# GCP

The **GCP Infrastructure Monitors** section helps you monitor critical metrics and configurations across your GCP workloads to ensure high availability, system integrity, and compliance with regulatory standards.

Sprinto integrates with **Google Cloud Monitoring (Stackdriver)** to automatically detect key infrastructure metrics and misconfigurations. This allows your team to receive alerts and resolve issues before they escalate into compliance failures.

***

#### What does Sprinto monitor?

<table><thead><tr><th width="166.55859375">Service</th><th>Monitored Metric / Check</th></tr></thead><tbody><tr><td>Cloud SQL</td><td>CPU utilisation, memory usage, available storage, public access configuration</td></tr><tr><td>Compute Engine</td><td>CPU utilisation, protection from direct internet traffic</td></tr><tr><td>Firestore</td><td>Read and write frequency monitoring</td></tr></tbody></table>

***

#### Monitors and How to Resolve Them

**1. Monitor GCP Cloud SQL CPU and Memory Usage**

* Go to **GCP Console > Monitoring > Metrics Explorer**
* Select resource type: `Cloud SQL Database`
* Choose metrics:
  * `database/cpu/utilization`
  * `database/memory/utilization`
* Set alerting policies based on thresholds
* Upload metric graphs and alert rules as evidence

**2. Monitor Freeable Storage on Cloud SQL**

* Same steps as above
* Metric: `database/disk/bytes_used`
* Compare against provisioned size
* Add storage or set up alerts as needed

**3. Protect Cloud SQL from Direct Internet Access**

* Navigate to **Cloud SQL > Connections**
* Disable “Public IP”
* Ensure Private IP is used via VPC
* Upload screenshot of updated configuration

**4. Monitor GCP Compute Instance CPU Utilisation**

* Go to **Monitoring > Metrics Explorer**
* Select resource type: `gce_instance`
* Metric: `compute.googleapis.com/instance/cpu/utilization`
* Upload metric screenshot and alert configuration

**5. Protect Compute Instances from Public Access**

* Open **VPC Network > Firewall Rules**
* Identify any rules that allow `0.0.0.0/0` for SSH (port 22) or RDP (port 3389)
* Restrict access to approved IPs
* Upload updated rule configuration

**6. Monitor Firestore Read Frequency**

* Go to **Monitoring > Metrics Explorer**
* Resource: `cloud_firestore_database`
* Metric: `document/read_count`
* Set thresholds based on expected usage pattern
* Upload charts as evidence

**7. Monitor Firestore Write Frequency**

* Same as above
* Metric: `document/write_count`

***

#### Accepted Evidence

<table><thead><tr><th width="249.59375">Type</th><th>Description</th></tr></thead><tbody><tr><td>Metric Screenshot</td><td>Graph showing monitored value over time (e.g. CPU, memory, read/write)</td></tr><tr><td>Alert Policy Config</td><td>JSON or screenshot showing alert thresholds and triggers</td></tr><tr><td>Firewall / Network Screenshot</td><td>Proof of no public access configuration</td></tr></tbody></table>

***

#### Compliance Mapping

<table><thead><tr><th width="230.69921875">Control Category</th><th width="344.5546875">Frameworks Supported</th></tr></thead><tbody><tr><td>Infrastructure Monitoring</td><td>ISO 27001 A.12.4.1, SOC 2 CC7.2</td></tr><tr><td>Network Security</td><td>ISO 27001 A.13.1.1, SOC 2 CC6.6</td></tr><tr><td>Availability Management</td><td>HIPAA §164.308(a)(7), PCI DSS 11.5</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/monitors/cloud-and-infrastructure-monitoring/gcp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.