‎ stablish resource hierarchy

E
‎> Organization level
‎> Folder level
‎> Project level

I‎dentify identity and access roles

‎> Who --- Data analyst
‎> Can do what --- view data and run queries
‎> on which resource --- BigQuery datasets

‎ perations Suite
O
‎IAM ‎> Cloud monitoring and metrics
‎Overview
‎> Scoping project - monitor metrics for multiple projects
‎ ervice Accounts
S ‎> Monitored projects
‎> Create Acc
‎Managing Access I‎nteracting with GCP
‎> Assign perms
‎> Attach to VM ‎> Console - web user interface
‎> SDK and Cloud Shell - CLI
‎Audit logs ‎> Mobile app - for iOS and Android
‎> REST-based API - for custom apps
‎ nsure ongoing access and security for cloud
e
‎solutions
‎Configuring Access & Security ‎ utcomes of this phase of the migration journey
O
‎> Establishing resource hierarchy
‎> Implementing org policies
‎Data Access logs are disabled by default except for BigQuery ‎> Aanaging projects and quotas
‎Environment Setup ‎> Aanaging users and groups
‎ ervice Accounts = uses account identity and access key, it
S ‎> Applying access management
‎Diagnostic Qs
‎is used by apps to connect to services ‎> Setup billing and monitoring

‎ ervice Account keys used for accessing private data such

S
‎ est practice to manage role assignment by groups, not by
B
‎as Pub/Sub info from external environment, e.g. mobile app
‎individual users

‎ Compute Engine resources

> ‎ illing acc can handle billing for more than 1 project
B
‎> GKE resources ‎A project and its resources can only be tied to 1 billing acc
‎> Cloud Run resources ‎ nderstand how to manage the resources
U
‎> storage and db solutions ‎used in an orgs cloud solutions ‎ an set up to 5 Cloud Monitoring channels to define email
C
‎> network resources ‎recipients that will receive budget alerts
‎> monitoring and logging
‎Diagnostic Qs ‎GCP resource hierarchy = ORG > Folder > Proj > Res

‎ torage:
S ‎ se gsutil to interact with Cloud Storage via SDK in Cloud
U
‎> MatchesStorageClass = required to look for objects with a ‎ nsuring Successful Ops of a
E ‎Shell
‎standard storage type
‎> CreatedBefore = specify date ‎Cloud Solution
‎ asic roles are broad and don't use least priv, grant only the
B
‎roles that someone needs through predefined and custom
‎ loudRun: Max instances controls costs, limits number of
C ‎roles
‎connections to a backing services ‎ CP ACE:
G
‎Prep for ACE Journey ‎ ditor = lowest level basic role that gives permissions to
E
‎ anaged Instance Group config:
M
‎> Health Checks ‎Diagnostic Qs ‎Q2 2023 Ivan Vlad S. ‎change resource state

‎> number of instances

‎ Planning and estimating pricing using Public Calculator
>
‎Understand basic GKE commands and objects ‎> Planning and config for compute resources
‎> Planning and config for data storage options
‎Understand basic gsutil commands and options ‎> Planning and config for network resources
‎ electing
S
‎Resources
‎Understand basic gcloud commands for cloudshell and SDK ‎ ather/obtain customer app requirements and map to
G
‎appropriate GCP service(s)
‎> technical reqs: compute, data, network
‎ nderstand availability, concurrency,
U ‎> functional reqs: need/ask/purpose of app
‎connectivity, and access options for services/
‎solutions being deployed
‎ ata storage pricing is based on amount of data and storage
D
‎ eploy and implement:
D ‎type; (min duration)
‎> Compute Engine resources ‎> Standard - none
‎> GKE resources ‎> Nearline - 30 days
‎> Coldline - 90 days
‎> Cloud Run and Cloud Functions resources ‎ lanning and Configuring
P
‎> data solutions ‎> Archive - 365 days
‎> networking resources
‎a cloud solution
‎> using Cloud Marketplace ‎ igQuery = GCP data warehouse. Analyzes historical data
B
‎> implementing resources using IaC ‎using SQL query engine
‎ eploying & Implementing
D
‎a cloud solution ‎ loud Run provides serverless container mgmt; lets you
C
‎ igQuery transfer service is simplest process to set up
B ‎focus on code and you can deploy your solution quickly
‎transfers between Cloud Storage and BigQuery. Only one
‎command and it's free ‎ 8s Engine gives full control of container orchestration and
K
‎availability
‎ PC - custom mode network = control over regions you
V
‎place subnets in and lets you specify IP ranges ‎ TTP/S = L7 load balancer
H
‎Diagnostic Qs
‎SSL = L4 load balancer
‎Terraform Apply = sets up resources specified in config file
‎Compute Engine gives full control over OS choice and config
I‎nstance OS - Proactive mode = institutes rolling update
‎Diagnostic Qs
‎where surge is auto set to 1, minimizes resources ‎ ompute Engine = great option for quick migration of
C
‎traditional apps. Can implement a solution in the cloud
‎ loud Run = serverless, exposes services as an endpoint,
C ‎without changing your existing code
‎abstracts all infra
‎ o populate visual dashboards with historical time-based
T
‎ loud SQL: -availability-type : option allows you to specify
C ‎data, need to use BigQuery (SQL) or Cloud Bigtable (NoSQL)
‎zonal or regional availability; regional provides auto failover
‎to a standby node in another region ‎ loud Functions = submit and execute small snippets of
C
‎code the fire based on system events (like AWS Lambda)
‎ loud Spanner = GCP globally available, horizontally
C
‎scalable RDB