Incident Response and Management (IRM) relies on Workspaces to provide access to Stackdriver resources. For example, Stackdriver Monitoring lets you create alerting policies to make you aware of issues, which you can then respond to and manage using IRM. These alerting policies belong to a Workspace. To access these policies, IRM must have access to the Workspace.
This page shows you how to prepare a Workspace so that your response team can begin using IRM.
Before you begin
If you already have prepared a Workspace for your response team, including getting it whitelisted for using IRM during its alpha phase, and want to learn what to do with an alert notification, read the Responding to an alert guide instead.
If you have already set up an alerting policy in Monitoring, proceed to Whitelist your Workspace.
If you are new to using Stackdriver, you need to set up basic Stackdriver resources before you get started with IRM. Then you can proceed to Grant permissions to use IRM.
Set up basic Stackdriver resources
To set up your Workspace and Monitoring so that you can test and use IRM, complete these steps in the Quickstart for Compute Engine, and then proceed to Grant permissions to use IRM:
- Create a Google Cloud project
- Enable billing for your Google Cloud project
- Create a Workspace in Google Cloud
- Create an uptime check
- Create an alerting policy in your new project, including setting up notification channels
- Test the check and alert
Whitelist your Workspace for IRM Alpha
The Workspace you use to access the alpha release of IRM must be whitelisted. To whitelist your Workspaces, submit the sign-up form. Once you receive an email letting you know that your Workspace has been whitelisted, proceed to the next step.
Grant Workspace permissions
IRM controls access to IRM data using Cloud Identity and Access Management roles and permissions. The Cloud IAM Project Owner role includes the permissions needed to add users as members to your Workspace; since you created the underlying Google Cloud project, you already have the appropriate permissions for yourself.
To add permissions for your response team members to use the Workspace in IRM, do the following:
Go to the Cloud IAM console:
Select your Workspace from the list of projects. Since you are not in the Stackdriver Monitoring console, your Workspace is represented by its hosting Google Cloud project with the same name.
Click Add at the top of the page.
In the New members field, type one or more user email addresses (formatted as "firstname.lastname@example.org").
In the Select a role drop-down list, assign a Stackdriver Monitoring role to the new member: Monitoring Editor (read-write access) or Monitoring Viewer (read-only access).
For more information on Cloud IAM roles, go to Understanding roles.
View your Workspace in IRM
Now that you have set up your Stackdriver environment, including an uptime check and alerting policy, and assigned users to your whitelisted Workspace, view your triggered alert in IRM by doing the following (if you skipped the Prerequisites steps, then you will not have this test alert in IRM):
Navigate to the IRM console dashboard:
Your alert appears in the Available alerts list.
If you do not see your alert, check the Stackdriver Monitoring console to make sure it appears there, and then navigate back to the IRM console.
Click on your alert's row in the Available alerts list.
Review the chart, alert details, and insights on the Alert Details view.
Dismiss the alert by selecting Take action > Dismiss.
This action takes you to the bottom of the Alert Details view.
In the Investigation updates text field, add a reason for dismissal, like "Testing the new Workspace".
Set up incident presets
To create a preset for your Workspace using the IRM console, do the following:
- Click the gear (settings) icon in the Workspace's toolbar.
- Select Presets. A Presets page appears, listing the available presets for the Workspace.
- Click Add preset. A dialog appears.
Enter a Preset name (required) and fill in any values for fields that you would like to include as default. For example:
To edit or delete the preset, click the overflow menu for the preset on the Presets page.
If you have no further use for them, remove your Stackdriver alerting policies, project, and Workspace, so that you don't incur costs and won't get errors when you shut down your VM instance.
Delete the alerting policy
To delete your alerting policy, do the following:
In the Stackdriver Monitoring console, go to Alerting > Policies Overview.
Click Delete next to the policy that you wish to remove.
Delete the project
- In the Cloud Console, go to the Manage resources page.
- In the project list, select the project you want to delete and click Delete delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
Delete the Workspace
Before deleting a Workspace, check if the project you used to create the Workspace has resources you want to preserve, or if the Workspace is still linked to additional Google Cloud projects. If so, see merging Workspaces for a way to move resources to another place before deleting the Workspace.
If your Workspace has nothing of value, then delete it using the GCP Console. Go to IAM & admin > Settings and click Shut Down.
Review the following resources to learn how to use IRM: