GCP Cloud Storage#

Google Cloud Storage is a service for storing objects in Google Cloud. An object is an immutable piece of data consisting of a file of any format. Objects are stored in containers called buckets. Each bucket is associated with a project, and you can group your projects under an organization.

Use the Observe GCP app to gain insight into the health and performance of your cloud object storage. Use it to answer questions such as:

  • How many upload or download requests have been made on my storage buckets?

  • Which of those requests result in errors?

  • Are my object replications succeeding?

  • How are my object ACLs changing? How are they used?

  • Which of my organization’s buckets have potentially risky configurations?

View Cloud Storage activity in Observe#

To see the health and activity of your cloud storage buckets, go to the Storage Buckets dataset in Observe.

Monitoring dashboard for the Cloud Storage resource dataset.

Figure 1 - Cloud Storage Monitoring dashboard

The GCP/Storage Monitoring dashboard gives a high-level overview of your activity on your storage buckets, including:

  • How many requests, of which type, are being made on each bucket?

  • Which storage buckets are returning errors?

  • How much data has been uploaded from and downloaded to your buckets?

The dashboard also gives details related to potentially important security or compliance events and configurations, including:

  • Which buckets might have object ACLs that allow public access?

  • Which object ACL edits occurred that actually do give public access?

  • Which buckets are missing important configurations such as lifecycle rules, logging configurations, or versioning.

For a complete list of the GCP metrics collected, see GCP Cloud Storage metrics.

Monitors#

The GCP app contains two monitor templates for storage buckets:

  • Storage Public Access granted to Google Cloud Storage object - Alerts every time an object ACL is modified to grant it public access

  • Storage High Error Count for Google Cloud Storage requests - Alerts if any bucket returns more than 10 errors in the last 5 minutes

To use a template, go to the list of templates on the Monitors page and select Duplicate for the one you wish to use. Make any desired configuration changes on the Create a Monitor page and save to enable it.

Setup#

Metrics

Metric data collection is enabled by default in the GCP app. If you installed the app with a custom configuration, you may need to add storage.googleapis.com/ to the list of metric type prefixes in your poller configuration.

Audit Logs

To enable Cloud Audit Logs, go to the Audit Logs configuration page in your GCP account. In the Service column, select Google Cloud Storage. Then select your desired audit logs in the right sidebar.

To enable audit logs, under the "Services" column, select "Google Cloud Storage" and then from the right-hand side select which audit logs you wish to capture.

Figure 3 - GCP Cloud Storage Logs