Method: services.tenancyUnits.attachProject

Attach an existing project to the tenancy unit as a new tenant resource. The project could either be the tenant project reserved by calling tenancyUnits.addProject under a tenancy unit of a service producer's project of a managed service, or from a separate project. The caller is checked against a set of permissions as if calling tenancyUnits.addProject on the same service consumer. To trigger the attachment, the targeted tenant project must be in a folder. Make sure the ServiceConsumerManagement service account is the owner of that project. These two requirements are already met if the project is reserved by calling tenancyUnits.addProject. Operation<response: Empty>.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Name of the tenancy unit that the project will be attached to. Such as 'services/'.

Authorization requires the following Google IAM permission on the specified resource name:

  • serviceconsumermanagement.tenancyu.addResource

Request body

The request body contains data with the following structure:

JSON representation
  "tag": string,

  // Union field resource can be only one of the following:
  "reservedResource": string,
  "externalResource": string
  // End of list of possible types for union field resource.


Tag of the tenant resource after attachment. Must be less than 128 characters. Required.

Union field resource. Resource to be attached. This project must either be a reserved project in the tenancy unit for a service producer project, or an separate project which is not an existing tenant project for any service. resource can be only one of the following:


When attaching a reserved project already in tenancy units, this is the tag of a tenant resource under the tenancy unit for the managed service's service producer project. The reserved tenant resource must be in an active state.



When attaching an external project, this is in the format of projects/{project_number}.

Response body

If successful, the response body contains an instance of Operation.

Authorization Scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.

Try it!