Connect a GCP Account

Sysdig can collect both general metadata and various types of metrics from your Google Cloud Platform (GCP) environment.

After connecting a GCP account, data will become visible in the Sysdig Monitor UI after a 10-15 minute delay. Sysdig collects metrics at five-minute intervals. Sysdig can connect to both Organization and single project types in GCP.

Onboarding a GCP Account

You can connect a GCP account by using one of the following:

  • Manual Installation: Manual installation is supported only for a single GCP Project. You can automatically connect to your project by providing associated the service account key.

  • Terraform: Terraform-based installation instructions are supported for the following type of GCP accounts:

    The default code provided on the Connect a GCP project screen of Sysdig Monitor is pre-populated with your Monitor API token and will help you connect your GCP account with Sysdig.

Access Cloud Accounts

  1. Log in to Sysdig Monitor as an administrator.

  2. In the management section of the left-hand sidebar, select Integration > Cloud Metrics.

    The Cloud Metrics page is displayed. Continue with connecting a GCP account.

Connect a GCP Account

In GCP

  1. Log in to the Google Cloud Platform.
  2. Create an Owner role.
  3. If you are choosing manual installation, ensure that the following are created for your project:

On Sysdig Monitor UI

  1. On the Cloud Metrics screen, click Add Account.

  2. Click GCP.

    The Connect a GCP Project is displayed.

  3. Select one of the following:

    • Organization: Select this option to simultaneously add multiple GCP accounts.
    • Single: Select this option to add a single GCP account.

  4. Continue with the Installation methods.

Terraform Installation

  1. Ensure that the prerequisites are met:

    • Owner role is created in GCP.
    • GCP Service APIs are enabled.
    • Terraform v1.3.1 or above is installed.
    • Google Cloud SDK is installed.

  2. Specify the Region of your GCP project.

Do not confuse Region with the GCP location or zone. See Identifying a region or zone for more information.

The variable, region, in the Terraform script will be automatically replaced with this entry.

  1. Specify the Parent Folder ID.

    The parent directory of the GCP project that the integration is created for. If you leave it blank, integration will be created for every project under the organization. The PARENT_FOLDER_ID variable in the Terraform script will be automatically replaced with this entry.

  2. Copy the terraform snippet from the screen and save it to main.tf.

terraform {
   required_version = ">= 0.12"
   required_providers {
      sysdig = {
         source  = "sysdiglabs/sysdig"
      }
   }
}
provider "google" {
   project = "__PROJECT_ID__"
   region = "us-west1"
}
provider "sysdig" {
   sysdig_monitor_url = "https://app-staging.sysdigcloud.com"
   sysdig_monitor_api_token = "__API_TOKEN__"
}
module "sysdig_monitor_cloud_account" {
   source = "github.com/sysdiglabs/terraform-gcp-monitor-for-cloud/single-project"
   gcp_project_id = "__PROJECT_ID__"
}

Replace the following variables fields in the script:

  1. Run terraform init && terraform apply.

    The Terraform scripts will perform the following steps and enable GCP metrics for Sysdig to collect:

    • Create a new Service Account for the specified projects in GCP
    • Add the monitoring.viewer role to the Service Account
    • Generate a Service Account key for the Service Account
    • Create a new customers_providers_key record with credentials in the Sysdig backend.

Manual Installation

To connect to a single project in your GCP account, you provide the service account key in JSON file.

  1. On the Connect a GCP Project screen, click Manual Installation.
  2. Upload the service account key associated with your project.
  3. Click Confirm. If the connection is successful, the Account Connected message is displayed on the screen.