SaaS Manual Resource Creation (Google Cloud + BigQuery)
To enable Masthead Solution in your BigQuery data warehouse, it is required to create the next resources in your Google Cloud.
A user running an installation should have Owner permissions for the Google Cloud Project.
Or if the user has an Editor role, the next additional permissions are required: Logging Admin, Project IAM Admin, Role Administrator.
1. Select Google project
Choose a project where BigQuery datasets are located and you would like Masthead Solution to monitor them. Use this project to create resources further.
Copy the project ID; you would need it further during the installation while selecting the Manual deployment option.
2. Create Pub/Sub resources
Under this selected project, navigate to Pub/Sub
Click
Create Topic
. Set topic idmasthead-topic
. (unmark checkbox Add a default subscription)
Navigate into the newly created. Click
Create Subscription
Set subscription id:
masthead-agent-subscription
Set Cloud Pub/Sub topic ID:
masthead-topic
then scroll down a little ...Set Acknowledgement deadline: 60 seconds
Click
Create
and we are all done with Pub/Sub topic and Subscription.
3. Create Logs Router
Navigate to Logs Router from the Logging menu. Click Create Sink
button in the upper right corner and fill in the required fields:
Name:
masthead-agent-sink
Set Sink Destination: Cloud Pub/Sub topic -> choose from the dropdown newly created Pub/Sub topic
masthead-topic
Choose logs to include in the sink. Copy the text below and paste it into the filter.
Hit
Create Sink
to complete creation
4. Create a custom role
To get metadata of BigQuery schema and its tables and views, navigate to IAM & Admin -> Roles menu.
Click
Create Role
Set title:
masthead_bq_schema_reader
Description:
Masthead BigQuery assets metadata reader
Set Role Launch Satge:
General Availability
Click
Add Permissions
and add next permissions:
Hit
Create
to complete creation and click
5. Grant Masthead Service Account roles
Grant masthead-data@masthead-prod.iam.gserviceaccount.com
next roles
6. Grant Masthead Service Account to quickly onboard from retrospective data
The Masthead platform can gain insights in a few hours by parsing retrospective logs and creating a data model around them. To do so, please grant Service Account retro-data@masthead-prod.iam.gserviceaccount.com
a Private Logs Viewer
role.
Navigate to IAM & Admin -> IAM
Click on "GRANT ACCESS" button on the top left of the screen
Specify
retro-data@masthead-prod.iam.gserviceaccount.com
in the New principals fieldClick on "Select a role" and type
Private Logs Viewer
. Select foundPrivate Logs Viewer
role.
This will enable Masthead Agent to look up only recently produced events in the Google Cloud that correspond to the filter below.
Last updated