Skip to content
This repository has been archived by the owner on Apr 3, 2024. It is now read-only.

Commit

Permalink
Describe enabling Debugging API access scopes for GCE instances in RE…
Browse files Browse the repository at this point in the history
…ADME (#224)

PR-URL: #224
  • Loading branch information
kjin authored Jan 24, 2017
1 parent 1e8e6bc commit fdbbea5
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,13 @@ the [Google Cloud Console][dev-console]. You can start adding snapshots and log-

## Running on Google Cloud Platform

Stackdriver debugger agent should work out of the box if your code is running on Google Cloud Platform, just make sure that the [Stackdriver Debugger API][debugger-api] is enabled on your project (this is the default).
The Stackdriver Debugger Agent should work without manually provided authentication credentials for instances running on Google Cloud Platform, as long as the [Stackdriver Debugger API][debugger-api] access scope is enabled on that instance. For Google App Engine instances, this is automatic if the Debugger API has been enabled for your project (which it is by default).

For Google Compute Engine instances, you need to explicitly enable the Debugger API access scope for each instance. When creating a new instance through the GCP web console, you can do this in one of two ways under **Identity and API access**:
* Use the Compute Engine default service account and select "Allow full access to all Cloud APIs" under Access scopes.
* Select a service account with the [**Cloud Debugger Agent**][debugger-roles] role, which contains the necessary permissions (or any other role with at least the same permissions). You may need to create one if you don't have one already.

You may add the Stackdriver Debugger API access scope to existing Compute instances if they are running as a non-default service account by adding the Cloud Debugger Agent role to the service account. For more information, see the docs for [Creating and Enabling Service Accounts for Instances][service-account-docs].

## Running elsewhere

Expand Down Expand Up @@ -134,6 +140,8 @@ As soon as that line of code is reached in any of the running instances of your
[cloud-console-projects]: https://console.cloud.google.com/iam-admin/projects
[app-default-credentials]: https://cloud.google.com/identity/protocols/application-default-credentials
[service-account]: https://console.cloud.google.com/apis/credentials/serviceaccountkey
[service-account-docs]: https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances
[debugger-roles]: https://cloud.google.com/debugger/docs/iam#roles
[npm-image]: https://img.shields.io/npm/v/@google-cloud/debug.svg
[npm-url]: https://npmjs.org/package/@google-cloud/debug
[travis-image]: https://travis-ci.org/GoogleCloudPlatform/cloud-debug-nodejs.svg?branch=master
Expand Down

0 comments on commit fdbbea5

Please sign in to comment.