What is the logic for using a unique project to host a Stackdriver account when monitoring 2+ projects?

[Joshua Biggley]

What is the logic for the recommendation/best practice to have a separate project to host the Stackdriver account?

Best practice: When monitoring more than a single GCP project, create a new Stackdriver account hosted by a new, empty GCP project. Don't use the hosting project for any other purpose. You can add GCP projects and AWS accounts to the Stackdriver account when you create the Stackdriver account or at a later time.

Most of our teams have 2 projects (although some have more) and the suggestion was to use 'first built' project to host the Stackdriver account.  Just looking for the logic in the recommendation so we can defend it to our Cloud Architecture team.

Thanks 

[Mary Koes]

This was more important before we had custom IAM roles for Monitoring.Viewer, Monitoring.Editor, etc. and you had to grant someone Project.Editor or Project.Viewer to access Stackdriver.  

I'd argue that the best practice still holds in that since the project that hosts the Stackdriver Account contains dashboards, alerting policies, uptime checks, etc.  If you put VMs and logs etc. in that project and then want to delete that project, you'd lose all your Stackdriver dashboards, alerting policies, uptime checks, etc. for your entire Stackdriver Account.  Plus it's easier if you name the project something like "MyAppMonitoring" rather than "Webstore" which monitors 10 other projects.  

Best,

Mary

--
© 2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Stackdriver Discussion Google Group (google-stackdr...@googlegroups.com) to participate in discussions with other members of the GoogleStackdriver community.
---
You received this message because you are subscribed to the Google Groups "Google Stackdriver Discussion Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-stackdriver-d...@googlegroups.com.
To post to this group, send email to google-stackdr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-stackdriver-discussion/59992791-ca5e-49e1-ac54-5d634afd31da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Joshua Biggley]

Ahh, perfect. I have forwarded your response on to our Cloud Architects. They may reach out with other questions. I'm supporting the recommended design, but they are the responsible and accountable parties on the overall environment design to I may get overruled!

Josh