The following Apigee hybrid Beta services require Google Cloud Project (GCP) service accounts to export logs and metrics to Stackdriver:
apigee-logger: Permits logging data collection, as described in Logging.
apigee-metrics: Permits metrics data collection, as described in Metrics collection.
apigee-cassandra: Permits Cassandra backups to Google Cloud Storage (GCS), as described in Backup and recovery.
You create GCP service accounts using the
hybrid_root_dir/tools/create-service-account utility. This utility creates a
service account in GCP and assigns the permissions and roles required by the hybrid services to the
newly created account.
To get started, update your gCloud project configuration by executing the following command:
gcloud config set project GCP_project
Where GCP_project is the project created in the hybrid prerequisites.
The syntax for the
create-service-account utility is as follows:
create-service-account service_account_name hybrid_service [gcp_project_id]
- service_account_name: Specifies the name of the service account.
- hybrid_service: Specifies the hybrid service that will use the service
account. This is either
- gcp_project_id: Specifies the Google Cloud Project (GCP) project ID. If the GCP project ID is not provided, the utility will attempt to retrieve it from the current gCloud configuration.
Create a new service account and create a role
The following example creates a new service account for the
apigee-logger hybrid service and assigns the role
logging.logWriter to the account:
create-service-account my-logger-svc-account apigee-logger
This role is required by the
apigee-logger service. The utility then downloads the
JSON keys for the service account into the current working directory.
Add new roles to an existing service account
You can assign new roles to existing service accounts by calling
with a different service as a command line argument.
create-service-account my-metrics-svc-account apigee-metrics