OpsCompanion Docs
Integrations

Google Cloud Platform

Connect OpsCompanion to your GCP projects for comprehensive cloud monitoring and security

Google Cloud Platform Integration

Connect your Google Cloud Platform (GCP) projects to OpsCompanion for real-time monitoring, security insights, and compliance tracking.

Quick Start

Get started in under 5 minutes:

  1. Run the Setup Script - Automated service account creation with read-only access
  2. Register Your Project - Add your project ID to OpsCompanion
  3. Start Monitoring - View resources, audit logs, and security recommendations

Get Started →

What You Can Monitor

Compute Resources

  • Compute Engine - VMs, instance groups, disks, snapshots
  • Google Kubernetes Engine - Clusters, nodes, workloads
  • Cloud Run - Services, revisions, traffic splits
  • App Engine - Applications, services, versions

Storage & Databases

  • Cloud Storage - Buckets, objects, access controls
  • Cloud SQL - Instances, databases, backups
  • BigQuery - Datasets, tables, jobs
  • Firestore - Databases, collections

Networking

  • VPC Networks - Networks, subnets, firewall rules
  • Cloud DNS - Zones, records
  • Cloud Load Balancing - Load balancers, backends
  • Cloud CDN - Cache configurations

Security & Identity

  • IAM - Service accounts, roles, policies
  • Cloud KMS - Keys, key rings
  • Secret Manager - Secrets (metadata only)
  • Security Command Center - Findings and recommendations

Operations

  • Cloud Logging - Log entries and sinks
  • Cloud Monitoring - Metrics and alerts
  • Cloud Trace - Performance traces
  • Error Reporting - Application errors

Audit Logging

  • Admin Activity - Who made what changes
  • Data Access - Who accessed what data
  • System Events - GCP-initiated events
  • Policy Denied - Permission denials

Permissions Model

Read-Only Access

OpsCompanion uses a service account with viewer-only permissions. This means it can see and analyze your environment but cannot make any changes.

Can access:

  • Resource metadata and configurations
  • Logs and metrics
  • Billing information
  • IAM policies

Cannot access or modify:

  • Create, update, or delete resources
  • Change IAM policies
  • Secret values or credentials
  • Billing settings

Workload Identity Federation

Uses short-lived credentials instead of static service account keys for enhanced security.

Setup Guides

Service Account Setup

Complete guide to setting up read-only access for project monitoring

Architecture

┌─────────────────────────────────────────┐
│         Your GCP Project                │
│                                         │
│  ┌────────────────────────────────┐     │
│  │  Service Account (Viewer)      │     │
│  │  ops-{project}-sa              │     │
│  └──────────┬─────────────────────┘     │
│             │                           │
│             │ Workload Identity         │
│             │ Federation                │
│  ┌──────────▼─────────────────────┐     │
│  │  Audit Log Sink                │     │
│  │  → Pub/Sub Topic               │─────┼──┐
│  └────────────────────────────────┘     │  │
│                                         │  │
└─────────────────────────────────────────┘  │

┌────────────────────────────────────────────▼────┐
│         OpsCompanion Platform                   │
│                                                 │
└─────────────────────────────────────────────────┘

Support

Need help? We're here:

Integrations

Connect your entire development stack to OpsCompanion

GCP Integration Setup Guide

Connect your GCP projects to OpsCompanion using Terraform

On this page

Google Cloud Platform IntegrationQuick StartWhat You Can MonitorCompute ResourcesStorage & DatabasesNetworkingSecurity & IdentityOperationsAudit LoggingPermissions ModelRead-Only AccessWorkload Identity FederationSetup GuidesArchitectureSupport