Deploy secure, compliant Google Cloud Landing Zones in minutes with AI-powered automation.
Prerequisites
Before you begin, ensure you have the following:
- A Google Cloud Organization with billing enabled
- Organization Administrator role (or equivalent) on your Google Cloud Organization
- A Google Cloud Marketplace account linked to an active billing account
Step 1: Subscribe to aSaaS on Google Cloud Marketplace
- Visit the aSaaS listing on Google Cloud Marketplace.
- Click Subscribe.
- Review the pricing plan and select your billing account.
- Accept the terms and click Subscribe.
Note: Your subscription activates immediately. You will not be charged until the first billing cycle begins.
Step 2: Sign Up and Activate Your Account
After subscribing, Google Cloud redirects you to the aSaaS sign-up page.
- Google sends a secure token (JWT) to verify your identity — this happens automatically.
- Your aSaaS account is created and approved within seconds.
- You are redirected to the aSaaS Marketplace Portal page showing your account status.
Step 3: Connect Your Google Cloud Organization
From the aSaaS Marketplace Portal page:
- Click Connect Organization.
- Sign in with your Google Cloud account that has Organization Administrator permissions.
- Authorize aSaaS to manage landing zone resources in your organization.
What happens behind the scenes: aSaaS creates a dedicated service account in your organization with the minimum required permissions: Folder Admin, Organization Admin, Project Creator, and Billing User. All actions are scoped to landing zone resources only.
Step 4: Deploy Your First Landing Zone
Once your organization is connected, the aSaaS AI assistant guides you through the entire landing zone deployment.
4.1 Open the Landing Zone Dashboard
Navigate to the main aSaaS dashboard. You’ll see the AI assistant ready to start.
4.2 Start the Guided Deployment
The AI assistant walks you through each stage of the landing zone:
| Stage | What It Does |
|---|---|
| 0 — Bootstrap | Creates the seed project, enables APIs, sets up Terraform state storage |
| 1 — Organization | Configures organization policies, creates top-level folders |
| 1 — Services | Enables required Google Cloud APIs across the organization |
| 2 — Networking | Sets up Shared VPC, subnets, Cloud NAT, firewall rules |
| 3 — Security | Configures Security Command Center, Cloud Armor, IAM hardening |
| 4 — Environments | Creates development, staging, and production environment folders |
| 5 — Projects | Provisions projects within each environment with proper IAM |
| 6 — App Deployment | Deploys workload infrastructure (Cloud Run, GKE, etc.) |
4.3 Review and Approve Each Step
At every critical step, the AI assistant pauses and asks for your approval before making changes:
- Review — The assistant explains what will be created or modified.
- Approve — Click Approve to proceed, or ask the assistant for more details.
- Apply — OpenTofu applies the infrastructure changes to your Google Cloud environment.
- Verify — The assistant confirms the changes were applied successfully.
Human-in-the-loop: No infrastructure changes are ever made without your explicit approval. You maintain full control throughout the process.
4.4 Monitor Progress
Track the deployment in real time:
- Stage progress — See which stages are complete, in progress, or pending
- Resource details — View the specific Google Cloud resources being created
- Architecture diagrams — Auto-generated diagrams of your landing zone topology
Step 5: Post-Deployment
After all stages complete, your landing zone is ready:
- Organization policies are enforced
- Networking is configured with Shared VPC and proper segmentation
- Security controls are active (Cloud Armor, SCC, IAM)
- Environment folders and projects are provisioned
- CI/CD pipelines are set up for ongoing infrastructure management
Next Steps
- Customize: Modify the OpenTofu templates to match your organization’s specific requirements
- Extend: Add additional environments, projects, or workloads through the AI assistant
- Monitor: Use Google Cloud’s operations suite to monitor your landing zone health
Managing Your Subscription
- View subscription status: Visit the aSaaS Portal
- Manage billing: Go to Google Cloud Marketplace Orders
- Cancel subscription: Cancel anytime from the Marketplace Orders page. Your existing infrastructure remains in place.
Troubleshooting
| Issue | Solution |
|---|---|
| “No Active Subscription” on the portal page | Ensure you subscribed via Marketplace and are signed in with the same Google account |
| Organization connection fails | Verify you have Organization Administrator permissions. Check that the organization has billing enabled |
| A deployment stage fails | The AI assistant provides error details and remediation steps. You can retry any failed stage |
| Need to re-run the signup flow | Contact support — we can reset your account to re-trigger the Marketplace signup |
Support
If you need help at any point:
- Email: [email protected]
- Support Portal: c9ine.com/contact
- Google Cloud Marketplace: Use the “Support” link on the aSaaS listing page
