigate to the Billing account management page and follow these instructions to update billing permissions for the service account.
  3. Optional: If you plan to configure your budgets to use programmatic notifications, you also need to assign IAM permissions to the project where your Pub/Sub topic resides (this might be your billing administration Google Cloud project, if you followed the recommendation in the project section).
    1. Open the console navigation menu () and click IAM & admin > IAM.
    2. On the IAM Permissions tab, confirm you are viewing the permissions for the project where your Pub/Sub topic resides. You will see a headline on the page similar to this: Permissions for project "My Cloud Billing Admin Project".
    3. Add the service account email as a member of the project, and assign the Cloud IAM Security Admin role to the service account member.
      1. Click ADD.
      2. In the New members field, enter the service account email address.
      3. In the Select a role drop-down, scroll down to (or filter by) IAM, and select the Security Admin role.

C. Use the service account key file in your environment

環境変数 GOOGLE_APPLICATION_CREDENTIALS を設定して、アプリケーション コードに認証情報を指定します。[PATH] は、サービス アカウント キーが含まれる JSON ファイルのファイルパスに置き換え、[FILE_NAME] はファイル名に置き換えます。この変数は現在のシェル セッションにのみ適用されるため、新しいセッションを開く場合は、変数を再度設定してください。

Linux または macOS

export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

例:

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json"

Windows

PowerShell を使用する場合:

$env:GOOGLE_APPLICATION_CREDENTIALS="[PATH]"

例:

$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\[FILE_NAME].json"

コマンド プロンプトを使用する場合:

set GOOGLE_APPLICATION_CREDENTIALS=[PATH]

5. Install and initialize the Cloud SDK

If you plan to use the Cloud Billing Budget API, you need to install and initialize the Cloud SDK. Cloud SDK is a set of tools that you can use to manage resources and applications hosted on Google Cloud. This includes the gcloud command line tool. The following link provides instructions:

Cloud SDK をインストールして初期化します。

6. Test the SDK and authentication

If you have set up authentication in previous steps, you can use the gcloud tool to test your authentication environment. Execute the following command to verify that no error occurs and that credentials are returned:

gcloud auth application-default print-access-token

That command is used by all Cloud Billing Budget API command line REST samples to authenticate API calls.

7. Install the Cloud Billing Budget API client library

The Cloud Billing Budget API is built on HTTP and JSON, so any standard HTTP client can send requests to it and parse the responses.

Coming Soon: Google supported client libraries will be available soon for several popular languages. Client libraries provide better language integration, improved security, and support for making calls that require user authorization.

Until then, you have two options for calling the API:

このページは役立ちましたか?評価をお願いいたします。

フィードバックを送信...

ご不明な点がありましたら、Google のサポートページをご覧ください。