Connect Google Cloud Platform services to Infrastructure

Access to these features will depend on your subscription level. All GCP integrations except for Google Compute Engine require Infrastructure Pro.

This doc includes information about the new service account authorization method, which is currently in beta.

To start receiving Google Cloud Platform (GCP) data with New Relic GCP integrations, connect your Google project to New Relic Infrastructure. You must install the Infrastructure agent before you can activate GCP integrations from your Infrastructure account.

Requirements

Any user can view and explore the GCP data reporting to your New Relic Infrastructure account.

Only Owner, Admins, or Infrastructure Add-on Managers can manage the GCP integrations.

These are the requirements for the authorization:

GCP integration requirements Comments
Monitoring

In the GCP project API & Services Library settings, you must enable Google Stackdriver Monitoring API.

Authorization

For service account authorization:

A user with Project IAM Admin role is needed to add the service account ID as a member in your GCP project.

In the GCP project IAM & admin, the service account must have the Project Viewer role.

For user account authorization:

The New Relic user that will integrate the GCP project must have a Google account and must be able to view the GCP project that New Relic Infrastructure will monitor.

In the GCP project IAM & admin, the user must have the Project Viewer role.

Project name

As part of the online setup process, you must identify Project name of the projects you want to monitor with New Relic. The UI workflow automatically lists active projects you can select.

Permissions (only for user account authorization)

New Relic requires a specific set of read-only permissions to receive data from the GCP project. Even if the user has broader permissions, New Relic does not inherit those permissions and is not authorized to make any changes in the project. For more information about the API permissions that New Relic uses, see the Google documentation about scopes.

Authorization options

Integrating your GCP project with New Relic requires you to authorize New Relic to fetch monitoring data from your GCP project. You can choose between two authorization methods: Service accounts or User accounts.

Service account (recommended)

The service account authorization is recommended, and currently in a beta.

If you authorize New Relic to fetch data through a service account, New Relic will call your GCP project APIs using a service account ID and its associated public/private key pair.

New Relic manages a specific Google service account for your New Relic account; you do not need to create it or manage the associated private key. Just add the service account ID as a member with viewing permissions in your project.

This authorization method is recommended, especially if your GCP project is managed by a team.

User account

If you authorize New Relic to fetch data through a user account, New Relic will access your GCP project monitoring data on behalf of a particular Google user.

The authorization process is very convenient as it is achieved through an OAuth workflow, which redirects you from the New Relic UI to a Google authorization interface. However, as the authorization is linked to a particular Google user, this method is not recommended for GCP projects that are managed by large teams.

Connect GCP to New Relic Infrastructure

You must install the Infrastructure agent on each GCP host to see data from that host. Connecting your Google account only allows Infrastructure to access GCP metadata, not the underlying hosts.

To connect your Google account to Infrastructure with user account authorization:

  1. Go to infrastructure.newrelic.com > Integrations > Google Cloud Platform. At the top of Infrastructure's Google Cloud Services integrations page, select Add a GPC account.
  2. Choose Authorization Method: Select either Authorize a Service Account or Authorize a User Account, and follow the instructions in the UI to authorize New Relic.
  3. Add projects: Select the projects that you want New Relic to receive data from.
  4. Select services: From the list of available services for your GCP account, select the individual services you want New Relic to receive data from, or select all of the services.

    These services will be enabled for all of the projects that you selected in the previous step. Once the setup process is finished, you can fine-tune the services that you want monitored for each project individually.

  5. To complete the setup process, select Finish.

If you see API authentication errors, follow the troubleshooting procedures.

Explore app data in New Relic Infrastructure

After you authorize New Relic to integrate one or more of your Google project's services, New Relic starts monitoring your GCP data at regular polling intervals. After a few minutes, data will appear in the New Relic UI. To find and use your data, including links to your New Relic Insights dashboards and alert settings, go to infrastructure.newrelic.com > Integrations > Google Cloud Platform.

Link multiple Google projects

For your convenience, the setup process allows you to select more than one project at a time.

After the first setup, if you need to monitor additional GCP projects with New Relic Infrastructure, you can repeat the procedure to connect your GCP services as many times as you need.

Unlink your GCP integrations

You can disable any of your GCP integrations any time and still keep your Google project connected to New Relic Infrastructure.

If you want to... Do this
Disable a GCP service monitoring

To disconnect individual GCP services but keep the integration with New Relic Infrastructure for other GCP services in your Google account:

  1. Go to infrastructure.newrelic.com > Integrations > Google Cloud Platform and select Manage services.
  2. From your GCP account page, make changes to the checkbox options for available services and select Save changes.
Unlink your project monitoring

To uninstall all of your GCP services completely from New Relic Infrastructure Integrations, unlink your Google account:

  1. Go to infrastructure.newrelic.com > Integrations > Google Cloud Platform and select Manage services.
  2. From your GCP account page, select Unlink account and select Save changes.
Clean your GCP Projects after unlinking New Relic

To clean your GCP project after unlinking, follow these steps if you were using a service account:

  1. Open the GCP IAM Console.
  2. Select the project you want to unlink from New Relic and click Open.
  3. Select the service account that is used by New Relic.
  4. Click the Remove icon.

Or follow these steps if you were using a user account:

  1. Open your Google user account settings.
  2. Open the Apps with access to your account section.
  3. Choose New Relic application.
  4. Choose Remove Access.
Uninstall the Infrastructure agent

To uninstall your New Relic Infrastructure agent, follow the procedures for your operating system or configuration management tool.

For more help

Recommendations for learning more: