This guide walks you through setting up Code Cube's Cloud Run monitoring for your Google Tag Manager server-side containers running on Google Cloud Platform.
What will you do?
- Configure GCP project details in the Code Cube portal
- Create and upload a service account key with required permissions
- Add Cloud Run service details for monitoring
- Set up notification channels for alerts
- Verify monitoring is active
⏰ Estimated time: 15–20 minutes
🔧 Requirements: Access to your GCP project, Code Cube portal, and Cloud Run services
Implementation
- Step 1 – Portal configuration
- Step 2 – Create GCP service account
- Step 3 – Configure Cloud Run details
- Step 4 – Deploy and verify monitoring
- Step 5 – Set up notifications
Step 1 – Portal configuration
Before setting up monitoring, configure your Google Cloud Platform project details in the Code Cube portal.
1.1 Enable Cloud Run monitoring
- Go to the Tag Monitor configuration page
- Click the "Cloud Run monitoring" tab
- Enable the toggle for "Cloud Run montioring"
1.2 Enter project details
- Add your GCP Project Number (see how to find it)
Important: Monitoring will only be available for the specified GCP project. Make sure you're using the correct project number of the project where your Cloud Run services for GTM server-side are deployed.
Step 2 – Create GCP service account
Set up the required service account with appropriate permissions for monitoring configuration.
2.1 Create service account
- Go to
IAM & Admin>Service Accountsin the Google Cloud Console - Click "Create Service Account"
- Enter a descriptive name (e.g., "code-cube-monitoring")
- Save the service account email address
2.2 Assign required roles
- Go to
IAM & Admin>IAM - Click "Grant Access"
- Paste the service account email
- Assign these roles from the table below.
Role | Purpose |
Pub/Sub Admin | Manages alert message processing |
Monitoring Notification Channel Admin | Creates notification channels |
Monitoring Alert Policy Admin | Configures alert policies |
Monitoring Uptime Check Admin | Sets up uptime monitoring |
Logging Admin | Manages log-based alerts |
Config Writer | Writes monitoring configurations |
Service Account Admin | Manages monitoring service account |
2.3 Generate service account key
- In the
Service Accountspage, click the three dots > "Manage keys" - Click "Add Key" > "Create new key"
- Choose JSON format and click "Create"
- The key will download automatically—store it securely
2.4 Upload service account key
- Return to the Code Cube configuration page
- Upload the downloaded JSON key file
- The system will validate permissions automatically
Important: Service account keys are used once during setup and never stored in Code Cube systems.
Step 3 – Configure Cloud Run details
Add your Cloud Run service information for monitoring setup.
3.1 Locate Cloud Run details
- Go to the Google Cloud Console
- Navigate to Cloud Run under "Serverless"
- Note the service name and region for each GTM server you want to monitor
3.2 Add Cloud Run services
- In the Code Cube portal, add each Cloud Run service:
- Service Name: Copy from Cloud Run console
- Region: Copy from Cloud Run console
- You can add multiple services for comprehensive monitoring
3.3 Start configuration
- Click "Start Configuration"
- The system will automatically create monitoring resources in your GCP project
Step 4 – Deploy and verify monitoring
Once configuration is complete, verify that monitoring is active and working correctly.
4.1 Confirm setup completion
- Wait for the "Setup Successful" confirmation message
- Review the list of created monitoring resources
4.2 Verify monitoring resources
The following resources are automatically created in your GCP project:
- Alert Policies: CPU usage, memory usage, uptime checks, SSL certificate expiration
- Notification Channel: Connects alerts to Pub/Sub processing
- Pub/Sub Topic & Subscription: Handles alert message routing
- Cloud Function: Processes and forwards alert notifications
- Monitoring Service Account: Named
cloud-run-monitoring@{project_id}.iam.gserviceaccount.com
4.3 Test monitoring
- Check the Code Cube portal dashboard for incoming monitoring data
- Verify that your Cloud Run services appear in the monitoring overview
How to find your GCP project number
- Log in to the Google Cloud Console
- Click the project dropdown at the top of the page
- In the Project Info panel, copy the Project number
The project number is different from the project ID—make sure you're using the numeric project number.
Security & Privacy
Code Cube follows strict security protocols for Cloud Run monitoring:
- One-time use: Service account keys are used once during setup and immediately discarded
- Secure processing: All uploads are processed via HTTPS with backend validation
- No credential storage: Service account credentials are never stored or cached
- Minimum permissions: Only essential GCP resources and permissions are configured
- Dedicated service account: A separate monitoring service account is created with limited scope
For more information about our security practices, visit the Code Cube Security Documentation.
Resources Created in Your GCP Project
- Notification Channel
- Pub/Sub Topic & Subscription
- Alert Policies
- CPU usage
- Memory usage
- Uptime checks
- SSL certificate expiration
- Monitoring Service Account
Connects alert policies to a Pub/Sub topic.
Handles alert messages and forwards them to a Cloud Function for processing.
Named cloud-run-monitoring@{project_id}.iam.gserviceaccount.com
with roles such as Pub/Sub Publisher, Monitoring Admin, and more.