Minimum permissions for Google Cloud Platform

When you set up a Google Cloud Platform integration, you have to give the Wavefront service a permissions to access the data you want to visualize and analyze.

Access Options

Data flows from GCP to Wavefront only if the account has the required access. You have several options, discussed in detail below:

Assign predefined roles In most cases, it makes sense to give the Wavefront account a small set of predefined roles.
Create IAM policy to specify limited access Explicitly specify the access settings in a custom IAM policy.

Assign Predefined Roles

You can assign the following predefined roles, depending on which aspect of GCP you want to monitor:

Billing Compute Viewer, Storage Admin
Metrics Monitoring Viewer
To AutoDetect GKE clusters GKEHub Viewer

Giving Wavefront Limited Access

Instead of using the roles above, you can predefine a custom role and assign the following permissions.

Billing compute.instances.list compute.zones.list compute.disks.list storage.buckets.list
Metrics monitoring.metricDescriptors.list monitoring.timeSeries.list
To AutoDetect GKE clusters gkehub.locations.list