When running Organization-level discovery and visibility, Cloud Discovery & Visibility (CDV) performs it on all Projects in an Organization. To make sure CDV can detect and access each Project, you must make sure any new Projects inherit the Permissions of its parent Organization. You must also enable the Compute Engine API for the new project.
To make sure new Projects can be found by Organization-level discovery and visibility, do the following when you create a new Project:
In GCP, make sure you select the new Project from the dropdown menu at the top.
-
In the left navigation menu, click IAM & Admin to open Google's IAM (Identity and Access Management) & Admin tool.
-
On the left panel, click Organization Policies.
Using the filter, search for the policy named
constraints/iam.allowedPolicyMemberDomains.For this policy, click Domain restricted sharing.
Click Manage policy, then configure the following:
In Policy source, select Override parent's policy.
In Policy enforcement, select Merge with parent.
Click Add a rule, then set the policy value to Allow All.
Click Set policy.
Enable the Compute Engine API for the project:
If you haven't already done so, in GCP, make sure you select the new Project from the dropdown menu at the top.
In the search bar at the top, search for Compute Engine API and select it.
Click Enable to enable the API.