View metrics for multiple Cloud projects

This document describes how to use the Google Cloud console to configure a Google Cloud project so that you can view and monitor metrics stored in multiple Google Cloud projects. This document is intended for developers and system administrators who need to manage metrics for services and resources that are associated with different Cloud projects.

For information about how to configure a Cloud project programmatically, see Manage metrics scopes by using the API.

Before you begin

  • Ensure that your Identity and Access Management (IAM) roles on the scoping project, and on each project that you want to add as a monitored project, include the metricsScopesAdmin role. For more information, see Metrics scope configurations.

  • If you use VPC Service Controls, then you need to consider the order in which you create your multi-project metrics scope and your VPC perimeters. Cloud Monitoring performs the VPC perimeter check when a project is added to a metrics scope:

    • When you create the VPC perimeter first and then try to add a project to the metrics scope, the perimeter validation process runs. This process verifies that the added project is in the same perimeter as the scoping project, or that it is connected to the scoping project by a perimeter bridge. If the perimeter validation fails, then the addition of the project to the metrics scope also fails.

    • When you create your multi-project metrics scope first and then create your perimeters, the perimeter validation process doesn't run. This approach lets you access metrics for projects that are in different perimeters.

  • If you configure IAM roles or grant access to projects, then you must consider the implications of permissions on a project that is a scoping project for a multi-project metrics scope. A role that grants read permission to Monitoring data lets the user view all metrics accessible to the metrics scope for that project. For example, if the AllEnvironment project monitors the Production project, then a user who is viewing the metrics of the AllEnvironment project is also viewing the metrics of the Production project.

Add monitored projects

This section describes how to view metrics from multiple Google Cloud projects. To view metrics for multiple projects, you begin by selecting a Google Cloud project, and then you add projects to its metrics scope. The projects you add are called monitored projects. The metrics scope defines the set of Google Cloud projects whose metrics the current Google Cloud project can access.

To add monitored projects, do the following:

  1. In the Google Cloud console, select Monitoring or click the following button:
    Go to Monitoring
  2. Do one of the following:

    • To create a new multi-project metrics scope, do the following:

      1. Expand the Google Cloud console project picker menu and select New project.
      2. Complete the dialog.
      3. Select the new project with the Google Cloud console project picker.
    • To add monitored projects to an existing project, use the Google Cloud console project picker to select the scoping project whose metrics scope you want to modify.

  3. In the Monitoring navigation pane, select Settings.

  4. Click Add GCP Projects and then select the projects that you want to add.

  5. If prompted to choose between creating a project and using the current project as the scoping project, select Create a new scoping project.

    The prompt is shown only when the project selected by the Google Cloud console project picker contains at least one resource and when it doesn't have any monitored projects. For information about why we recommend that you use a new Cloud project, see Best practices for scoping projects.

  6. Click Add projects.

    After you add projects to a metrics scope, it takes about 60 seconds for changes to propagate through all Monitoring systems. Before you create a chart or alerting policy, wait at least 60 seconds. You might need to refresh the Google Cloud console page for the new metrics to be visible.

Remove monitored projects

When you remove a project from a metrics scope, the metrics stored in that project aren't accessible to the metrics scope. Removing a project from a metrics scope doesn't change the configuration of charts, dashboards, alerting policies, uptime checks, or groups that you defined. However, the time series displayed on charts and the time series monitored by alerting policies might change.

To remove monitored projects, do the following:

  1. In the Google Cloud console, select Monitoring or click the following button:
    Go to Monitoring
  2. Use the Google Cloud console project picker to select the Cloud project whose metrics scope you want to view or modify.
  3. In the Monitoring navigation pane, select Settings.
  4. In the GCP Projects in scope pane, select the projects that you want to remove and click Remove project.

List monitored projects

This section describes what metrics, as described by the project where the metric data is stored, are visible to the currently selected project. For example, metrics stored in monitored projects are shown on charts and they are monitored by alerting policies.

To display a list of monitored projects, do the following:

  1. In the Google Cloud console, select Monitoring or click the following button:
    Go to Monitoring
  2. Use the Google Cloud console project picker to select the Cloud project whose metrics scope you want to view or modify.
  3. In the Monitoring navigation pane, click Expand on the Metrics scope field.

    The expanded pane displays the following information:

    • A list of the projects whose metrics are accessible to the current metrics scope.
    • A list of projects whose metrics scope includes the current project.

    The following screenshot shows the page that is displayed when the AllEnvironments project is selected:

    Sample of the page that lists the monitored projects.

    The previous screenshot shows that no other projects can access the metrics stored by the AllEnvironments project. It also shows that this project contains two monitored projects: one named Staging and the other named Production.

You can also see which projects the current metrics scope monitors by selecting Settings in the Monitoring navigation pane.

Select a different metrics scope

The project selected in the Google Cloud console project picker is the scoping project of the current metrics scope. There is a one-to-one relationship between a scoping project and a metrics scope.

To select a different metrics scope, select a different project with the Google Cloud console project picker.

What's next