Prisma Cloud: Onboarding GCP Cloud Accounts causes other GCP Accounts to fail

Prisma Cloud: Onboarding GCP Cloud Accounts causes other GCP Accounts to fail

3262
Created On 04/28/23 15:19 PM - Last Modified 10/30/25 08:18 AM


Symptom


  1. Onboard Project 1 to Prisma Cloud
  2. Project 1 is onboarded successfully
  3. Onboard Project 2 to Prisma Cloud
  4. Project 2 is onboarded successfully
  5. Project 1 shows errors and stops ingesting data

Environment


  • Prisma Cloud Enterprise Edition
  • GCP

Cause


When executing the onboarding Terraform script with a wrong project set in the GCP Cloud Shell, it may be adding/deleting resources and Service Accounts from the wrong project, causing a failing onboarding, breaking another Cloud Account or adding/deleting data or Service Accounts to the wrong project.

Resolution


We need to carefully make sure that we are set in the right project within the GCP Cloud Shell.

Example:
For Project 1 the Cloud Shell may show: user@cloudshell:~ (PROJECT_ID_1)$
For Project 2 the Cloud Shell may show: user@cloudshell:~ (PROJECT_ID_2)$

This can be achieved by close/reopen the Cloud Shell or with the dedicated command that GCP provides:
gcloud config set project $MY_PROJECT_ID

Additional Information


View our documentation here on how to onboard a GCP project. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g1acCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language