Documentation forSolarWinds Platform Self-Hosted

Configure Google Cloud Platform for monitoring

To monitor Google Cloud Platform (GPC) resources, configure GCP to allow the SolarWinds Platform to collect data by using a dedicated service account with the required permissions.

Required permissions

The service account must have the following IAM roles assigned at the GCP project level. Assign roles based on the features you plan to monitor.

Required for Required roles Description
Baseline access (required)
  • roles/viewer
Provides read-only access to all GCP resources. If assigned, you don’t need the more specific compute- or network-specific viewer roles listed below.
Compute and monitoring access
  • roles/compute.viewer
  • roles/monitoring.viewer
  • roles/dns.reader
  • roles/compute.networkViewer
Use these roles instead of roles/viewer if you want more granular permissions.
Network connectivity monitoring
  • roles/networkmanagement.viewer
Required to monitor network traffic and connectivity.
Tag‑based monitoring
  • roles/tagUser
  • roles/tagViewer
Required if you monitor resources by using GCP tags.
Instance management actions
  • roles/compute.instanceAdmin.v1

or

  • roles/editor

Allows start, stop, and delete operations on Compute Engine instances.

The roles/editor role also allows start, stop, and delete operation on additional GCP resources.

Cloud SQL monitoring
  • roles/cloudsql.viewer
  • roles/logging.viewer
Required for monitoring cloud SQL in addition to roles/monitoring.viewer.
Load balancer monitoring
  • roles/compute.networkViewer
  • roles/monitoring.viewer

Required to view load balancer configuration and metrics.

roles/monitoring.viewer is needed for graphs in the Load Balancer Monitoring tab or for API queries.

You can also use roles/viewer, but this gives read-only access to the entire project, not only to networking and monitoring.

Cost monitoring (BigQuery)
  • roles/bigquery.dataViewer
  • roles/bigquery.jobUser
  • roles/bigquery.user

 

or

  • a custom role including bigquery.datasets.create, bigquery.datasets.update, bigquery.datasets.createTagBinding.​

 Required to read billing export data, run queries, and manage datasets for cost monitoring.

Required APIs/services

  • Cloud DNS API
  • Cloud Resource Manager API
  • Compute Engine API
  • CloudMonitoring API
  • Cloud SQL - used for database monitoring
  • Cloud SQL Admin API - used for database monitoring
  • Network Management API
  • Network Services API

Create a GCP service account in the GCP console

Before you begin, contact an IT admin and have GCP projects within your organization created.

See Create service accounts in Google documentation for more information.

  1. Log in to the Google console using an account with admin privileges.

  2. Enable the required APIs/services.

    See Enabling an API in Google Cloud documentation.

  3. Create a service account. See Create service accounts in Google Cloud documentation.

  4. Grant the account the required roles. See IAM basic and predefined roles reference in Google Cloud documentation.

  5. Generate a private key for the service account. As the key type, select JSON. See Create and delete service account keys in Google Cloud documentation.

    The generated key file contains the GCP credentials needed to add the GCP account to the SolarWinds Platform.