Configure a metrics scope

This document describes how to use the Google Cloud console to configure a Google Cloud project so that you can chart and monitor time-series data stored in multiple resource containers. A resource container is a Google Cloud project. This document is intended for developers and system administrators who need to manage time-series data for services and resources that are associated with different resource containers.

For information about configuring a Google Cloud project programmatically, see Configure a metrics scope by using the API.

The metrics scope of a Google Cloud project only determines the time-series data that the project can chart and monitor.

Before you begin

  • If you aren't familiar with the terms resource container, metrics scope, and scoping project, then see Metrics scopes overview.

  • Ensure that your Identity and Access Management (IAM) roles on the scoping project and on each resource container that you want to add to the metrics scope, include all permissions in the Monitoring Admin (roles/monitoring.admin) role. For more information, see Metrics scope configuration roles.

  • If you use VPC Service Controls, then you need to consider the order in which you configure a metrics scope and your VPC perimeters. Cloud Monitoring performs the VPC perimeter check when a resource container is added to a metrics scope:

    • When you create the VPC perimeter first and then try to add a resource container to the metrics scope, the perimeter validation process runs. This process verifies that the added container is in the same perimeter as the scoping project, or that it is connected to the scoping project by a perimeter bridge. If the perimeter validation fails, then the addition of the resource container to the metrics scope also fails.

    • When you configure the metrics scope first and then create your perimeters, the perimeter validation process doesn't run. This approach lets you access time-series data for resource containers that are in different perimeters.

  • If you configure IAM roles or grant access to projects, then consider the implications of permissions on a project whose metrics scope includes resource containers other than the scoping project. A role that grants read permission to Monitoring on the scoping project lets the principal view charts and alerting policies that might display data that is stored by a resource container included in the metrics scope.

Add resource containers to a metrics scope

When you want view or monitor time-series data that is stored by multiple resource containers, you must create or select a project, and then configure the metrics scope of that project. After you add a resource container to a metrics scope, it becomes a monitored resource container.

Adding a resource container to a metrics scope doesn't change the container. However, this action lets the scoping project chart and monitor the time-series data stored by the resource container. If the added resource container includes children, time-series data stored in those child resources isn't charted or monitored by the scoping project.

To add resource containers to the metrics scope of the current project, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Monitoring Settings:

    Go to Monitoring Settings

  2. To add Google Cloud projects to the metrics scope, do the following:

    1. In the GCP Projects pane, click Add GCP Projects.
    2. In the Add Google Cloud projects dialog, click Select Projects, and then make your sections. To save your changes, click Select.

      You are returned to the Settings page, and the table on that page is updated to list your selections. If you want to remove a Google Cloud project from the list, click Remove project.

    3. Click Add projects.

    After you add projects to a metrics scope, it takes about 60 seconds for changes to propagate through all Monitoring systems. Before you create a chart or alerting policy, wait at least 60 seconds. You might need to refresh the Google Cloud console page for the new metrics to be visible.

Remove monitored resource containers from a metrics scope

After you remove a resource container from a metrics scope, the time-series data stored in that container can't be charted or monitored by the scoping project. Removing a container from a metrics scope doesn't change the configuration of charts, dashboards, alerting policies, uptime checks, or groups that you defined. However, the time series displayed on charts and the time series monitored by alerting policies might change.

To remove resource containers from the metrics scope of the current project, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Monitoring Settings:

    Go to Monitoring Settings

  2. To remove Google Cloud projects from the metrics scope, in the GCP Projects pane, select the projects that you want to remove, click Remove project, and then complete the confirmation dialog.

List monitored projects in a metrics scope

To display a list of projects in the current metrics scope, do the following:

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Monitoring Settings:

    Go to Monitoring Settings

  2. View the tables on this page. The tables list the projects in the current metrics scope.

You can also see the list of projects for the current metrics scope by going to the navigation pane, and then clicking Expand on the Metrics scope field. The expanded pane displays the following information:

  • A list of the projects whose metrics are accessible to the current metrics scope.
  • A list of projects whose metrics scope includes the selected project.

Select a different metrics scope

The project selected in the Google Cloud console project picker is the scoping project of the current metrics scope. There is a one-to-one relationship between a scoping project and a metrics scope.

To select a different metrics scope, select a different project with the Google Cloud console project picker.

What's next