Minimum permissions for Google Cloud Platform.

When you set up a Google Cloud Platform integration, you have to give the VMware Tanzu Observability (formerly known as VMware Aria Operations for Applications) service permissions to access the data you want to visualize and analyze.

Access Options

Data flows from GCP to Tanzu Observability only if the account has the required access. You have several options, discussed in detail below

Assign predefined roles In most cases, it makes sense to give the Tanzu Observability account a small set of predefined roles.
Create IAM policy to specify limited access Explicitly specify the access settings in a custom IAM policy.

Assign Predefined Roles

You can assign the following predefined roles, depending on which aspect of GCP you want to monitor:

Billing Compute Viewer, Storage Admin
Metrics Monitoring Viewer
To AutoDetect GKE clusters GKEHub Viewer

Giving Limited Access

Instead of using the roles above, you can predefine a custom role and assign the following permissions.

Billing compute.instances.list compute.zones.list compute.disks.list storage.buckets.list
Metrics monitoring.metricDescriptors.list monitoring.timeSeries.list
To AutoDetect GKE clusters gkehub.locations.list