Help Docs

Site24x7's Google Cloud monitoring onboarding method: Service Account Impersonation

This help document will explain the step-by-step process of Google Cloud monitoring with authentication via the Service Account Impersonation method.

Note

If you have already onboarded your GCP account using the JSON key method, you can seamlessly switch to the Service Account Impersonation method by following the instructions in this help document. Once completed, Site24x7 will begin monitoring via impersonation, and your existing configurations will remain intact.

Prerequisites

Authenticate via the Service Account Impersonation method

Step 1: Creating a Service Account

  1. Log in to the Google Cloud console.
  2. Go to IAM & Admin > Service Accounts.
  3. Create a Service Account with your required inputs, like the display name.
  4. Assign the necessary permissions to this Service Account.

Step 2: Assigning Site24×7's principal email address to the Service Account

  1. Open the Site24x7 web client and go to Cloud > GCP > Add Monitor > Service Account Impersonation.
  2. Copy the Site24x7 service principal shown on the Site24x7 Add GCP Monitor page.
  3. In the Google Cloud console, in the Service Accounts menu, find the Service Account you created in Step 1.
  4. Go to the Permissions tab and click Grant Access.
    google cloud console permissions tab
    1. Paste your Site24x7 principal into the New principals text box.
      google cloud console permissions tab
    2. Assign the role of Service Account Token Creator and click Save.
  5. Copy the Service Account Email.

Step 3: Entering the Service Account's email address in Site24x7 for monitoring

  1. Open the Site24x7 web client and go to Cloud > GCP > Add Monitor.
  2. On the Service Account Impersonation tab, paste the Service Account Email you copied earlier.
  3. Fill in the display name for easy identification of the account.
  4. Proceed to filter the resources based on your monitoring requirements.
  5. Once you've configured the settings above, click Start GCP Monitoring.
google cloud console permissions tab

Common troubleshooting instructions

  • Access errors: Ensure that the Service Account has the correct permissions and that the principal is added with the appropriate roles.
  • Missing resources: Double-check your filters to ensure all the intended resources are included or excluded as desired.

Reasons for migration to the Service Account Impersonation method

Service Account keys are persistent credentials that, if exposed, can lead to unauthorized access and privilege escalation. Service Account Impersonation, on the other hand, generates short-lived credentials that are valid only for a limited duration. This reduces the risk of misuse and ensures credentials are not stored permanently.

Impersonation requires a previously authenticated identity, adding an extra layer of security. It allows administrators to manage permissions and access centrally without distributing keys.

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!