Skip to content

Terraform does not support project-level Billing Budgets (only billing-account API is available) #25478

New issue
New issue
Open
Open
Terraform does not support project-level Billing Budgets (only billing-account API is available)#25478
Labels
enhancementforward/reviewIn review; remove label to forwardservice/billingbudgets
@mygosha

Description

@mygosha
mygosha
opened on Dec 9, 2025

Community Note

  • Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

GCP supports creating project-level budgets using the billing.resourcebudgets.* permissions.
In the Google Cloud Console UI, a user with Project Owner (but without Billing Account roles) can successfully create a budget scoped only to a project
However, the Terraform resource google_billing_budget only supports the Cloud Billing Budget API, which exposes only billing account–scoped endpoints: POST /v1/{parent=billingAccounts/*}/budgets.
This means Terraform always requires billing.budgets.create on the Billing Account even when the budget is supposed to apply to single project.

This requires Billing Account-level permissions such as billing.budgets.create, even when the intention is to create a budget for only a single project. As a result:

  • UI -> works with only project-level permissions such as billing.resourcebudgets.write
  • terraform -> fails with 403 unless the caller has Billing Account IAM roles

This creates a mismatch between the capabilities of the UI and terraform. Many organizations restrict billing Account IAM roles for security reasons so they cannot use terraform to manage budgets in the same way that UI allows.

Feature request: add Terraform support for project-level budget creation, using the same API path the UI uses.

New or Affected Resource(s)

google_billing_budget
(potential new resource) google_project_billing_budget

Potential Terraform Configuration

resource "google_project_billing_budget" "project_budget" {
  project = var.project_id
  display_name = "Project Budget Example"

  amount {
    specified_amount {
      currency_code = "EUR"
      units         = 100
    }
  }

  threshold_rules {
    threshold_percent = 0.5
  }
  threshold_rules {
    threshold_percent = 1.0
  }

  all_updates_rule {
    monitoring_notification_channels = [
      google_monitoring_notification_channel.alerts.id,
    ]
  }
}

This resource should use the project-level API and respect permissions billing.resourcebudgets.read, billing.resourcebudgets.write, resourcemanager.projects.get instead of requiring Billing Account IAM roles.

References

https://docs.cloud.google.com/billing/docs/how-to/budgets#create-budget
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/billing_budget
https://docs.cloud.google.com/billing/docs/reference/budget/rest/v1/billingAccounts.budgets

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementforward/reviewIn review; remove label to forwardservice/billingbudgets

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions