GCP Infrastructure Explorer

Open in ChatGPT Open in Claude

The Coralogix GCP Infrastructure Explorer integration connects a GCP project to Coralogix and periodically collects resource metadata for Compute Engine, Google Kubernetes Engine (GKE), and Cloud Storage. The collected metadata enriches Infrastructure Explorer with cloud context so you can audit, search, and investigate GCP resources alongside the telemetry related to them.

Overview

GCP Infrastructure Explorer authenticates with a Google Cloud service account, then scans the selected project on a configurable schedule. For every supported resource found, the integration sends a metadata record to Coralogix that includes the raw Google Cloud resource description plus standard cloud attributes such as cloud.provider, cloud.account.id, cloud.region, and cloud.availability_zone.

The default poll interval is 10 minutes, which is also the minimum allowed value. Each integration scans 1 GCP project. To scan multiple projects, create 1 integration per project.

Supported resources

The integration currently collects metadata for the following GCP resource types:
Resource group Resource types
Compute Engine Instances, disks, images, instance groups, networks, subnets, firewalls, routes
Google Kubernetes Engine (GKE) Clusters, node pools
Cloud Storage Buckets, objects

Authentication methods

The integration supports 2 authentication methods:

Account key: upload a service account key file to Coralogix
Impersonation: grant the Coralogix principal permission to impersonate your service account

Prerequisites

A GCP project that contains the resources you want to scan
A Google Cloud service account for this integration
GCP Identity and Access Management (IAM) permissions that match the resource types you select for scanning
The INTEGRATIONS:DEPLOY permission in Coralogix

Configure a service account

Create or reuse a Google Cloud service account for the project you want to scan. Grant the service account a predefined role or custom role that includes the permissions required by your selected scan options.

If you use impersonation, also grant the Service Account Token Creator role to the Coralogix principal shown during setup.

For general Google Cloud service account setup, see GCP - getting started.

Required GCP permissions

Grant only the permissions required by the scan options you select:
Scan option Required permissions
Scan compute instances compute.instances.list
Scan compute disks compute.disks.list
Scan compute images compute.images.list
Scan compute instance groups compute.instanceGroups.list
Scan compute networks compute.networks.list
Scan compute subnets compute.subnetworks.list
Scan compute firewalls compute.firewalls.list
Scan compute routes compute.routes.list
Scan clusters container.clusters.list
Scan node pools container.clusters.list, container.clusters.get
Scan storage buckets storage.buckets.list
Scan storage objects storage.buckets.list, storage.objects.list
GCP billing project ID serviceusage.services.use on the billing project

The serviceusage.services.use permission applies only when you provide a caller-specified billing project.

GCP Infrastructure Explorer integration deployment

STEP 1. Access Data Flow, then Integrations.

STEP 2. From the Integrations section, select GCP Infrastructure Explorer.

STEP 3. Select ADD NEW.

STEP 4. Select the account key or impersonation authentication flow.

Use the flow-specific step that applies to you:

If you selected account key authentication, complete Step 5
If you selected impersonation authentication, skip to Step 6

Account key only

STEP 5. If you selected account key authentication, upload the JSON key file for the service account that has access to the resources you want to scan, then select NEXT.

Common settings

STEP 6. Define your settings:

Integration name: a name for the integration. The default value is GCP Infrastructure Explorer.
Service Account Principal: for impersonation, enter the service account email that Coralogix should impersonate.
GCP Project ID: enter the GCP project ID to scan. For account key authentication, Coralogix can read the project ID from the uploaded key when the key includes project_id.
GCP Billing Project ID: optional. Enter a caller-specified project for quota and billing purposes. The caller must have serviceusage.services.use permission on this project.
Poll interval in minutes: how often the integration scans your project. The default and minimum value is 10.
Select GCP zones: select the zones to scan. Select zones when you collect zonal or regional resources, including compute instances, disks, instance groups, subnets, clusters, and node pools.
Compute Engine Resource Scanning: select the Compute Engine resource types to scan:
- Scan compute instances
- Scan compute disks
- Scan compute images
- Scan compute instance groups
- Scan compute networks
- Scan compute subnets
- Scan compute firewalls
- Scan compute routes
Cluster Resource Scanning: select the GKE resource types to scan:
- Scan clusters
- Scan node pools
Storage Resource Scanning: select the Cloud Storage resource types to scan:
- Scan storage buckets
- Scan storage objects

Select at least 1 scan option.

STEP 7. Select NEXT.

Impersonation only

STEP 8. If you selected impersonation authentication, copy the Coralogix principal from Service Account Delegate.

STEP 9. In the Google Cloud console, open the service account you entered in Service Account Principal.

STEP 10. Go to Principals with access, then select Grant access.

STEP 11. Paste the Coralogix principal into New principals, assign the Service Account Token Creator role, and select Save.

Note

It can take a few minutes for the Google Cloud IAM role change to take effect.

STEP 12. Return to Coralogix and select Complete.

Verify the setup

In Google Cloud, confirm that the service account has the required permissions for every scan option you selected
For impersonation, confirm that the Coralogix principal has the Service Account Token Creator role on the service account
On the Coralogix Integrations page, confirm the integration shows Active within one poll interval
In Coralogix, open Infrastructure Explorer and confirm that GCP resources appear for the scanned project

Parameters and descriptions

Parameter	Description	Default	Required
Integration name	Display name shown in the integrations list.	`GCP Infrastructure Explorer`	Yes
Service Account Principal	Service account email that Coralogix impersonates. Impersonation flow only.		Conditional
GCP Project ID	GCP project ID to scan. Required for impersonation. For account key authentication, Coralogix can read it from the uploaded key when the key includes `project_id`.		Conditional
GCP Billing Project ID	Caller-specified project for quota and billing purposes. Requires `serviceusage.services.use` on the billing project.		No
Service Account Delegate	Read-only Coralogix principal to grant `Service Account Token Creator` in Google Cloud. Impersonation flow only.		Conditional
Poll interval in minutes	How often the integration scans your project. Minimum `10`.	`10`	No
Select GCP zones	GCP zones to scan. Required when any selected scan option depends on zones or derived regions.		Conditional
Scan compute instances	Collects metadata for Compute Engine instances.	`false`	Yes
Scan compute disks	Collects metadata for Compute Engine disks.	`false`	Yes
Scan compute images	Collects metadata for Compute Engine images.	`false`	Yes
Scan compute instance groups	Collects metadata for Compute Engine instance groups.	`false`	Yes
Scan compute networks	Collects metadata for Compute Engine networks.	`false`	Yes
Scan compute subnets	Collects metadata for Compute Engine subnets.	`false`	Yes
Scan compute firewalls	Collects metadata for Compute Engine firewalls.	`false`	Yes
Scan compute routes	Collects metadata for Compute Engine routes.	`false`	Yes
Scan clusters	Collects metadata for GKE clusters.	`false`	Yes
Scan node pools	Collects metadata for GKE node pools.	`false`	Yes
Scan storage buckets	Collects metadata for Cloud Storage buckets.	`false`	Yes
Scan storage objects	Collects metadata for Cloud Storage objects.	`false`	Yes

What gets collected

For every scanned resource, the integration sends a metadata record to Coralogix with attributes such as:

cloud.provider: always gcp
cloud.account.id: the GCP project ID
cloud.region: the GCP region, when the resource has regional context
cloud.availability_zone: the GCP zone, when the resource has zonal context
cx.entity.interval: the configured poll interval, in seconds
gcp.gce.instance.raw_description: the full raw resource JSON for Compute Engine instances
gcp.gce.disk.raw_description: the full raw resource JSON for Compute Engine disks
gcp.gce.image.raw_description: the full raw resource JSON for Compute Engine images
gcp.gce.instancegroup.raw_description: the full raw resource JSON for Compute Engine instance groups
gcp.gce.network.raw_description: the full raw resource JSON for Compute Engine networks
gcp.gce.subnetwork.raw_description: the full raw resource JSON for Compute Engine subnets
gcp.gce.firewall.raw_description: the full raw resource JSON for Compute Engine firewalls
gcp.gce.route.raw_description: the full raw resource JSON for Compute Engine routes
gcp.gke.cluster.raw_description: the full raw resource JSON for GKE clusters
gcp.gke.nodepool.raw_description: the full raw resource JSON for GKE node pools
gcp.storage.bucket.raw_description: the full raw resource JSON for Cloud Storage buckets
gcp.storage.object.raw_description: the full raw resource JSON for Cloud Storage object metadata

Limitations

Each integration scans 1 GCP project. To scan multiple projects, create 1 integration per project.
Organization-wide project discovery is not supported.
The integration collects resource metadata only. It does not ingest logs, metrics, traces, or Cloud Storage object contents.
The minimum poll interval is 10 minutes. Coralogix rejects lower values.

Support

Need help?

Coralogix customer success is available 24/7 to walk you through your setup and answer questions.

Use the in-app chat or email [email protected].

Need help? Contact Support.

What's new? Find out here.

LLM? Read llms.txt.

Previous GCP metrics

Next GCP log explorer

Resource group	Resource types
Compute Engine	Instances, disks, images, instance groups, networks, subnets, firewalls, routes
Google Kubernetes Engine (GKE)	Clusters, node pools
Cloud Storage	Buckets, objects

Scan option	Required permissions
Scan compute instances	`compute.instances.list`
Scan compute disks	`compute.disks.list`
Scan compute images	`compute.images.list`
Scan compute instance groups	`compute.instanceGroups.list`
Scan compute networks	`compute.networks.list`
Scan compute subnets	`compute.subnetworks.list`
Scan compute firewalls	`compute.firewalls.list`
Scan compute routes	`compute.routes.list`
Scan clusters	`container.clusters.list`
Scan node pools	`container.clusters.list`, `container.clusters.get`
Scan storage buckets	`storage.buckets.list`
Scan storage objects	`storage.buckets.list`, `storage.objects.list`
GCP billing project ID	`serviceusage.services.use` on the billing project