This guide introduces Stackdriver accounts, which hold the monitoring configurations for `Google Cloud Platform (GCP) projects, Amazon Web Service (AWS) accounts, or both. To learn how to create Stackdriver accounts and monitor projects, see Setting up accounts
What is a Stackdriver account?
A Stackdriver account holds monitoring and other configuration information for a group of GCP projects and AWS accounts that are monitored together. You must associate your projects and AWS accounts with Stackdriver accounts in order to use Monitoring.
For Logging, a Stackdriver account is optional to view GCP logs. To view AWS logs, use logs-based metrics, or increase your allotment of logs, your project must be associated with a Stackdriver account.
In order to set up a Stackdriver account, you first create a Stackdriver account and then add GCP projects and AWS accounts to it. The following conceptual diagram shows a Stackdriver account monitoring two GCP projects and two AWS accounts: You can move GCP projects from one Stackdriver account to another, and you can merge two Stackdriver accounts together.
Best practice: If you want a collection of GCP projects and AWS accounts to be monitored together, then you should put them all in the same Stackdriver account. On the other hand, if you have a second collection of resources that is not related to the first one, or is managed by a different group of people, then that collection should be in a separate Stackdriver account. Small test or demonstration projects could each have their own Stackdriver account.
For example, a single Stackdriver account might hold all the GCP and AWS resources used in a running web application. The testing and production resources for a web application might be in separate Stackdriver accounts. A Stackdriver account can contain up to 100 GCP projects.
Setting up accounts has detailed instructions for setting up and managing Stackdriver accounts.
Hosting, AWS connector, and monitored projects
In practice, the organization of a Stackdriver account is more complicated, because additional GCP projects are needed to host the Stackdriver account and to connect the Stackdriver account to AWS accounts. The following diagram shows the actual configuration of a Stackdriver account that is monitoring two GCP projects and two AWS accounts:
As shown in the diagram, many GCP projects can be associated with your Stackdriver account. Each project is given a role when you create your Stackdriver account and when you add more projects to your Stackdriver account. Following are the three roles a GCP project can assume:
A project can be the hosting project for the Stackdriver account. The hosting project holds the monitoring configuration for the Stackdriver account—the dashboards, alerting policies, uptime checks, and so on. The hosting project also gives its name to the Stackdriver account. For example, Project A in the preceding diagram is the hosting project for Stackdriver account A.
A project can be an AWS connector project, such as Projects B and C in the preceding diagram. When you add an AWS account to a Stackdriver account, Monitoring creates the AWS connector project for you, typically giving it a name beginning with
AWS Link. The Monitoring and Logging agents on your EC2 instances must send their metrics and logs to this connector project for proper operation.
The project can be a monitored project, such as Project D in the preceding diagram. All the instances and other resources in these projects are monitored by the Stackdriver account.
The hosting project is also a monitored project, but the best practice is avoid creating resources in the hosted project. Instead, put your instances and other resources into separate GCP projects and add the projects to your Stackdriver account.
A Stackdriver account can monitor any number of GCP projects and AWS accounts, but each GCP project and AWS account can only be monitored by a single Stackdriver account at a time.
Creating Stackdriver accounts
All GCP projects, regardless of their role in Monitoring, can contain resources such as VM instances, load balancers, databases, etc. However, we recommend you follow certain best practices when the projects are associated with a Stackdriver account.
Best practice: If you want to monitor a single GCP project by itself, then create a new Stackdriver account and use your GCP project to both host the Stackdriver account and to hold your GCP resources. If you later want to move your GCP project to another account, you must merge Stackdriver accounts.
Best practice: When monitoring more than a single GCP project, create a new Stackdriver account hosted by a new, empty GCP project. Don't use the hosting project for any other purpose. You can add GCP projects and AWS accounts to the Stackdriver account when you create the Stackdriver account or at a later time.
Best practice: Do not use the AWS connector project to hold GCP resources that you want to monitor—Monitoring does not monitor them. If you are using Logging, then you will find your AWS logs and logs-based metrics in the AWS connector project, not in the Stackdriver account's hosting project. If you export your AWS logs, then you must create the storage resources receiving the logs from AWS: BigQuery datasets, Cloud Storage buckets, or Cloud Pub/Sub topics.