Terraform to create appropriate GCP resources and Sysdig Monitor Cloud account for cloud monitoring. Requires the Sysdig Terraform Provider.
Your user must have following roles in your GCP credentials
- Owner
- Organization Admin (organizational usage only)
To authorize the cloud CLI to be used by Terraform check the following Terraform Google Provider docs
- Create a new service account for the specified project(s) in GCP
- Add the monitoring.viewer role to the account
- Generate a service account key for the account
- Generate a new cloud account record with GCP credentials in Sysdig
provider "google" {
project = "gcp-project-id"
region = "us-west1"
}
provider "sysdig" {
sysdig_monitor_url = "https://app.sysdigcloud.com"
sysdig_monitor_api_token = "3FB95ACF-0122-4AF9-8723-F05C48B8134F"
}
module "sysdig_monitor_cloud_account" {
source = "github.com/sysdiglabs/terraform-gcp-monitor-for-cloud/single-project"
gcp_project_id = "gcp-project-id"
}
There are 2 options for the variable parent_folder_id:
- Set it to the direct parent directory of the GCP projects that integrations will be generated for. This is not a recursive function, so no integrations will be generated for projects under any of the other folders.
- Leave it blank. The script will attempt to generate integrations for every project under the organization.
provider "google" {
region = "us-west1"
}
provider "sysdig" {
sysdig_monitor_url = "https://app.sysdigcloud.com"
sysdig_monitor_api_token = "3FB95ACF-0122-4AF9-8723-F05C48B8134F"
}
module "sysdig_monitor_cloud_account" {
source = "github.com/sysdiglabs/terraform-gcp-monitor-for-cloud/organization"
parent_folder_id = "298047817376 " // (Optional)
}