Managing Workspaces

This guide explains how to create and manage Workspaces. Your Google Cloud Platform projects and Amazon Web Service (AWS) accounts must be members of a Workspace before they can be monitored.

For an introduction to Workspaces and some best practices for using them, see Workspaces.

Selecting Workspaces

The current Workspace is displayed to the right of the Stackdriver logo at the top of the Stackdriver Monitoring console.

To see what Workspaces you have access to and how they are configured, go to the Manage Workspaces page of the Stackdriver Monitoring console by clicking this button:

Go to the Workspace page

On that page, do one of the following:

  • Click on a Workspace name to select it for use in Stackdriver Monitoring.

  • Click Edit to the right of a Workspace name to display the Workspace Settings page for that Workspace.

Creating a single-project Workspace

If you already have a GCP project and you simply want to monitor its resources, then create your Workspace directly from that project by doing the following:

  1. In the Stackdriver Monitoring console, go to the Create a new Workspace dialog. To do that, do one of the following, depending on what you are looking at:

    • If you see a dialog with a message like [SOME_PROJECT] is not in a Workspace, then select Create a new Workspace and click Continue.

    • Open the menu to the right of the Stackdriver logo at the top of the page. This has a list of all the available Workspaces. At the bottom of the menu, click Create Workspace.

    • Go to the Manage Workspace page and click the Add workspace button at the top-right of the page.

      Go to the Manage Workspace page

    Regardless of the method you used, you should now see the following dialog:

    Create Workspace

  2. Select the project you want to monitor in the Google Cloud Platform project box. If it is not already shown, click inside the box and you will see a list of available GCP projects. Click on the project you want to monitor.

    If you do not see your project, it might already be a Workspace or be monitored by a Workspace. Click Cancel and go to Selecting Workspaces.

  3. Click Create Workspace.

  4. The next few screens give you the opportunity to add more projects or AWS accounts. Skip those pages because they do not apply to this single-project use case. There are also other pages you can read or skip if you wish.

  5. Click Launch Monitoring when it appears.

You see the Monitoring home page for your new Workspace.

Converting from single-project to multi-project

You can convert a single-project Workspace into a multi-project Workspace by merging the single project Workspace into a second, empty Workspace.

Creating a multi-project Workspace

This procedure covers creating a Workspace that can monitor any number of AWS accounts or GCP projects. You create a new Workspace with an empty project, and then you add the projects or AWS accounts you want to monitor:

  1. In the Stackdriver Monitoring console, go to the Create a new Workspace dialog. To do that, do one of the following, depending on what you are looking at:

    • If you see a dialog with a message like [SOME_PROJECT] is not in a Workspace, then select Create a new Workspace and click Continue.

    • Open the menu to the right of the Stackdriver logo at the top of the page. This has a list of all the available Workspaces. At the bottom of the menu, click Create Workspace.

    • Click the Create workspace button near the top-right of the console.

    You should now see the following dialog:

    Create Workspace

  2. Click in the text box Google Cloud Platform project. If there is already a project name listed, then first remove it by clicking the Close icon and then click in the empty box.

  3. Click New Project at the top of the drop-down list.

    Fill in a name for the project. Since this project will be used only as a Workspace, it might be a good idea to include "workspace" or "ws" in the name.

  4. Click Create workspace. It will take a short time to create the GCP project and workspace.

  5. In the Add Google Cloud Platform projects to monitor dialog, check the names of any GCP projects you want to add to this Workspace. You do not have to select any projects—you can add them later if you need to. If you do not see the project you want to monitor in the list, it might already be monitored by a Workspace.

    Click Continue.

  6. In the Monitor AWS accounts dialog, go through the process of registering one or more AWS accounts if you wish. For more information, see Adding an AWS Account.

    You can skip this step and add configure an AWS account later by following instructions at Adding an AWS Account.

    Click Continue.

  7. You are given instructions for setting up the Monitoring agent on your VM instances. You can skip this page, or not, as you wish.

  8. You are asked to select an option for email reporting. You can change this setting in Workspace Settings page in the Stackdriver Monitoring console.

  9. You see a page that says Gathering Information. When this operation completes, click Launch Monitoring.

You see the Monitoring home page for your new Workspace.

Adding users to a Workspace

You can share your Workspace with other users by adding them as members to your Workspace project. You must have Project > Owner permission to the project to add more users. To add users to your workspace, go to the IAM console by clicking the following button:

Go to the IAM console

Do the following:

  1. Select your Workspace from the list of projects. Since you are not in the Stackdriver Monitoring console, your Workspace is represented by its hosting project with the same name.

  2. Click Add at the top of the page.

  3. Add a user, group, service account, or domain.

  4. Assign a Project role to the new member: Owner, Editor, Viewer, or Browser.

Adding monitored projects

This procedure covers adding a GCP project or an AWS account to an existing Workspace. To create a Workspace to which you can add projects and accounts, see Creating a multi-project Workspace.

Adding a GCP project or an AWS account requires the following Cloud IAM roles: + monitoring.editor on the Workspace if you are adding projects or accounts + project.creator on the parent organization of the Workspace if you are adding an AWS account

To add a GCP project or an AWS account, do the following:

  1. In the Stackdriver Monitoring console, go to the Manage Workspaces page by clicking the following button:

    Go to the Manage Workspaces page

    You see a page that lists all the Workspaces to which you have access.

    1. Click Edit on the line listing your Workspace. This takes you to the Workspace Settings page for the Workspace.

    2. Click Monitored Accounts under Settings. You see your project information in a page like the following:

    Monitored accounts

  2. To add a GCP project, click Add Google Cloud Platform projects. Check the names of any GCP projects you want to add to this Workspace. You do not have to select any projects.

  3. To add an AWS account, click Add AWS account. You see instructions for connecting to your AWS account:

    Authorize AWS

    1. Follow the instructions for connecting your AWS account.

    2. Click Add AWS account. Monitoring connects to your AWS account.

      During the connection, Stackdriver Monitoring creates an AWS connector projector project.

      Repeat these steps to add another AWS account.

Next steps

Removing a project from a Workspace

Before you begin, consider if removing a project or account might not be the right operation for you:

  • If you want to move projects or accounts from one Workspace to another Workspace, see Moving projects or Merging Workspaces.

  • If you have a single-project Workspace, you cannot remove the hosting project from the Workspace using the following procedure. Instead, use merge to change your hosting project to a regular monitored project, and then use the following procedure to remove the project from the merged Workspace.

When you remove a project or account from its Workspace, Monitoring no longer receives monitoring data from it. If you use Stackdriver Logging, then you can continue to access logs in the removed project. For AWS, the logs are in the removed AWS connector project.

Procedure

To remove a GCP project or an AWS account from a Workspace, do the following:

  1. Open the Stackdriver Monitoring console.

    Go to the Stackdriver Monitoring console

  2. Select the Workspace that contains the GCP project or the AWS account you want to remove.

  3. Select Workspace Settings from the same menu.

  4. On the "Settings" page, click Monitored accounts. You see the following page:

    Monitored accounts

  5. Locate the GCP project or AWS account you want to remove and select Remove from Workspace from the menu to the right of the project's name.

    If your intent is to move the project to another Workspace, select Move Project instead.

    If you remove an AWS account, you are removing the AWS connector project, which represents the AWS account.

Next steps

  • If you removed a GCP project, then you can add that project to another Workspace if you wish.

  • If you removed an AWS account, you cannot use the AWS connector project with another Workspace. You should delete the connector project and then add your AWS account to another Workspace, letting Monitoring create a new connector project. See Adding an AWS account.

Moving a project to another Workspace

To move a GCP project from one Workspace to another, follow the instructions for Removing a project and choose the Move project action rather than the Remove from Workspace action.

If you are trying to move the hosting project from a Workspace, then use the instructions in Merging Workspaces rather than those in Removing a project.

Combining two Workspaces

You can combine two Workspaces by merging one Workspace into another Workspace. This deletes the first Workspace. See Merging Workspaces.

Merging Workspaces

Merging Workspace A into Workspace B moves all the GCP projects except AWS connector projects from Workspace A to Workspace B. Specifically, here is the effect of merging A into B:

  • All GCP projects that were added to Workspace A are moved into Workspace B.
  • All AWS accounts in Workspace A are removed from A. You have to manually add the accounts to Workspace B. You can delete the AWS connector projects unless you need to retrieve the AWS account's logs from them.
  • The project that hosts Workspace A is added to Workspace B, even if the project is empty.

    The host project is the project you use to create the Workspace. This project typically has resources in the case of a single-project Workspace but is empty for a multi-project Workspace. Merging is the only way to separate this project from its Workspace.

  • All the monitoring and other configuration information in Workspace A is deleted. This includes dashboards, alerting policies, uptime checks, and so on. Workspace A no longer exists.

To merge Workspaces, do the following:

  1. Open the Monitoring console.

    Go to the Stackdriver Monitoring console

  2. If necessary, create Workspace B using an empty project.

  3. Select the Workspace that is to be kept ("B" in this scenario) from the drop-down menu at the top-right of the Monitoring console.
  4. Select Workspace Settings from the same menu.
  5. Click Monitored accounts from the left-side menu.
  6. Click Merge another Workspace into this one.
  7. Select the Workspace that is to be removed ("A" in this scenario).
  8. Read about what information is lost during the merge.
  9. Click Merge.

Deleting a Workspace

Before deleting a Workspace, check if project you used to create the Workspace has resources you want to preserve, or if the Workspace is still linked to additional GCP projects or AWS accounts. If so, see Merging Workspaces for a way to move resources to another place before deleting the Workspace.

If your Workspace project has nothing of value, then delete the Workspace by deleting the Workspace's project in the GCP Console. Go to IAM & admin > Settings and click Shut Down.

Restricting access to AWS accounts

To limit the AWS account permissions you give to Monitoring, see Minimal AWS permissions.

To revoke Monitoring's access to your AWS account, remove the Stackdriver IAM role from your AWS account.

Workspace billing

Workspaces do not have any costs associated with them. All chargeable activity is recorded in GCP projects containing your resources—that is, in the billing accounts associated with those projects. Some details of GCP and AWS billing are described in the following sections.

Removing a project from its Workspace does not necessarily stop all Stackdriver charges for logs and metrics usage. If any Stackdriver agents or other software modules continue to send metrics or logs to Stackdriver, then charges continue to accrue.

GCP project billing

When you create a resource in a GCP project, GCP begins to receive metrics and log entries from GCP services regarding that resource. Charges begin to accrue to your project's billing account right away, but much of the data is not chargeable or has such low volume that it does not trigger any charges.

Stackdriver Logging has access to all your GCP project's logs even without creating a Workspace. Adding your project to a Workspace gives Stackdriver Monitoring access to the monitoring data already being received, but the Workspace does not itself trigger any additional charges. Similarly, removing a project from a Workspace does not stop charges.

If you have VM instances in your GCP project that contain software that sends monitoring data or logs to Stackdriver APIs, then you will be charged for that data as long as the software is running. This includes the Monitoring agents), Logging agents, and third party libraries like Prometheus) that you might install. To stop charges, you must stop any software sending data to Stackdriver.

AWS account billing

When you add an AWS account to a Workspace, monitoring and logging data is sent by Stackdriver agents or other software to the AWS connector project, whose billing account receives any charges.

Much of the data sent from an AWS account comes via software agents running on VM instances and sending data to the AWS connector project created when you added your account to a Workspace. You are charged for that data as long as the software is sending data and the connector project still exists, regardless whether it remains connected to a Workspace.

Troubleshooting

I can't log in to my Workspace

Stackdriver Monitoring relies on cookies from various Google sites to manage Workspaces. If these cookies are blocked, you may find that you:

  • Cannot get past the Log in with Google dialog, and you see a message saying “Cookies are not enabled in current environment”.

  • Get stuck in an endless authentication loop.

Cookies can be blocked accidentally, or by automatic updates pushed out as part of changes in security policy at your location.

You must have third-party cookies enabled for the following:

  • google.com
  • accounts.google.com
  • apis.google.com

For information on enabling cookies, see your browser's documentation:

My email address is not accepted

Monitoring does not accept email addresses containing an apostrophe, although Google Cloud Platform does. Users with such email addresses are unrecognized when they attempt to use Monitoring.

I can't add a project to a Workspace because it's already in another Workspace

Projects can be associated with only one Workspace at a time:

Project resources are missing from Monitoring

It can take ten minutes or so before Monitoring notices new or removed resources, such as VM instances, in your projects.

If you start a service such as Compute Engine in a project that is associated with a Workspace, it can take a hour or more for Monitoring to notice the new service. Until that time, the service's resource types do not appear in any Monitoring menus.

How do I use Workspaces with Logging?

Stackdriver Logging does not use Workspaces. By using advanced log filters, you can view or manage log entries from multiple GCP projects or AWS accounts.

In the case of AWS accounts, you access logs through the AWS connector project that Monitoring creates when you add the account to a Workspace. Therefore, you do have to add your account to a Workspace and install the Stackdriver Logging agent on your VM instances in order to receive your logs.

Was this page helpful? Let us know how we did:

Send feedback about...

Stackdriver Monitoring