The Google Cloud Platform (GCP) Identity and Access Management (IAM) system enables you to grant granular access to specific Google Cloud resources and helps prevent access to other resources. Cisco Cloud Observability supports monitoring GCP IAM service accounts, which can be managed as principals or resources.

You must configure cloud connections to monitor this entity. See Configure Google Cloud Platform Connection.

Cisco Cloud Observability displays GCP entities on the Observe page. Metrics are displayed for specific entity instances in the list and detail views.

This document contains references to third-party documentation. Splunk AppDynamics does not own any rights and assumes no responsibility for the accuracy or completeness of such third-party documentation.

Detail View 

To display the detail view of a GCP IAM service account:

  1. Navigate to the Observe page.
  2. Under Cloud Governance & Security Management, click GCP IAM Service Accounts.
    The list view now displays.
  3. From the list, click an entity Name to display the detail view.
    The detail view displays metrics, key performance indicators, and properties (attributes) related to the instance you selected.

Metrics and Key Performance Indicators 

Cisco Cloud Observability displays the following metrics and key performance indicators (KPIs) for GCP IAM service accounts. See Google Cloud metrics.

Display NameSource MetricDescription
Service Account Authentications (Count)

service_account/authn_events_count

Number of authentication events for a service account.
Service Account Key Authentications (Count)service_account/key/authn_events_countNumber of authentication events for a service account key.

Properties (Attributes)

Cisco Cloud Observability displays the following properties for GCP IAM service accounts.

Display NameSource Property NameDescription
IDnameThe ID of the IAM service account.
NamedisplayNameA user-specified, human-readable name for the service account.
Project ID-The ID of the GCP project.
Region-The global string, hardcoded.
Numeric IDuniqueIdThe unique, stable numeric ID for the service account.
EmailemailThe email address of the service account.
OAUTH2oauth2ClientIdThe OAuth 2.0 client ID for the service account.
DisableddisabledSpecifies if the service account is disabled.


Retention and Purge Time-To-Live (TTL)

For all cloud and infrastructure entities, the retention TTL is 180 minutes (3 hours) and the purge TTL is 525,600 minutes (365 days). 

Third party names, logos, marks, and general references used in these materials are the property of their respective owners or their affiliates in the United States and/or other countries. Inclusion of such references are for informational purposes only and are not intended to promote or otherwise suggest a relationship between Splunk AppDynamics and the third party.