Create projects (original) (raw)

Projects are the fundamental operating unit in the Google Cloud resource hierarchy. Projects exist between folders (or the organization) and resources such as virtual machines and storage. This page explains how to create Google Cloud projects using the Cloud Resource Manager API and the Google Cloud console.

Key characteristics of projects include the following:

• The primary service container: A project is the base level where all Google Cloud services (APIs) are enabled and where resources like Compute Engine instances or BigQuery datasets are created.
• The trust boundary: Projects serve as an isolation layer. By default, resources in one project don't have access to resources in another, establishing a secure perimeter for different applications or environments.
• The billing unit: Projects are the primary way businesses track, organize, and separate costs across their organization.
• The policy attachment point: While policies often inherit from folders, the project level is the most common place where specific permissions ( Identity and Access Management (IAM)) are granted to developers and service accounts for daily tasks.

Before you begin

Read about the project resource in theresource hierarchy overview. For guidance on setting up your resource hierarchy, seeDecide a resource hierarchy for your Google Cloud landing zone.

TThe following identifiers are used for your project:

• Project name: A human-readable name for your project.
  The project name isn't used by any Google APIs. You can edit the project name at any time during or after project creation. Project names don't need to be unique.
• Project ID: A globally unique identifier for your project.
  A project ID is a unique string that differentiates your project from all others in Google Cloud. After you enter a project name, the Google Cloud console generates a unique project ID that can be a combination of letters, numbers, and hyphens. Use the generated project ID, but you can edit it during project creation. After project creation, the project ID is permanent.
  A project ID has the following requirements:
  • It must be 6 to 30 characters in length.
  • It can only contain lowercase letters, numbers, and hyphens.
  • It must start with a letter.
  • It cannot end with a hyphen.
  • It cannot be in use or previously used; this includes deleted projects.
  • It cannot contain restricted strings such as google and ssl. Avoid using strings such as undefined and null in a project ID.
• Project number: A project number is an automatically generated unique identifier for your project.

Don't include sensitive information, for example, personally identifiable information or security data, in your project name, project ID, or other resource names. The project ID appears in the name of many other Google Cloud resources. Referencing the project or its resources exposes the project ID and resource name.

Create a project

To create a project, you must have the resourcemanager.projects.createpermission. This permission is included in roles like the Project Creator role (roles/resourcemanager.projectCreator).

The Project Creator role is granted by default to the entire domain of a new organization resource and to free trial users.

For information on how to grant individuals the role and limit organization-resource wide access, see the Managing Default Organization Roles page.

If you don't specify the parent resource, a parent resource is selected automatically if applicable based on the user account's domain.

You can create a new project using the Google Cloud console, the Google Cloud CLI, or the projects.create()method.

Console

To create a new project, do the following:

1. Go to the Manage resources page in the Google Cloud console.
   Go to Manage Resources
   The remaining steps appear in the Google Cloud console.
2. On the Select organization drop-down list at the top of the page, select the organization resource in which you want to create a project. If you are a free trial user, skip this step, as this list does not appear.
3. Click Create Project.
4. In the New Project window that appears, enter a project name and select a billing account as applicable. A project name can contain only letters, numbers, single quotes, hyphens, spaces, or exclamation points, and must be between 4 and 30 characters.
5. Enter the parent organization or folder resource in the Location box. That resource will be the hierarchical parent of the new project. If No organization is an option, you can select it to create your new project as the top level of its own resource hierarchy.
6. When you're finished entering new project details, click Create.

gcloud

1. In the Google Cloud console, activate Cloud Shell.
   Activate Cloud Shell
   At the bottom of the Google Cloud console, aCloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
2. To create a new project, use thegcloud projects create command:

gcloud projects create PROJECT_ID  

Where PROJECT_ID is the ID for the project you want to create. A project ID must start with a lowercase letter, and can contain only ASCII letters, digits, and hyphens, and must be between 6 and 30 characters.
To create a project with an organization resource or a folder as parent, use the--organization or --folder flags. As a resource can only have one parent, only one of these flags can be used:

gcloud projects create PROJECT_ID --organization=ORGANIZATION_ID  

gcloud projects create PROJECT_ID --folder=FOLDER_ID  

REST

You can't use certain words in the project ID when you create a new project with the projects.create() method. Some examples include google, null, undefined, and ssl. When you use a restricted word, the request returns with an INVALID_ARGUMENT error.

The following request only creates a project, and doesn't associate it automatically with a billing account. Use theprojects.updateBillingInfomethod to set or update the billing account associated with a project.

Create Project Request:

POST https://cloudresourcemanager.googleapis.com/v3/projects/
Authorization: *************
Content-Type: application/json

{
    "projectId": "our-project-123",
    "name": "my project",
    "labels": {
      "mylabel": "prod"
    }
}

Create Project Response:

{
    "name": "operations/pc.123456789",
}

Get Operation Request:

GET https://cloudresourcemanager.googleapis.com/v3/operations/pc.123456789
Authorization: *************
Content-Type: application/json

Get Operation Response:

{
    "name": "operations/pc.123456789",
    "done": true,
    "response": {
        "@type": "type.googleapis.com/google.cloudresourcemanager.v3.Project",
        "projectNumber": "464036093014",
        "projectId": "our-project-123",
        "lifecycleState": "ACTIVE",
        "name": "my project",
        "labels": {
        "mylabel": "prod"
        },
    "createTime": "2016-01-07T21:59:43.314Z"
    }
}

Add tags during project creation

Tags provide a way to create annotations for resources. You can add tags at the time of creating projects. You must assign the Tag User role while adding tags. For more information on the permissions assigned to this role, see Manage tags on resources. You can only add the namespace for the tag key-value pairs in one of the following ways:

gcloud

To add tags during project creation, run the following command:

gcloud projects create PROJECT_ID --organization=ORGANIZATION_ID --tags=KEY_VALUE_PAIRS

Replace the following:

• PROJECT_ID is the unique identifier of the project.
• ORGANIZATION_ID is the unique identifier of the organization.
• KEY_VALUE_PAIRS is a comma-separated list of key-value pairs that you can assign to your resource. An example of comma-separated key-value pairs is 123/environment=production, 456/create=testresource.

REST

The following snippet is a JSON request where you create a project and add tags to it.

  POST https://cloudresourcemanager.googleapis.com/v3/projects/
  Authorization: *************
  Content-Type: application/json

  {
    "projectId": "our-project-456",
    "name": "my project",
    "parent": "organizations/123",
    "tags": {
      "key": "123/environment"
      "value": "production"
    },
"tags": {
      "key": "123/costCenter"
      "value": "marketing"
  }
}

Designate project environments with tags

You can use tags to visually distinguish projects based on their environment, such as production, staging, or development. This helps prevent errors and improves awareness when you are working in sensitive environments. Google adds a visual indicator to the project in the Google Cloud console project picker when a project with a specific tag key-value pair is selected. This indicator reminds you that any changes could affect your associated production or non-production applications. Tags can either be inherited by the project or set directly on the project.

To use this feature, do the following:

1. Create a tag key named environment.
2. Create tag values for the environment categories you use. The following values are supported and are mapped to a corresponding badge in the console's project picker:
   • Prod: Prod, prod, Production, production
   • Dev: Dev, dev, Development, development
   • Test: Test, test, Testing, testing, QA, qa, Quality assurance, quality assurance
   • Staging: Staging, staging, Stage, stage
3. Attach the appropriate tag to your project by creating a tag binding.

If a project has multiple environment tags (for example, one inherited from a folder and one directly on the project), the most specific tag is used to determine the badge.

Creating a project using a service account

You can use a service account to automate project creation. Like user accounts, service accounts can be granted permission to create projects within an organization resource. Service accounts are not allowed to create projects outside of an organization resource and must specify the parent resource when creating a project. Service accounts can create a new project using the gcloud CLI or theprojects.create() method.

Managing project quotas

If you have fewer than 30 projects remaining in your quota, a notification displays the number of projects remaining in your quota on theNew Project page. After you have reached your project limit, to create more projects you must request a project limit increase. Alternatively, you can schedule some projects to be deleted after 30 days on theManage Resources page. Projects that users havesoft-deleted count against your quota. These projects are fully deleted after 30 days.

To request additional capacity for projects in your organization quota, do the following:

1. Go to the Quotas & System Limits page.
   Go to Quotas & System Limits
2. From the resource selector, select the organization for which you want to increase the project quota.
3. In the Filter option, select Metric and entercloudresourcemanager.googleapis.com/projects_count.
4. Select Cloud Resource Manager API, click More actions, and then select Edit quota.
5. In the Quota changes dialog, enter a new quota value and a description, and then click Next.
6. Enter your contact details and click Submit request.

You receive an email acknowledging receipt of your request. If you need further assistance, respond to the email. After the review, you receive an email notification indicating whether your request was approved.

If you don't have an organization and want to request additional capacity for projects in your quota, then use theRequest Project Quota Increaseform.

For more information about quotas and why they are used, see theFree Trial Project Quota Requestssupport page. For more information about billing reports, see theBilling Reports support page.

What's next

• Learn about viewing and updating projects.
• Learn about deleting and restoring projects.
• Learn how to move a project within your resource hierarchy.
• Learn how to migrate a project from one organization resource to another.