google-app-engine - 如何防止谷歌云平台 2021 中的超额计费

Question

我在谷歌云平台中有多个项目和 api，如 map api、php 应用引擎、sql 等。
Google 改变了帐单管理方式，现在帐单有可能因任何原因(错误、黑客等)飙升
我怎样才能做到在达到限制时禁用所有计费？不仅仅是电子邮件通知，这还不够!
我不能只是关闭我的应用引擎实例，因为 map 和其他地方的 api 凭据仍然可以产生费用!

Answer 1

Set budgets and budget alerts文档。你有 2 种策略来处理这个问题。
第一个是设置API spending limit基于 wuota 或限制每个用户的调用，因此如果您的服务对特定 API 进行了大量调用，您只需阻止此 API，这样您的整个服务/项目就可以继续提供服务。
另一种方法是automate the disabling of billing对于整个项目。这更危险，因为它会阻塞整个项目并可能导致数据丢失。
为此，您将部署一个 Cloud Functions 函数，如由您的预算设置使用的 Pub/Sub 主题触发的文档中的那个函数:

const {google} = require('googleapis');
const {GoogleAuth} = require('google-auth-library');

const PROJECT_ID = process.env.GOOGLE_CLOUD_PROJECT;
const PROJECT_NAME = `projects/${PROJECT_ID}`;
const billing = google.cloudbilling('v1').projects;

exports.stopBilling = async pubsubEvent => {
  const pubsubData = JSON.parse(
    Buffer.from(pubsubEvent.data, 'base64').toString()
  );
  if (pubsubData.costAmount <= pubsubData.budgetAmount) {
    return `No action necessary. (Current cost: ${pubsubData.costAmount})`;
  }

  if (!PROJECT_ID) {
    return 'No project specified';
  }

  _setAuthCredential();
  const billingEnabled = await _isBillingEnabled(PROJECT_NAME);
  if (billingEnabled) {
    return _disableBillingForProject(PROJECT_NAME);
  } else {
    return 'Billing already disabled';
  }
};

/**
 * @return {Promise} Credentials set globally
 */
const _setAuthCredential = () => {
  const client = new GoogleAuth({
    scopes: [
      'https://www.googleapis.com/auth/cloud-billing',
      'https://www.googleapis.com/auth/cloud-platform',
    ],
  });

  // Set credential globally for all requests
  google.options({
    auth: client,
  });
};

/**
 * Determine whether billing is enabled for a project
 * @param {string} projectName Name of project to check if billing is enabled
 * @return {bool} Whether project has billing enabled or not
 */
const _isBillingEnabled = async projectName => {
  try {
    const res = await billing.getBillingInfo({name: projectName});
    return res.data.billingEnabled;
  } catch (e) {
    console.log(
      'Unable to determine if billing is enabled on specified project, assuming billing is enabled'
    );
    return true;
  }
};

/**
 * Disable billing for a project by removing its billing account
 * @param {string} projectName Name of project disable billing on
 * @return {string} Text containing response from disabling billing
 */
const _disableBillingForProject = async projectName => {
  const res = await billing.updateBillingInfo({
    name: projectName,
    resource: {billingAccountName: ''}, // Disable billing
  });
  return `Billing disabled: ${JSON.stringify(res.data)}`;
};

依赖项:

{
 "name": "cloud-functions-billing",
 "version": "0.0.1",
 "dependencies": {
   "google-auth-library": "^2.0.0",
   "googleapis": "^52.0.0"
 }
}

然后您授予此 Cloud Functions 服务帐户的 Billing Admin 权限
如果您想使用这种方法，我建议您在任何一种情况下尽可能为每个服务设置不同的项目，以便您可以仅关闭部分服务。