Moving a project

This guide explains how to move a project within your organization resource.

The project is the base-level organizing entity in a Google Cloud organization resource. Projects are created under organization resources, and can be placed under folders or the organization resource itself, forming the resource hierarchy. You can move project resources within your resource hierarchy, but should consider the policy implications of the move before you make it.

When you move a project, any Identity and Access Management policies or organization policies that are directly attached will move with it. However, a project in your resource hierarchy is also affected by the policies that it inherits from parent resources. If a project inherits an IAM role that provides users permission to use a particular service, users will not have access to that service at the destination unless it would inherit the permission at the destination as well.

For example, consider a service account has the Storage Object Creator role bound to a user at Folder A. The service account has permissions to upload data to Cloud Storage in any project in Folder A. If you moved one of these projects to Folder B, which does not have the same inherited permissions, the service account for that project loses the ability to upload data, resulting in a service outage.

These same considerations apply if organization policies are defined at the source and destination folders. Like IAM policies, organization policies are inherited. Consequently, you must ensure that your organization policies are consistent between source and destination folders.

To learn more about organization policies, see Introduction to the organization Policy Service.

To move a project, you need the Project Mover IAM role (roles/resourcemanager.projectMover) on both the source folder and the destination folder. If the resource is not in a folder, you need this role on the organization resource.

These roles give you the following required permissions:

  • resourcemanager.projects.update on the project
  • If the resource is in a folder: resourcemanager.projects.move on the source folder and the destination
  • If the resource is not in a folder: resourcemanager.projects.move on the organization resource

You can also gain these permissions with custom roles, or other predefined roles.

Console

To move a project:

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. Select your Organization from the Organization drop-down on the top left of the page.

  3. Click on your project's row to select your project from the list of resources. Note that you must not click on the name of the project, which takes you to the project's IAM page.

  4. Click on the options menu (the vertical ellipsis) in the row and click Move.

  5. Click Browse to select the folder to which you want to move the project.

  6. Click Move.

gcloud

To move a project, run the gcloud beta projects move command:

gcloud beta projects move PROJECT_ID \
--DESTINATION_TYPE DESTINATION_ID

Where:

  • PROJECT_ID is the ID or number of the project you wish to move.

  • DESTINATION_TYPE is either organization or folder.

  • DESTINATION_ID is the ID of the organization resource or folder to which you want to move the project. You can only specify one target.

API

You can use the v3 projects.move method to move a project.

Request:

POST https://cloudresourcemanager.googleapis.com/v3/{name=PROJECT_NAME}:move
{
  "destinationParent": DESTINATION_PARENT
}

Where:

  • PROJECT_NAME is the name of the project you want to update. For example, projects/415104041262

  • DESTINATION_PARENT is the new parent organization resource or folder under which you want to move the project. For example: organizations/12345678901

If successful, the request will return an Operation which can be used to track the project move.