diff --git a/README.md b/README.md
index e001d2da2c7130df899181fbcbabb54a4443284d..c4f50f349e14a47bcd28a449894a94083d879f27 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,44 @@ this](https://guidebook.devops.uis.cam.ac.uk/en/latest/notes/google-domain-verif
can be found in the DevOps division guidebook.
## Monitoring and Alerting
+
If the variable [alerting_email_address](variables.tf) is set, the module adds
basic uptime alerting via email for failing http polling. See [variables.tf](variables.tf)
for how to configure alerting and monitoring.
-Note that monitoring and alerting must be in a Stackdriver monitoring workspace
-and this must be configured manually, at the time of writing this.
+Note that the project containing resources to be monitored must be in a
+Stackdriver monitoring workspace and this must be configured manually. At the
+time of writing there is no terraform support for this. This module will error
+when applying if this is not so.
+
+Stackdriver distinguishes between workspaces and projects within those
+workspaces. Each workspace must have a host project and that project *must* be
+the default project of the `google.stackdriver` provider used by this module.
+The `google.stackdriver` must be configured with credentials allowing monitoring
+resources to be created in the *host* project.
+
+If the workspace host project differs from the project which contains the
+resources to be monitored, you can use a provider alias:
+
+```tf
+provider "google" {
+ project = "my-project"
+
+ # ... some credentials for the *project* admin ...
+}
+
+provider "google" {
+ project = "stackdriver-host-project"
+ alias = "host"
+
+ # ... some credentials for the *product* admin ...
+}
+
+module "cloud_run_service" {
+ # ... other parameters ...
+
+ providers = {
+ google.stackdriver = google.host
+ }
+}
+```
diff --git a/main.tf b/main.tf
index 027579f810786ef9a9f5c36fd0a17bc779c72fcd..060886d82850c99a1841407255f25be1379efd5a 100644
--- a/main.tf
+++ b/main.tf
@@ -150,4 +150,8 @@ module "uptime_monitoring" {
monitored_domain = var.dns_name
polling_path = var.monitoring_path
enabled = var.alerting_enabled
+
+ providers = {
+ google = google.stackdriver
+ }
}
diff --git a/modules/monitoring/README.md b/modules/monitoring/README.md
index 2c9dcd400e5e9996b8550f8ae8582b1f5c4d62be..82f6dba185952c0980c74cd2b43cadd3e08e1e64 100644
--- a/modules/monitoring/README.md
+++ b/modules/monitoring/README.md
@@ -1,8 +1,38 @@
# Basic email uptime alerting
This provides basic uptime alerting via email for failing http polling. See
-[variables.tf](variables.tf) for how to configure this module.
+[variables.tf](variables.tf) for how to configure this module.
-Note that the project must be in a Stackdriver monitoring workspace and this
-must be configured manually. At the time of writing there is no terraform
-support for this. This module will error when applying if this is not so.
+Note that the project containing resources to be monitored must be in a
+Stackdriver monitoring workspace and this must be configured manually. At the
+time of writing there is no terraform support for this. This module will error
+when applying if this is not so.
+
+Stackdriver distinguishes between workspaces and projects within those
+workspaces. Each workspace must have a host project and that project *must* be
+the default project of the `google` provider used by this module. The project
+which contains the resources being monitored should be specified via the
+`project` variable.
+
+If the workspace host project differs from the project which contains the
+resources to be monitored, you can use a provider alias:
+
+```tf
+provider "google" {
+ project = "my-project"
+}
+
+provider "google" {
+ project = "stackdriver-host-project"
+ alias = "stackdriver"
+}
+
+module "uptime_monitoring" {
+ project = "my-project"
+ # ... other parameters ...
+
+ providers = {
+ google = google.stackdriver
+ }
+}
+```
diff --git a/modules/monitoring/main.tf b/modules/monitoring/main.tf
index db3aa1c55aa06f0886173e3d86b174983be70580..61c90aacc69e95a2dca877449bb01eb64e4a1b83 100644
--- a/modules/monitoring/main.tf
+++ b/modules/monitoring/main.tf
@@ -8,12 +8,6 @@ locals {
count = var.email_address == "" ? 0 : 1
}
-resource "google_project_service" "project" {
- count = local.count
- project = var.project
- service = "monitoring.googleapis.com"
-}
-
resource "google_monitoring_uptime_check_config" "https" {
count = local.count
display_name = "https-uptime-check"
@@ -21,8 +15,6 @@ resource "google_monitoring_uptime_check_config" "https" {
timeout = var.uptime_timeout
period = var.uptime_period
- project = var.project
-
http_check {
path = var.polling_path
port = "443"
@@ -46,7 +38,6 @@ resource "google_monitoring_uptime_check_config" "https" {
resource "google_monitoring_notification_channel" "notification_email" {
count = local.count
- project = var.project
display_name = "Notifications Email"
type = "email"
labels = {
@@ -57,7 +48,6 @@ resource "google_monitoring_notification_channel" "notification_email" {
resource "google_monitoring_alert_policy" "uptime_alert" {
enabled = var.enabled
count = local.count
- project = var.project
display_name = "HTTP uptime alert"
notification_channels = [google_monitoring_notification_channel.notification_email[count.index].id]
diff --git a/modules/monitoring/variables.tf b/modules/monitoring/variables.tf
index 1f54f74852fc17768ae18e026fdb88636889882f..0e42df736648d89fae7a714e5227da3f540c309b 100644
--- a/modules/monitoring/variables.tf
+++ b/modules/monitoring/variables.tf
@@ -17,7 +17,7 @@ variable "polling_path" {
variable "project" {
type = string
- description = "project for all resources"
+ description = "Project being *monitored*. Resources are created in provider default project."
}
variable "uptime_timeout" {
diff --git a/providers.tf b/providers.tf
new file mode 100644
index 0000000000000000000000000000000000000000..49650b62c9d0b6bb14c0bc5ccd31a5c79272dcf1
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,3 @@
+provider "google" {
+ alias = "stackdriver"
+}