[jo-m]

I had something similar once happen at my previous job. The company was using Google Workspace and GCP. The person who had set up GCP initially left the company. 1 month later, HR deleted his Google acc. Little we knew, the payment profile was attached to he GCP projects through his account, so deleting his account effectively removed the CC. All our stuff was shut down immediately (within minutes).

We first had no idea what was going on. GCP support just told us "it seems you deleted your CC". Eventually, we figured out what happened.

Set up a new payment profile and started migrating our GCP projects to it. Eventually had to create multiple of them, because there is an arbitrary quota of how many projects you can have per payment profile (~4), and support told us it would take days to increase it.

Fortunately, all our data was still there. However, support had initially told us that it's "all gone".

[bongodongobob]

That's why you always use service accounts for those kind of things. Admin, billing, etc. Never let a "daily driver" account hold the keys to the kingdom.

[bombcar]

The fun part is when startupserviceaccount@gmail.com or whatever gets flagged as not being a "real person's name" and then deleted.

[bongodongobob]

I've never heard of this and I'm not aware of any requirement to use a real name. I tried googling and I'm not seeing people having that issue.

[bombcar]

There's not currently a requirement for a real name (though Google did at one time push that when going nuts with Google+) but they do really strongly push a cell phone number, which can easily get attached to someone who later is no longer with the company.

You need to manufacture a persona (with password hints, a cell phone plan, etc) to really be secure - or have multiple avenues to access your system.

[woleium]

or switch to invoice billing?

[andrewinardeer]

Their point still stands. A false positive algorithmic account deactivation coupled with the impossibility of getting a human to review the decision is a very real scenario.

[candiodari]

Unfortunately personal accounts have a usable quota, service accounts have to go through all the approvals (at least 4: getting allocated at all, which cost center, what resource allocation, what scheduling priority, and this is assuming you need zero "special permissions")

Doing the same with service accounts as you can do with a personal account takes weeks before you can even get started, and informs the whole management chain what you're doing, which means it informs essentially every manager that could complain about it of exactly the right time to complain to be maximally obstructionist about it.

Or to put it perhaps less ...: using service accounts requires the processes in the company to be well thought out, well-resourced with people who understand the system (which this issue shows: they don't even have those at Google itself), well-planned, and generally cooperative. Often, there will be a problem somewhere.