Offboard GCP organizations from VRM
If you decide to stop ingesting resources from your Google Cloud organization, follow these steps to offboard the organization from VRM or remove cloud resources created during onboarding in your GCP environment.
A script provides the names and IDs of all resources created during the onboarding process. It is recommended that you make a note of these resources to simplify the cleanup process.
To complete this task:
- Delete the project: deleting a project will also delete all resources within that project.
- If billing is enabled for the project, disable it.
- In the Google Cloud console, delete the project.
note
- When a project is deleted, it enters a shutdown state for 30 days. After 30 days, it is permanently removed.
- Deleting a project also deletes any associated service accounts.
- Delete the service account: delete the service account in Google Cloud.
note
- If the project has already been deleted, the service account is deleted automatically. You can skip this step if the project was already deleted.
- Deleting a service account will also revoke all associated keys. :::
-
Delete the custom role: if a custom role was created at the organization level, you can delete it.
-
Remove the key from a service account: to remove a key from a service account, follow these steps.
note
- Once the key is removed, the associated credentials become invalid. VRM will no longer be able to ingest assets or findings. For organization-level integrations, this affects all associated project integrations.
- If the project is deleted, the service account and all associated keys are deleted. You can skip this step if the project or service account has already been deleted.