Overview
The Google Cloud Platform (GCP) integration enables Steadwing to read logs, traces, and errors from your GCP projects. During root cause analysis, Steadwing queries Cloud Logging, Cloud Trace, and Error Reporting to identify issues, trace request flows, and analyze error patterns that correlate with production incidents.Why Use GCP with Steadwing?
Log Analysis
Access Cloud Logging data to investigate application and infrastructure logs
Distributed Tracing
Analyze request traces to identify latency and performance bottlenecks
Error Tracking
Query Error Reporting for exception patterns and error frequencies
Cloud Infrastructure
Correlate incidents with GCP service events and resource states
Benefits
- Comprehensive Log Access - Query logs from all GCP services and custom applications
- Trace-Based Debugging - Follow request flows across microservices to find root causes
- Error Pattern Detection - Identify recurring errors and their distribution
- Read-Only Access - Steadwing only reads data, with no write permissions required
- Multi-Project Support - Connect multiple GCP projects for unified analysis
Setup Instructions
Step 1: Create a Service Account
- Go to the GCP Console
- Select your project
- Navigate to IAM & Admin → Service Accounts
- Click + Create Service Account
- Configure the service account:
- Service account name: steadwing-integration
- Service account ID: steadwing-integration (auto-generated)
- Description: Steadwing read-only access for logs, traces, and errors
- Grant the following read-only roles:
- Logs Viewer (
roles/logging.viewer) - Cloud Trace Viewer (
roles/cloudtrace.user) - Error Reporting Viewer (
roles/errorreporting.viewer)
- Logs Viewer (
- Click Done to create the service account
Step 2: Connect via Google Authentication
- Navigate to Steadwing Integrations
- Find the Google Cloud Platform integration card
- Toggle the switch to Enable the integration
- You’ll be redirected to Google’s authentication page
- Sign in with your Google account that has access to your GCP project
- Grant Steadwing the requested read-only permissions
- You’ll be redirected back to Steadwing with the integration connected
How GCP Integration Works
Data Collection
Steadwing queries GCP for:- Cloud Logging - Application logs, system logs, audit logs, and custom logs
- Cloud Trace - Distributed traces showing request latency and service dependencies
- Error Reporting - Error events, stack traces, and error frequency data
- Resource Metadata - GCP service information and resource configurations
Root Cause Analysis
When analyzing an incident, Steadwing:- Identifies the incident time window
- Queries relevant logs from Cloud Logging
- Retrieves distributed traces for affected requests
- Analyzes error patterns from Error Reporting
- Correlates GCP events with incident timing
- Includes log excerpts, traces, and error insights in the RCA report
Read-Only Operations
All GCP API calls are read-only:- ✅ Read log entries
- ✅ Query trace data
- ✅ View error reports
- ❌ No write operations
- ❌ No resource modifications
- ❌ No configuration changes
Configuration
Required Permissions
The GCP service account requires these read-only roles:| Role | Permission | Purpose |
|---|---|---|
| Logs Viewer | roles/logging.viewer | Read Cloud Logging entries |
| Cloud Trace Viewer | roles/cloudtrace.user | Access distributed trace data |
| Error Reporting Viewer | roles/errorreporting.viewer | Read error reports and statistics |
Multi-Project Setup
To monitor multiple GCP projects:- Ensure your Google account has access to multiple projects
- Authenticate once through the Steadwing integrations page
- Select which projects you want to grant Steadwing access to during the OAuth flow
FAQs
Does Steadwing require write permissions to GCP?
Does Steadwing require write permissions to GCP?
No, Steadwing only requires read-only access. The integration uses Logs Viewer, Cloud Trace Viewer, and Error Reporting Viewer roles, which provide no write capabilities.
Do I need to create a service account?
Do I need to create a service account?
Yes, you need to create a service account in your GCP project with the appropriate read-only roles. After that, authentication is handled automatically through Google’s OAuth flow when you toggle the integration in Steadwing.
Can Steadwing modify my GCP resources or logs?
Can Steadwing modify my GCP resources or logs?
No, the required permissions are strictly read-only. Steadwing cannot modify logs, delete traces, change configurations, or alter any GCP resources.
What Google account should I use to authenticate?
What Google account should I use to authenticate?
Use a Google account that has access to your GCP projects. The account should have permissions to view the resources that the service account has been granted access to.
Does this count against my GCP API quotas?
Does this count against my GCP API quotas?
Yes, API calls made by Steadwing count toward your GCP project quotas. The integration is optimized to make minimal calls, typically only during active incident analysis.
Can I connect multiple GCP projects?
Can I connect multiple GCP projects?
Yes, during the OAuth authentication flow, you can select multiple projects to grant Steadwing access to. Your Google account must have appropriate permissions for each project.
How do I revoke Steadwing's access to GCP?
How do I revoke Steadwing's access to GCP?
To revoke access, go to your Google Account permissions page, find Steadwing, and remove access. You can also toggle off the integration in Steadwing Settings.