Skip to main content

Create a GCP service account with read-only access

Step by step guide to create a GCP service account with read-only access for monitoring


A service account is required to access GCP environment resources for monitoring. This doc provides step by step information on creating a GCP service account with monitoring read-only access.

Once you have created the account, share the configuration with Last9 team so that the monitoring data can be sent to Levitate.


  • Go to the Google Cloud Console ( account
  • Select the project in which you want to create the service account
  • Click on the "IAM & Admin" tab in the left navigation menu
  • Click on the "Service Accounts" tab Create Service Account

For a GCP Project, ensure that you have access to create credentials and grant permissions.

Creating Service Account

  • Click on the "Create Service Account" button
  • Enter following details
    1. Service Account Name: last9-monitor
    2. Service Account ID: last9-monitor
    3. Service Account Description: Allows Last9 API access to read resource metadata and monitoring data
  • Click on the "Create and Continue" button Create Service Account Form

Monitoring Viewer Role

Grant Permissions to this Service Account with Role as Monitoring Viewer.

Monitoring Viewer Role

Grant other users internal to your organization access to this Service Account(Optional) Add other users optionally

Generate Credentials

  • Click on the newly created Service Account to view more details Click on the Servive Account

  • Create a new Service Account Key Create a new Service Account Key Download the Service Account Key

  • Share the downloaded key with your Last9 team