This document discusses how to set permissions and enable access so you can:
- View service health events using the Service Health dashboard.
- Pull service health information using the Service Health API.
- Configure alerts relevant to your projects.
Before you begin
Make sure that billing is enabled for your Google Cloud project.
Access the Service Health API and dashboard
Personalized Service Health provides a predefined servicehealth.viewer role that you can
use to provide access to project members. Use this role to access the
Service Health API and dashboard.
| Role name | Description | Personalized Service Health permissions |
roles/servicehealth.viewer Personalized Service Health viewer
|
Read-only access to service health events. | servicehealth.location.list
|
You can use the roles and permissions directly through the gcloud CLI to set up proper access controls. For example, you can grant the role directly with the following command:
gcloud projects add-iam-policy-binding PROJECT_ID \
--member {USER|GROUP|SERVICE_ACCOUNT} \
--role roles/servicehealth.viewer
You can view the Identity and Access Management (IAM) policy for the given project with the following command:
gcloud projects get-iam-policy PROJECT_ID
Alternatively, you can add the permissions directly to an existing role:
gcloud iam roles update ROLE_ID --project=PROJECT_ID \
--add-permissions=servicehealth.events.list
gcloud iam roles update ROLE_ID --project=PROJECT_ID \
--add-permissions=servicehealth.events.get
gcloud iam roles update ROLE_ID --project=PROJECT_ID \
--add-permissions=servicehealth.locations.list
gcloud iam roles update ROLE_ID --project=PROJECT_ID \
--add-permissions=servicehealth.locations.get
Use APIs and services in your projects
- Enable the Service Health API for the project.
- Grant the Service Usage Consumer
role (
roles/serviceusage.serviceUsageConsumer).
Access logs and configure log alerts
Do the following:
- Enable the Service Health API for the project.
- Get permissions for log-based alerts.
If you don't want to grant the Monitoring NotificationChannel Editor role
(roles/monitoring.notificationChannelEditor), you can grant the Monitoring NotificationChannel Viewer role (roles/monitoring.notificationChannelViewer) instead to allow you to link to a notification channel to an alerting policy.
For more information about granting roles, see Manage access.
You might also be able to get the required permissions through custom roles or other predefined roles.
Enable Service Health API for a single project
Setting up alerts and pulling service health information require enabling the Service Health API. You can enable the API through the Google Cloud console or Google Cloud CLI.
Console
In the APIs and Services library, go to the Service Health API.
Alternatively, you can go to the API Library and search "Service Health API".
Select the project.
Select the Enable button.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
Make sure that the most recent version of Google Cloud CLI is installed. Run the following command from the Cloud Shell:
gcloud components update
Create or select a new project,
PROJECT_ID.Create a Google Cloud project:
gcloud projects create PROJECT_ID
Select the Google Cloud project that you created:
gcloud projects config set project PROJECT_ID
Enable the Service Health API in the project that you just created.
gcloud services enable servicehealth.googleapis.com \ --project PROJECT_ID
Script
You can use a script to enable the Service Health API for projects in your organization or folder.
For background information, see Enabling an API in your Google Cloud project.
The Service Health API and alerts will recognize new events a few hours after API enablement.