Connect GCP Account in Sysdig Monitor
Onboard a GCP Account
You can connect a GCP account by using one of the following:
Manual Installation: Manual installation is supported only for a single GCP Project. You can automatically connect to your project by providing associated the service account key.
Terraform: Terraform-based installation instructions are supported for the following type of GCP accounts:
The default code provided on the Connect a GCP project screen of Sysdig Monitor is pre-populated with your Monitor API token and will help you connect your GCP account with Sysdig.
Access Cloud Accounts
Log in to Sysdig Monitor as an Admin.
In the left-hand sidebar, select Integration > Cloud Accounts.
The Cloud Accounts page is displayed.
Connect a GCP Account
In GCP
Log in to the GCP.
Create an Owner role.
If you are choosing manual installation, ensure that the following are created for your project:
Service Account keys in JSON format.
Store the keys for manual installation.
If you are choosing Terraform installation, skip this step as the script will create them for you.
In the Sysdig Monitor UI
On the Cloud Accounts page, click Add Account.
Choose GCP.
The Connect a GCP Project is displayed.
Select one of the following:
- Organization: Select this option to simultaneously add multiple GCP accounts.
- Single: Select this option to add a single GCP account.
Continue with the Installation methods.
Terraform Installation
Ensure the prerequisites are met:
- Owner role is created in GCP.
- GCP Service APIs are enabled.
- Terraform v1.3.1 or above is installed.
- Google Cloud SDK is installed.
Specify the Region of your GCP project.
Do not confuse Region with the GCP location or zone. See Identifying a region or zone for more information.
The variable,
region, in the Terraform script will be automatically replaced with this entry.Specify the Parent Folder ID.
The parent directory of the GCP project that the integration is created for. If you leave it blank, integration will be created for every project under the organization. The
PARENT_FOLDER_IDvariable in the Terraform script will be automatically replaced with this entry.Copy the terraform snippet from the screen and save it to
main.tf.
terraform {
required_version = ">= 0.12"
required_providers {
sysdig = {
source = "sysdiglabs/sysdig"
}
}
}
provider "google" {
project = "__PROJECT_ID__"
region = "us-west1"
}
provider "sysdig" {
sysdig_monitor_url = "https://app-staging.sysdigcloud.com"
sysdig_monitor_api_token = "__API_TOKEN__"
}
module "sysdig_monitor_cloud_account" {
source = "github.com/sysdiglabs/terraform-gcp-monitor-for-cloud/single-project"
gcp_project_id = "__PROJECT_ID__"
}
Replace the following variables fields in the script:
PROJECT_ID: Your GCP Project ID.API_TOKEN: Sysdig API Token.
Run
terraform init && terraform apply.The Terraform scripts will perform the following steps and enable GCP metrics for Sysdig to collect:
- Create a new Service Account for the specified projects in GCP
- Add the
monitoring.viewerrole to the Service Account - Generate a Service Account key for the Service Account
- Create a new
customers_providers_keyrecord with credentials in the Sysdig backend.
Manual Installation
To connect to a single project in your GCP account, you provide the service account key in JSON file.
On the Connect a GCP Project screen, click Manual Installation.
Upload the service account key associated with your project.
Click Confirm.
If the connection is successful, the Account Connected message is displayed on the screen.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.