You must carefully consider any policy implications before you move a project into or out of a folder because IAM policies that you define at the project level automatically move with the project, but policies that you define at the source or destination parent level do not.
This means that any users who had inherited access to the project may lose that access if the destination folder does not have the same policy. In addition, changes in IAM roles could cause some functionality to stop working until the proper permissions are reinstated.
For example, consider a service account has Storage Object Creator associated at Folder A. This folder has the appropriate permissions to upload data to Google Cloud Storage in any project in Folder A. Now, consider what happens when one of these projects moves to Folder B, which does not have the same permissions. The service account for that project loses the ability to upload data, resulting in a service outage.
These same considerations apply if Organization policies are defined at the source and destination folders. Like IAM policies, Organization policies are inherited. Consequently, you must ensure that your Organization policies are consistent between source and destination folders.
To learn more about Organization policies, see Introduction to the Organization Policy Service.
To move a project into a folder, you need specific IAM roles on the project, the source, and the destination folder. In particular, you must meet the following criteria:
resourcemanager.projects.updatepermission on the project, which typically comes from having either the Project Editor or Project Owner roles on the project.
resourcemanager.projects.movepermission on both the source folder and the destination folder. This permission is typically part of the Project Owner, Project Editor, Folder Admin, or Folder Mover roles. If the resource is not in a folder, you will need this permission on the organization node.
To move a project into the folder:
- In the Google Cloud Console, open the Manage Projects and Folders page.
- Select your Organization from the Organization drop-down on the top left of the page.
- Click on your project's row to select your project from the list of projects and folders. Note that you must not click on the name of the project, which takes you to the project's IAM page.
Click on the options menu (the vertical ellipsis) in the row and click Move.
Click Browse to select the folder to which you want to move the project.
gcloud beta projects move PROJECT_ID --folder FOLDER_ID
[PROJECT_ID]is the ID of the project ID to move.
[FOLDER_ID]is the numeric ID of the folder to move.