You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 2, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: gdi/get-data-in/connect/gcp/gcp-connect.rst
+2-16Lines changed: 2 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,21 +44,7 @@ To configure your GCP service:
44
44
45
45
#. Log into your GCP account and select the project you want to monitor in the GCP web console.
46
46
47
-
#. From the sidebar, select :menuselection:`IAM &admin`, then :menuselection:`Service Accounts`.
48
-
49
-
#. Go to :guilabel:`Create Service Account` at the top of the screen, complete the following fields, and select :guilabel:`CREATE`.
50
-
51
-
* **Service account name**. Enter ``Splunk``.
52
-
53
-
* **Service account ID**. This field autofills after you enter ``Splunk`` for Service account name.
54
-
55
-
* **Service account description**. Enter the description for your service account.
56
-
57
-
#. (Optional) Select a role to grant this Service account access to the selected project, then select :guilabel:`CONTINUE`.
58
-
59
-
#. Activate Key type :guilabel:`JSON`, and select :guilabel:`CREATE`. A new service account key JSON file is then downloaded to your computer. You will need this key to authenticate in Splunk Observability Cloud.
60
-
61
-
#. In a new window or tab, go to :new-page:`Cloud Resource Manager API <https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com?pli=1>`, and activate the Cloud Resource Manager API. You need to activate this API so Splunk Observability Cloud can use it to validate permissions on the service account keys.
47
+
#. Authenticate your GCP project using Workload Identity Federation or Service Account Keys. For more details, see :ref:`gcp-prereqs-authenticate`.
62
48
63
49
.. _gcp-projects:
64
50
@@ -85,7 +71,7 @@ By default, Splunk Observability Cloud monitors all supported services, and any
85
71
86
72
* Name. Type in the name of the GCP integration.
87
73
88
-
* Project. Select :guilabel:`Add Project`, next select :guilabel:`Import Service Account Key` and import one or more of the JSON key files that you downloaded from GCP in :ref:`Configure GCP <gcp-two>`.
74
+
* Project. Select :guilabel:`Add Project` to add a new project and follow the prompts to authenticate it. For more details, see :ref:`gcp-prereqs-authenticate`.
89
75
90
76
* Services. By default the new integration syncs with all supported GCP services. Select :guilabel:`All services > Sync only selected services` to select specific services to sync with.
Copy file name to clipboardExpand all lines: gdi/get-data-in/connect/gcp/gcp-prereqs.rst
+33-7Lines changed: 33 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,22 +14,48 @@ Prerequisites
14
14
15
15
You must be an administrator of your Splunk Observability Cloud organization to create a GCP connection.
16
16
17
+
.. _gcp-prereqs-authenticate:
18
+
17
19
Authenticate your Google account
18
20
============================================
19
21
20
-
You need your service account keys to be able to integrate your GCP services with Splunk Observability Cloud. Check the restrictions on your organization's account keys before connecting to Splunk Observability Cloud.
22
+
Authenticate using Workload Identity Federation (recommended)
Use Workload Identity Federation (WIF) to authenticate your GCP account in Splunk Observability Cloud. It's safer, and with WIF you won't have to export and rotate service account keys.
26
+
27
+
To set up Workload Identity Federation to authenticate Splunk Observability Cloud to access your GCP Cloud Monitoring data take these steps:
21
28
22
-
For more information, refer to:
29
+
#. Follow the instructions in the :new-page:`Workload Identity Federation Setup Utils <https://github.com/signalfx/gcp_workload_identity_federation>` GitHub repo.
23
30
24
-
* GCP's docs on :new-page:`Service account keys <https://cloud.google.com/iam/docs/service-account-creds#key-types>`
25
-
* Google's official announcement on the new permission policies at :new-page:`Introducing stronger default Org Policies for our customers <https://cloud.google.com/blog/products/identity-security/introducing-stronger-default-org-policies-for-our-customers/>`
31
+
#. Run the :new-page:`Workload Identity Federation Setup Script <https://github.com/signalfx/gcp_workload_identity_federation/blob/main/cli/README.md>` or use the :new-page:`Terraform Setup Module <https://github.com/signalfx/gcp_workload_identity_federation/blob/main/terraform/README.md>`.
26
32
27
-
Authenticate using Workload Identity Federation
33
+
To learn more refer to GCP's :new-page:`Workload Identity Federation <https://cloud.google.com/iam/docs/workload-identity-federation>` documentation.
Alternatively, if you're connecting to Splunk Observability Cloud using the API you can use :new-page:`GCP's Workload Identity Federation (WIF) <https://cloud.google.com/iam/docs/workload-identity-federation>` to access your Google Cloud resources and authenticate them. It's safer, and with WIF you won't have to export and rotate service account keys.
38
+
Alternatively you can use your service account keys to integrate your GCP services with Splunk Observability Cloud. Before you proceed read Google's official announcement on GCP permission policies at :new-page:`Introducing stronger default Org Policies for our customers <https://cloud.google.com/blog/products/identity-security/introducing-stronger-default-org-policies-for-our-customers/>`.
39
+
40
+
To authenticate using your service account keys go to the GCP console and follow these steps:
41
+
42
+
#. From the sidebar, select :menuselection:`IAM &admin`, then :menuselection:`Service Accounts`.
43
+
44
+
#. Go to :guilabel:`Create Service Account` at the top of the screen, complete the following fields, and select :guilabel:`CREATE`.
45
+
46
+
* **Service account name**. Enter ``Splunk``.
47
+
48
+
* **Service account ID**. This field autofills after you enter ``Splunk`` for Service account name.
49
+
50
+
* **Service account description**. Enter the description for your service account.
51
+
52
+
#. Select a role to grant this Service account access to the selected project, then select :guilabel:`CONTINUE`.
53
+
54
+
#. Activate Key type :guilabel:`JSON`, and select :guilabel:`CREATE`. A new service account key JSON file is then downloaded to your computer. You will need this key to authenticate in the :guilabel:`Import Service Account Key` step in Splunk Observability Cloud.
55
+
56
+
#. In a new window or tab, go to :new-page:`Cloud Resource Manager API <https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com?pli=1>`, and activate the Cloud Resource Manager API. You need to activate this API so Splunk Observability Cloud can use it to validate permissions on the service account keys.
31
57
32
-
See how to authenticate with WIF in the Splunk Observability Cloud developer documentation at :new-page:`Integrate GCP <https://dev.splunk.com/observability/docs/integrations/gcp_integration_overview>`.
58
+
For more information, refer to GCP's docs on :new-page:`Service account keys <https://cloud.google.com/iam/docs/service-account-creds#key-types>`.
0 commit comments