Minimum permissions for Google Cloud Platform.
When you set up a Google Cloud Platform integration, you have to give the VMware Aria Operations for Applications (formerly known as Tanzu Observability by Wavefront) service permissions to access the data you want to visualize and analyze.
Access Options
Data flows from GCP to VMware Aria Operations for Applications only if the account has the required access. You have several options, discussed in detail below
| Assign predefined roles | In most cases, it makes sense to give the Aria Operations for Applications account a small set of predefined roles. |
| Create IAM policy to specify limited access | Explicitly specify the access settings in a custom IAM policy. |
Assign Predefined Roles
You can assign the following predefined roles, depending on which aspect of GCP you want to monitor:
| Billing | Compute Viewer, Storage Admin |
| Metrics | Monitoring Viewer |
| To AutoDetect GKE clusters | GKEHub Viewer |
Giving Limited Access
Instead of using the roles above, you can predefine a custom role and assign the following permissions.
| Billing |
compute.instances.list
compute.zones.list
compute.disks.list
storage.buckets.list
|
| Metrics |
monitoring.metricDescriptors.list
monitoring.timeSeries.list
|
| To AutoDetect GKE clusters | gkehub.locations.list
|