Create a GCP service account with read-only access
Step by step guide to create a GCP service account with read-only access for monitoring
Objective
A service account is required to access GCP environment resources for monitoring. This doc provides step by step information on creating a GCP service account with monitoring read-only access.
Once you have created the account, share the configuration with Last9 team so that the monitoring data can be sent to Last9.
Prerequisites
- Go to the Google Cloud Console (console.cloud.google.com) account
- Select the project in which you want to create the service account
- Click on the "IAM & Admin" tab in the left navigation menu
- Click on the "Service Accounts" tab
For a GCP Project, ensure that you have access to create credentials and grant permissions.
Creating Service Account
- Click on the "Create Service Account" button
- Enter following details
- Service Account Name:
last9-monitor - Service Account ID:
last9-monitor - Service Account Description: Allows Last9 API access to read resource metadata and monitoring data
- Service Account Name:
- Click on the "Create and Continue" button
Monitoring Viewer Role
Grant Permissions to this Service Account with Role as Monitoring Viewer.
Grant other users internal to your organization access to this Service Account(Optional)
Generate Credentials
-
Click on the newly created Service Account to view more details
-
Create a new Service Account Key
-
Share the downloaded key with your Last9 team