This doc includes information about the new service account authorization method, which is currently in beta.
To start receiving Google Cloud Platform (GCP) data with New Relic GCP integrations, connect your Google project to New Relic Infrastructure. You must install the Infrastructure agent before you can activate GCP integrations from your Infrastructure account.
Any user can view and explore the GCP data reporting to your New Relic Infrastructure account.
These are the requirements for the authorization:
|GCP integration requirements||Comments|
In the GCP project API & Services Library settings, you must enable Google Stackdriver Monitoring API.
For service account authorization:
A user with Project IAM Admin role is needed to add the service account ID as a member in your GCP project.
In the GCP project IAM & admin, the service account must have the Project Viewer role.
For user account authorization:
The New Relic user that will integrate the GCP project must have a Google account and must be able to view the GCP project that New Relic Infrastructure will monitor.
In the GCP project IAM & admin, the user must have the Project Viewer role.
As part of the online setup process, you must identify
|Permissions (only for user account authorization)||
New Relic requires a specific set of read-only permissions to receive data from the GCP project. Even if the user has broader permissions, New Relic does not inherit those permissions and is not authorized to make any changes in the project. For more information about the API permissions that New Relic uses, see the Google documentation about scopes.
Integrating your GCP project with New Relic requires you to authorize New Relic to fetch monitoring data from your GCP project. You can choose between two authorization methods: Service accounts or User accounts.
- Service account (recommended)
The service account authorization is recommended, and currently in a beta.
If you authorize New Relic to fetch data through a service account, New Relic will call your GCP project APIs using a service account ID and its associated public/private key pair.
New Relic manages a specific Google service account for your New Relic account; you do not need to create it or manage the associated private key. Just add the service account ID as a member with viewing permissions in your project.
This authorization method is recommended, especially if your GCP project is managed by a team.
- User account
If you authorize New Relic to fetch data through a user account, New Relic will access your GCP project monitoring data on behalf of a particular Google user.
The authorization process is very convenient as it is achieved through an OAuth workflow, which redirects you from the New Relic UI to a Google authorization interface. However, as the authorization is linked to a particular Google user, this method is not recommended for GCP projects that are managed by large teams.
Connect GCP to New Relic Infrastructure
You must install the Infrastructure agent on each GCP host to see data from that host. Connecting your Google account only allows Infrastructure to access GCP metadata, not the underlying hosts.
To connect your Google account to Infrastructure with user account authorization:
- Go to infrastructure.newrelic.com > Integrations > Google Cloud Platform. At the top of Infrastructure's Google Cloud Services integrations page, select Add a GPC account.
- Choose Authorization Method: Select either Authorize a Service Account or Authorize a User Account, and follow the instructions in the UI to authorize New Relic.
- Add projects: Select the projects that you want New Relic to receive data from.
- Select services: From the list of available services for your GCP account, select the individual services you want New Relic to receive data from, or select all of the services.
These services will be enabled for all of the projects that you selected in the previous step. Once the setup process is finished, you can fine-tune the services that you want monitored for each project individually.
- To complete the setup process, select Finish.
If you see API authentication errors, follow the troubleshooting procedures.
Explore app data in New Relic Infrastructure
After you authorize New Relic to integrate one or more of your Google project's services, New Relic starts monitoring your GCP data at regular polling intervals. After a few minutes, data will appear in the New Relic UI. To find and use your data, including links to your New Relic Insights dashboards and alert settings, go to infrastructure.newrelic.com > Integrations > Google Cloud Platform.
Link multiple Google projects
For your convenience, the setup process allows you to select more than one project at a time.
After the first setup, if you need to monitor additional GCP projects with New Relic Infrastructure, you can repeat the procedure to connect your GCP services as many times as you need.
Unlink your GCP integrations
You can disable any of your GCP integrations any time and still keep your Google project connected to New Relic Infrastructure.
|If you want to...||Do this|
|Disable a GCP service monitoring||
To disconnect individual GCP services but keep the integration with New Relic Infrastructure for other GCP services in your Google account:
|Unlink your project monitoring||
To uninstall all of your GCP services completely from New Relic Infrastructure Integrations, unlink your Google account:
|Clean your GCP Projects after unlinking New Relic||
To clean your GCP project after unlinking, follow these steps if you were using a service account:
Or follow these steps if you were using a user account:
|Uninstall the Infrastructure agent||
To uninstall your New Relic Infrastructure agent, follow the procedures for your operating system or configuration management tool.