Workspaces

Using the Google Cloud Console

Stackdriver Monitoring uses Workspaces to organize monitoring information.

This page describes all of the following:

  • Conceptual information on Workspaces.
  • Permissions needed to create and modify a Workspace.
  • Billing implications when using Workspaces.

What is a Workspace?

A Workspace is a tool for monitoring resources contained in one or more Google Cloud projects or AWS accounts. Each Workspace can have between 1 and 100 monitored projects, including Google Cloud projects and AWS accounts. You can have as many Workspaces as you wish, but Google Cloud projects and AWS accounts can't be monitored by more than one Workspace.

A Workspace accesses metric data from its monitored projects, but the metric data and log entries remain in the individual projects.

Host projects

Every Workspace has a host project. The Google Cloud project that is used to create the Workspace, is the Workspace's host project. The Workspace name matches the name of the host project. The following diagram shows Workspace A monitoring only its host project, A:

Illustration of a single-project workspace.

The host project stores all of the configuration content for dashboards, alerting policies, uptime checks, notification channels, and group definitions that you you configure.

To create a Workspace for Google Cloud project, you must have one of the roles listed in Required permissions.

Monitored projects

After you have a Workspace, you can add more Google Cloud projects and AWS accounts to it using the instructions under Adding monitored projects.

If you plan to monitor more than just your host project, then the best practice is to use a new, empty Google Cloud project to host the Workspace and then to add the projects and AWS accounts you want to monitor to your Workspace. This strategy lets you choose a useful name for your host project and Workspace, and it gives you a little more flexibility in moving monitored projects between Workspaces. The following diagram shows Workspace W monitoring Google Cloud projects A and B and AWS account D:

Illustration of a multi-project workspace.

AWS Connector projects

In the preceding diagram, a Google Cloud project that connects your monitored AWS account to the Workspace. Monitoring creates this AWS connector project when you add an AWS account to a Workspace. The connector project has a name beginning with AWS Link, and it has the same parent organization as the Workspace. To find the name and details about your AWS connector projects, in the Monitoring menu of the Cloud Console, select Settings.

The billing account associated with the AWS connector project is used for Stackdriver Monitoring and Stackdriver Logging charges for the AWS account. For more information, see Billing.

In the Cloud Console, AWS connector projects appear as regular Google Cloud projects. Don't use connector projects for any other purpose, and don't delete them while your Workspace is still connected to your AWS account.

Required permissions

This section identifies the Cloud Identity and Access Management (Cloud IAM) roles required to create a Workspace and to add a Google Cloud project to a Workspace.

Create Workspace permissions

To create a Workspace for an existing Google Cloud project you must have one of the following Cloud IAM roles on that project:

  • Project Owner
  • Monitoring Editor
  • Monitoring Admin
  • Stackdriver Accounts Editor

To create a Workspace for an existing AWS account, you need the permission to create a Google Cloud host project and the permission to add the AWS account to the Workspace.

Add to Workspace permissions

To add a Google Cloud project to an existing Workspace, your Cloud IAM roles for the Workspace's host project and for the project being added must be one of the roles listed in Create Workspace permissions.

To add an AWS account to an existing Workspace, your Cloud IAM role for the Workspace's host project must be one of the roles listed in Create Workspace permissions. Because the addition of an AWS account to a Workspace creates an AWS connector project, you might need additional permissions:

  • If the host project isn't in an organization or a folder, you don't need any additional permissions.

  • If the host project is in an organization but not a folder, you need permission to create a Google Cloud project at the organization level.

  • If the host project is in a folder, you currently can't add the AWS account to the Workspace.

What are my permissions?

To determine your role for a project, do the following:

  1. Open the Cloud Console and select the Google Cloud project:

    Go to Cloud Console

  2. To view your role, click IAM & admin. Your role is on the same line as your username.

To determine your organization-level permissions, contact your organization's administrator.

Billing

There is no charge for creating a Workspace.

Charges for logging and metric data ingested by the monitored projects are associated with that projects' billing account. For AWS accounts, this means the billing accounts of the AWS connector projects:

  • For Google Cloud projects, if you have VM instances that contain software that sends monitoring data or logs to Stackdriver Monitoring APIs, then you are charged for that data. This software includes the Monitoring agents, Logging agents, and third party libraries like Prometheus that you might install. You continue to accrue charges while that software is running.

  • When you add an AWS account to a Workspace, monitoring and logging data is sent by Stackdriver Monitoring agents, Stackdriver Logging agents, or other software to the AWS connector project, whose billing account receives any charges.

For more information about pricing and free allotments, see Stackdriver Monitoring pricing.

To stop all Stackdriver Monitoring charges for metrics usage, do one of the following:

  • Disable the Monitoring APIs
  • Stop Stackdriver Monitoring agents, Stackdriver Logging agents, and other software modules from sending metrics or logs to your Google Cloud project, or to the AWS connector projects.

Removing a project from its Workspace doesn't affect Stackdriver Monitoring charges for logs and metrics usage.

Disabling Monitoring

To disable the collection of Monitoring data in your Google Cloud project, do the following:

  1. From the Cloud Console, select the Google Cloud project or the AWS connector project, and then go to APIs & Services:

    Go to APIs & Services

  2. Select Stackdriver Monitoring API.

  3. Click Disable API

What's next

Using the Stackdriver Monitoring console

Workspaces organize monitoring information in Stackdriver Monitoring. Using Workspaces, you can monitor important resources, regardless of where they are. In the Stackdriver Monitoring console, you see the current Workspace at the top of each page:

Workspace name in console page

Workspace permissions

To use Monitoring, you must have a Workspace. However, not every user that can view Monitoring can create a Workspace or add a Google Cloud project or AWS account to a Workspace. This section identifies the Cloud Identity and Access Management (Cloud IAM) roles required for those activities.

Create Workspace permissions

To create a Workspace for an existing Google Cloud project you must have one of the following Cloud IAM roles on that project:

  • Project Owner
  • Monitoring Editor
  • Monitoring Admin
  • Stackdriver Accounts Editor

To create a Workspace for an existing AWS account, you need the permission to create a Google Cloud host project and the permission to add the AWS account to the Workspace.

Add to Workspace permissions

To add a Google Cloud project to an existing Workspace, your Cloud IAM roles for the Workspace's host project and for the project being added must be one of the roles listed in Create Workspace permissions.

To add an AWS account to an existing Workspace, your Cloud IAM role for the Workspace's host project must be one of the roles listed in Create Workspace permissions. Because the addition of an AWS account to a Workspace creates an AWS connector project, you might need additional permissions:

  • If the host project isn't in an organization or a folder, you don't need any additional permissions.

  • If the host project is in an organization but not a folder, you need permission to create a Google Cloud project at the organization level.

  • If the host project is in a folder, you currently can't add the AWS account to the Workspace.

What are my permissions?

To determine your role for a project, do the following:

  1. Open the Cloud Console and select the Google Cloud project:

    Go to Cloud Console

  2. To view your role, click IAM & admin. Your Role is on the same line as your username.

To determine your organization-level permissions, contact your organization's administrator.

Getting a Workspace quickly

To create a Workspace for an existing Google Cloud project, do the following:

  1. Go to the Cloud Console:

    Go to Cloud Console

  2. In the menu bar, click the drop-down list next to the Google Cloud and select your Google Cloud project.

  3. Click Monitoring.

  4. If the Add your project to a Workspace dialog is displayed, create a new Workspace by selecting your Google Cloud project under New Workspace and then clicking Add. In the following image, the Google Cloud project name is Quickstart:

    Select workspace.

    The Add your project to a Workspace dialog is displayed only when you have at least one existing Workspace available to you. The Workspaces listed under Existing Workspace are Workspaces you've created or Workspaces for Google Cloud projects where you have editorial permission. Using this dialog, you can choose between creating a new Workspace and adding your project to an existing Workspace.

Next, Monitoring creates a new Workspace and adds your Google Cloud project to the Workspace. During Workspace creation, Monitoring proceeds through the following phases:

  1. Building your Workspace
  2. Enabling Stackdriver APIs
  3. We're still collecting data for your new Workspace

These phases might take several minutes to complete. When this process is complete, the Stackdriver Monitoring console displays the Monitoring Overview pane and a welcome message:

Overview and welcome message.

For more information about Workspace creation, go to Creating a single-project Workspace.

What is a Workspace?

A Workspace is a tool for monitoring resources contained in one or more Google Cloud projects or AWS accounts. Each Workspace can have between 1 and 100 monitored projects, including one or more Google Cloud projects and any number of AWS accounts. You can have as many Workspaces as you wish, but Google Cloud projects and AWS accounts can't be monitored by more than one Workspace.

A Workspace contains the custom dashboards, alerting policies, uptime checks, notification channels, and group definitions that you use with your monitored projects. A Workspace can access metric data from its monitored projects, but the metric data and log entries remain in the individual projects.

The host project

The first monitored Google Cloud project in a Workspace is called the host project, and it must be specified when you create the Workspace. The name of that project becomes the name of your Workspace. The following diagram shows Workspace A monitoring only its host project, A:

Single-project workspace

Monitored projects

After you have a Workspace, you can add more Google Cloud projects and AWS accounts to it using the Adding monitored projects instructions.

If you plan to monitor more than just your host project, then the best practice is to use a new, empty Google Cloud project to host the Workspace and then to add the projects and AWS accounts you want to monitor to your Workspace. This lets you choose a useful name for your host project and Workspace, and gives you a little more flexibility in moving monitored projects between Workspaces. The following diagram shows Workspace W monitoring Google Cloud projects A and B and AWS account D:

Multi-project workspace

AWS Connector projects

In the preceding diagram, a Google Cloud project that connects your monitored AWS account to the Workspace. Monitoring creates this AWS connector project when you add an AWS account to a Workspace. The connector project has a name beginning with AWS Link, and it has the same parent organization as the Workspace. To get the name and details about your AWS connector projects, go to the Inspecting Workspace section.

The billing account associated with the AWS connector project is used for Stackdriver Monitoring and Stackdriver Logging charges for the AWS account. For more information, go to Billing on this page.

In the Cloud Console, AWS connector projects appear as regular Google Cloud projects. Don't use connector projects for any other purpose, and don't delete them while your Workspace is still connected to your AWS account.

Inspecting Workspace

To view all of your Workspaces:

  1. In the Cloud Console, select Monitoring:

    Go to Monitoring

  2. Click Menu in the menu bar, and select Manage Workspaces.

  3. Click a Workspace's name to make it the current Workspace.

  4. To view detailed information about a Workspace and its monitored projects, click Edit.

Outside of Stackdriver Monitoring, you cannot view a Workspace. You only see a Workspace's host project, which has the same name.

Billing

There is no charge for creating Workspaces. Logging and metric data are ingested by the individual monitored projects, so any charges are associated with the billing accounts of the monitored projects. For AWS accounts, this means the billing accounts of the AWS connector projects.

For more information, go to Stackdriver pricing.

What's next

Hai trovato utile questa pagina? Facci sapere cosa ne pensi:

Invia feedback per...

Stackdriver Monitoring