v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/gcp
Overview
113Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install gcp

Table: gcp_billing_account - Query GCP Billing Accounts using SQL

A GCP Billing Account is a resource in Google Cloud Platform that is linked to a Google payments profile. This resource is used to define who pays for a given set of Google Cloud resources and Google Maps Platform APIs. Access control to the billing account is established by IAM roles.

Table Usage Guide

The gcp_billing_account table provides detailed insights into billing accounts within Google Cloud Platform. As a financial analyst or cloud administrator, explore billing account-specific details through this table, including billing information, payment status, and open status. Utilize it to uncover information about billing accounts, such as those with outstanding payments or to verify the open status of accounts.

Important Notes

  • This table requires the billing.viewer permission to retrieve billing account details.

Examples

Basic info

Explore which Google Cloud Platform billing accounts are open and their associated projects and locations. This is useful for auditing purposes and to identify any potential cost-related issues.

select
  name,
  display_name,
  master_billing_account,
  open,
  project,
  location
from
  gcp_billing_account;
select
  name,
  display_name,
  master_billing_account,
  open,
  project,
  location
from
  gcp_billing_account;

Get the billing account members and their associated IAM roles

Explore the relationship between billing account members and their assigned roles within a Google Cloud Platform (GCP) environment. This can be useful for auditing purposes or to ensure appropriate access levels are maintained.

select
  name,
  display_name,
  jsonb_array_elements_text(p -> 'members') as member,
  p ->> 'role' as role
from
  gcp_billing_account,
  jsonb_array_elements(iam_policy -> 'bindings') as p;
select
  name,
  display_name,
  json_extract(p.value, '$.members') as member,
  json_extract(p.value, '$.role') as role
from
  gcp_billing_account,
  json_each(iam_policy, '$.bindings') as p;

List accounts whose members have billing admin access

Explore which accounts have members with billing admin access. This is useful to identify potential areas of financial risk and ensure appropriate access control.

select
  name,
  display_name,
  jsonb_array_elements_text(i -> 'members') as members,
  i ->> 'role' as role
from
  gcp_billing_account,
  jsonb_array_elements(iam_policy -> 'bindings') as i
where
  i ->> 'role' like '%billing.admin';
select
  name,
  display_name,
  json_extract(i.value, '$.members') as members,
  json_extract(i.value, '$.role') as role
from
  gcp_billing_account,
  json_each(iam_policy, '$.bindings') as i
where
  json_extract(i.value, '$.role') like '%billing.admin';

List billing accounts that are open

Explore open billing accounts to gain insights into their associated projects and locations, helping you to effectively manage and monitor your financial resources in the GCP environment.

select
  name,
  display_name,
  project,
  location
from
  gcp_billing_account
where
  open;
select
  name,
  display_name,
  project,
  location
from
  gcp_billing_account
where
  open = 1;

Schema for gcp_billing_account

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
display_nametextThe display name given to the billing account. This name is displayed in the Google Cloud Console.
iam_policyjsonbAn IAM policy, which specifies access controls for the billing account.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
master_billing_accounttextThe resource name of the parent billing account, if any.
nametext=The resource name of the billing account.
openbooleanWhether the billing account is open, and will therefore be charged for any usage on associated projects.
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_billing_account