Error assigning GCP IAM Role for Creating Monitoring Policy
I am using a service account to create Monitoring Policy in my GCP Project. I am trying to identify the IAM role that's suited for this via this link and narrowing it down to "Cloud Monitoring" - https://cloud.google.com/iam/docs/understanding-roles#predefined
I have put in the following roles -- roles/monitoring.alertPolicyEditor roles/monitoring.admin
It doesn't seem to work and throws the following error --
ERROR: (gcloud.alpha.monitoring.policies.create) User [[email protected]] does not have permission to access projects instance [gcp-project] (or it may not exist): The caller does not have permission
When I assign the role - roles/owner. It seems to work. I don't want to assign Owner permission. Can someone help me what could be the appropriate role?
If you want to create a Monitoring Policy, you need the permissions “monitoring.alertPolicies.create” and “logging.notificationRules.create”. You need to grant the user in the IAM section the roles “Logging Admin” and “Monitoring AlertPolicy Editor”. That is explained in the following Google Official Documentation.
As you have added roles/monitoring.alertPolicyEditor and roles/monitoring.admin along with this try adding logging admin and roles/monitoring.alertPolicyEditor, roles/monitoring.notificationChannelEditor. Then you can create monitoring policies.
You can also add a browser role as suggested by John Hanley.
- Getting random "User not found in file /etc/passwd" error on Cloud Run Job
- Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
- Deploying a pelican site to Google Cloud Run with Dockerfile not working
- Is there a good explanation of resource labels versus metric labels?
- Why do I set the resource type when writing the metric but not when creating a descriptor?
- google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)
- GA4 Data Not Retained for More Than 60 Days Despite BigQuery Table Expiration Set to 'Never
- How to list all enabled API services for Google Cloud Platform project
- Google Cloud calendar API connection error
- Downloading a folder from cloud storage in GitHub action and move it inside a docker container is not working
- How to fix CloudRun error 'The request was aborted because there was no available instance'
- Google Cloud Build with Dockerfile and copy files
- Firebase CLI console: Cannot find module @google-cloud/tasks
- Does Cloud SQL have a query console or is CLI the only option?
- How to use Google Cloud Shell with the new Windows Terminal
- Why does GKE kubernetes cluster need a version?
- Unable to Read Mounted GCSFuse Directory After Adding --implicit-dirs Option
- Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
- Connection between Private GKE and Cloud SQL
- Kubernetes cluster architecture
- Validating PubSub message against AVRO JSON schema with multiple union types
- Can i run cloud run jobs locally
- How to log SSL/TLS Handshake details on Google Cloud Load Balancer
- Utilizing Gemini: Through Vertex AI or through Google/generative-ai?
- How to use Puppeteer in 2nd gen Cloud Functions?
- GCP Logging: who created a Project?
- Connection broken: IncompleteRead in Google Cloud Run
- How do I query firestore data that is inside collections in said document?
- Why would Mysql return "error Column cannot be null"?
- Permissions error when deploying to Google App Engine using flexible environment and Dockerfile