Creating Workspaces

Cloud Monitoring uses Workspaces to organize and manage its information. This page explains how to create a Workspace for an existing Google Cloud project, and it describes how you can create a Workspace to manage the monitoring information for multiple Google Cloud projects.

A Workspace can manage the monitoring data for a single Google Cloud project, or it can manage the data for multiple Google Cloud projects and AWS accounts. However, a Google Cloud project or an AWS account can only be associated with one Workspace at a time. For a conceptual overview, see Workspaces.

To create a Workspace to manage the monitoring data for an existing Google Cloud project, see Creating a Workspace.

To create a Workspace to manage the monitoring data for multiple Google Cloud projects or AWS accounts, see Creating your first multi-project Workspace and Multi-project Workspace best practices.

Authorization

This section describes the roles or permissions needed to create a Workspace and to add a project to an existing Workspace. For detailed information about Cloud Identity and Access Management (Cloud IAM) for Cloud Monitoring, see Access control.

Each Cloud IAM role has an ID and a name. Role IDs have the form roles/monitoring.editor and are passed as arguments to the gcloud command-line tool when configuring access control. For more information, see Granting, changing, and revoking access. Role names, such as Monitoring Editor, are displayed by the Cloud Console.

Required Cloud Console roles

To create a Workspace, your Cloud IAM role name for the Google Cloud project must be one of the following:

  • Monitoring Editor
  • Monitoring Admin
  • Project Owner

To add an AWS account to an existing Workspace, your Cloud IAM role for the Workspace's host project must be one of the roles previously listed. Because the addition of an AWS account to a Workspace creates an AWS connector project, you might need additional permissions:

  • If the host project isn't in an organization or a folder, you don't need any additional permissions.

  • If the host project is in an organization but not a folder, you need permission to create a Google Cloud project at the organization level.

  • If the host project is in a folder, you currently can't add the AWS account to the Workspace.

To view a list of roles and their associated permissions, see Roles.

Determining your role

To determine your role for a project by using the Cloud Console, do the following:

  1. Open the Cloud Console and select the Google Cloud project:

    Go to Cloud Console

  2. To view your role, click IAM & admin. Your role is on the same line as your username.

To determine your organization-level permissions, contact your organization's administrator.

Creating a Workspace

To create a Workspace for an existing Google Cloud project, do the following:

  1. Go to the Cloud Console:

    Go to Cloud Console

  2. In the toolbar, select your Google Cloud project by using the from the project selector.

  3. Ensure that you have the proper permission to create a Workspace for your Google Cloud project. For more information, see Authorization.

  4. In the Cloud Console navigation menu, click Monitoring. If this Google Cloud project is already associated with a Workspace, then the Monitoring Overview window is displayed. Otherwise, a Workspace is created. The Workspace creation flow follows one of two paths:

    • If you've never created a multi-project Workspace, then a Workspace is created automatically. Your Google Cloud project is the Workspace host project. The Workspace and Google Cloud project also have the same name. Creation of the Workspace takes a few moments.
    • If you've created a multi-project Workspace, then you have the option to create a Workspace or to add the Google Cloud project to an existing Workspace. In this scenario, the Add your project to a Workspace dialog is displayed:

      Add to existing or choose to create new workspace dialog.

    After the Workspace is created, the Monitoring Overview window is displayed.

Creating your first multi-project Workspace

To create your first multi-project Workspace, you must use one of two approaches:

  • Add a Google Cloud project to an existing Workspace.
  • Merge one Workspace into another Workspace.

In both cases, you use the options listed in the Settings window of a Workspace. You must use the merge option when both Google Cloud projects have their own Workspace.

After you have a multi-project Workspace, you can create a multi-project Workspace when you select Monitoring for a Google Cloud project that isn't part of a Workspace. In this case, you have the option to create a Workspace or to add the project to an existing Workspace.

For information on the permissions necessary to add a Google Cloud project to a Workspace, see Authorization.

Using add

Assume that you have two new Google Cloud projects, Project-A and Project-B, and that you want to create a multi-project Workspace for these projects. Because these projects are new, neither is associated with a Workspace.

To create your first multi-project workspace, do the following:

  1. Create a Workspace for Project-A.

  2. In the Monitoring navigation pane, select Settings.

  3. In the Settings window, select Add GCP Projects. In the dialog, select Project-B and click Add Projects.

    After the add operation completes, the Settings window lists two Google Cloud projects for the Workspace. In this case, Project-A is the host project.

Using merge

Assume that you have two Google Cloud projects, Project-A and Project-B, and that you want to create a multi-project Workspace for these projects. Also assume that these projects are host projects for a Workspace. That is, a Workspace has been created for Project-A, and a different Workspace has been created for Project-B.

Because both projects are host projects for a Workspace, to have both projects in the same Workspace, you must merge the Workspaces:

  1. In the Monitoring navigation pane, use the Workspace selector to select Project-A. This is the Workspace that is to be retained.

  2. In the Monitoring navigation pane, select Settings.

  3. In the Settings window, select Merge, and then select the Workspace named Project-B. To save the change, click Merge.

    After the merge operation completes, the Settings window lists Project-A and Project-B as members of the Workspace. In this case, Project-A is the host project.

Multi-project Workspace best practice

If you want to create a multi-project Workspace, the best practice is to use the following procedure:

  1. Create a Google Cloud project to be the Workspace host project. This project should be empty of resources. That is, it doesn't have any VM instances, Cloud Spanner tables, or other resources.

  2. Create a Workspace for the new project. For details, see Creating a Workspace.

  3. Add Google Cloud projects or AWS accounts to the Workspace by following the steps in Adding monitored projects.

By using this approach, you can move a project that was added in the last step, to a different Workspace, or you can remove it from the Workspace. The move and remove actions affect only the project being moved or removed. No other project in the Workspace is affected.

The host project, which in this case is empty, can't be moved to a different Workspace and it can't be removed from it's Workspace. Both of these actions required that you merge the host project's Workspace into a different Workspace. A merge action impacts every project in a Workspace. By using an empty host project, you eliminate the potential that a future need might require the host project to be moved to a different Workspace. For more information, see Managing Workspaces.

Adding a project or account to a Workspace

To add a Google Cloud project or an AWS account that isn't associated with a Workspace to an existing Workspace, do the following:

  1. In the Google Cloud Console, select the Google Cloud project that is the host project for your Workspace:

    Go to Cloud Console

  2. In the navigation pane, select Monitoring and then select Settings.

  3. To add a Google Cloud project to the Workspace, click Add GCP projects and then select the projects to add to the Workspace. To save the changes, click Add projects.

  4. To add an AWS account to the Workspace, click Add AWS account:

    1. Follow the instructions for connecting your AWS account.

      Add AWS account dialog that asks for Role ARN and account description.

    2. Click Add AWS account. Monitoring connects to your AWS account.

      During the connection, Cloud Monitoring creates an AWS connector project.

      Repeat these steps to add another AWS account.