This document describes how to use the Google Cloud console to configure a Google Cloud project so that you can chart and monitor time-series data stored in multiple resource containers. A resource container is a Google Cloud project. This document is intended for developers and system administrators who need to manage time-series data for services and resources that are associated with different resource containers.
For information about configuring a Google Cloud project programmatically, see Configure a metrics scope by using the API.
The metrics scope of a Google Cloud project determines the time-series data that the project can chart or monitor with alerting policies.
Before you begin
- If you aren't familiar with the terms resource container, metrics scope, and scoping project, then see Metrics scopes overview.
-
To get the permissions that you need to configure a metrics scope, ask your administrator to grant you the Monitoring Admin (
roles/monitoring.admin
) IAM role on the scoping project and on each resource container that you want to add to the metrics scope. For more information about granting roles, see Manage access to projects, folders, and organizations.You might also be able to get the required permissions through custom roles or other predefined roles.
If you use VPC Service Controls, then you need to consider the order in which you configure a metrics scope and your VPC perimeters. Cloud Monitoring performs the VPC perimeter check when a resource container is added to a metrics scope:
When you create the VPC perimeter first and then try to add a resource container to the metrics scope, the perimeter validation process runs. This process verifies that the added container is in the same perimeter as the scoping project, or that it is connected to the scoping project by a perimeter bridge. If the perimeter validation fails, then the addition of the resource container to the metrics scope also fails.
When you configure the metrics scope first and then create your perimeters, the perimeter validation process doesn't run. This approach lets you access time-series data for resource containers that are in different perimeters.
If you configure IAM roles or grant access to projects, then consider the implications of permissions on a project whose metrics scope includes resource containers other than the scoping project. A role that grants read permission to Monitoring on the scoping project lets the principal view charts and alerting policies that might display data that is stored by a resource container included in the metrics scope.
Add resource containers to a metrics scope
Adding a resource container to a metrics scope lets the scoping project read the time-series data stored in that resource container. Therefore, charts can display this time-series data and alerting policies can monitor this data. If the container contains child resources, then the data they store isn't included in the metrics scope.
A monitored resource container is a resource container that has been added to a metrics scope. Adding a resource container to a metrics scope doesn't change the container.
If you are using App Hub, then to view system metrics from App Hub, you must configure both the App Hub host project and the metrics scope. Adding an App Hub service project to an App Hub host project doesn't modify the project's metrics scope. Similarly, adding a project to a metrics scope doesn't modify the list of App Hub service projects attached to the App Hub host project. For information about configuring an App Hub host project, see Add or remove service projects.
To add resource containers to the metrics scope of the current project, do the following:
-
In the Google Cloud console, go to the settings Settings page:
If you use the search bar to find this page, then select the result whose subheading is Monitoring.
Select Metric Scope.
The Metric Scope tab lists the resources monitored by the current Google Cloud project. It also lists the Google Cloud projects whose metrics scope includes the current Google Cloud project.
To add Google Cloud projects to the metrics scope:
- In the Google Cloud Projects pane, click Add Projects.
In the Add Google Cloud projects dialog, click Select Projects, and then make your selections. To save your changes, click Add Projects.
You are returned to the Settings page, and the table on that page is updated to list your selections. If you want to remove a Google Cloud project from the list, click cancel Remove project.
Click Add projects.
After you add projects to a metrics scope, it takes about 60 seconds for changes to propagate through all Monitoring systems. Before you create a chart or alerting policy, wait at least 60 seconds. You might need to refresh the Google Cloud console page for the new metrics to be visible.
The metrics scope of your selected project has been updated to include the Google Cloud projects you selected.
Remove monitored resource containers from a metrics scope
After you remove a resource container from a metrics scope, the time-series data stored in that container can't be charted or monitored by the scoping project. Removing a container from a metrics scope doesn't change the configuration of charts, dashboards, alerting policies, uptime checks, or groups that you defined. However, the time series displayed on charts and the time series monitored by alerting policies might change.
If you are using App Hub, then before you remove a project from the metrics scope ensure that the project isn't being used by an App Hub application. Removing the project from the metrics scope won't affect the application. However, you won't be able to view system metrics for that application from the context of the App Hub host project. For information about configuring an App Hub host project, see Add or remove service projects.
To remove resource containers from the metrics scope of the current project, do the following:
-
In the Google Cloud console, go to the settings Settings page:
If you use the search bar to find this page, then select the result whose subheading is Monitoring.
- Select Metric Scope.
- In the Google Cloud Projects pane, select the projects that you want to remove, click Remove project, and then complete the confirmation dialog.
List monitored resources in a metrics scope
To list the resources in a metrics scope, do the following:
-
In the Google Cloud console, go to the settings Settings page:
If you use the search bar to find this page, then select the result whose subheading is Monitoring.
Select Metric Scope.
The Metric Scope tab lists the resources monitored by the current Google Cloud project. It also lists the Google Cloud projects whose metrics scope includes the current Google Cloud project.
Select a different metrics scope
The project selected in the Google Cloud console project picker is the scoping project of the current metrics scope. There is a one-to-one relationship between a scoping project and a metrics scope.
To select a different metrics scope, select a different project with the Google Cloud console project picker.