Google Cloud Platform Certification, Associate Cloud engineer 공부 #day3

Coursera 강의 3주차 내용

 

https://www.coursera.org/learn/gcp-fundamentals/lecture/rOnTP/google-cloud-resource-hierarchy

Google Cloud resource hierarchy - Resources and Access in the Cloud | Coursera

 

학습 목표

---

• Identify the purpose of projects on Google Cloud.
• Define the purpose of and use cases for Identity and Access Management.
• List the methods of interacting with Google Cloud.

 

Google Cloud resource hierarchy

 

Folders let you assign policies to resources at a level of granularity you choose.

 

 

 

 

two rules of the Organization node

Non-Google Workspace customer use Cloud Identity to create an organization node

 

Identity and Access Management (IAM)

Administrators can apply policies that define who can do what on which resources.

access, make changes(to a resource), manage the associated roles, and permission & set up billing.

If several people are working together on a project that contains sensitive data, basic roles are probably too broad.

 

2) Predefined Role

3) Custom role

 

Service accounts

- Named with an email address

- Use cryptographic keys

 

service accounts do need to be managed

 

Cloud Identity

With this setup, there's no easy way to immediately remove a user's access to the team's cloud resources.

 

With Cloud Identity, organizations can define policies and manage their users and groups using the Google Admin Console.

 

 

Interacting with Google Cloud

Cloud Console

- Simple web-based graphical user interface

- Easily find resources, check their health, have full management control over them, and set budgets.

- Provides a search facility to quickly find resources and connect to instances via SSH in the browser.

 

Cloud SDK and Cloud Shell

1. Set of tools to manage resources and applications hosted on Google Cloud:

- gcloud tool, Provides the main command-line interface for Google Cloud products and services

- gsutil, Provides access to Cloud Storage from the command line

- bq, A command-line tool for BigQuery

2. Provides command-line access to cloud resources directly from a browser

3. Debian-based virtual machine with a persistent 5-GB home directory

4. The Cloud SDK gcloud command and other utilities are always installed, available, up to date, and fully authenticated

 

APIs(Application Programming Interfaces)

- Google Cloud services offer APIs that allow code to be written to control them

- The Google APIs Explorer shows what APIs are available, and in what versions

- Google provides Cloud Client and Google API Client libraries

- Languages currently represented: Java, Python, PHP, C#, Go, Node.js, Ruby and C++

 

Cloud Console Mobile APP

- Start, stop and use SSH to connect into Compute Engine instances, and see logs

- Stop and start Cloud SQL instances

- Administer applications deployed on App Engine

- Up-to-date billing information for projects and alerts for those going over budget

- Customizable graphs showing key metrics(such as CPU usage, network usage, requests per second, and server errors.)

- Alerts and incident management

more) cloud.google.com/console-app

 

Coursera: Getting Started with Google Cloud Platform and Qwiklabs

incognito) 익명의, 가명의

 

LAB : Getting Started with Cloud Marketplace

In this lab you use Cloud Marketplace to quickly and easily deploy a LAMP stack on a Compute Engine instance. The Bitnami LAMP Stack provides a complete web development environment for Linux that can be launched in one click.

recap)

 

a hierarchy of Google Cloud resources

1. When you want to create folders & When you want to centrally apply organization-wide policies, you would choose to have an organization node.

Not when you want to organize resources into projects. And organization nodes are not mandatory.

 

3. Consider a single hierarchy of Google Cloud resources. Which of these situations is possible?

ANSWERs)

- There is no organization node, and there are no folders.

- There is an organization node, and there are no folders.

- There is an organization node, and there is at least one folders.

Wrong situations)

- There is no organization node, but there is at least one folder.

- There are two or more organization nodes.

 

Identity and Access Management

5. What is the difference between Identity and Access Management (IAM) basic roles and IAM predefined roles?

- Basic roles affect all resources in a Google Cloud project. Predefined roles apply to a specific service in a project.

 

Interacting with Google Cloud

8. Which way of accessing Google Cloud lets you control services through the code you write?

- The Cloud Console

- The Cloud SDK and Cloud Shell

- APIs

- The Cloud Console mobile app

 

 

 

 

 

The answer is third one.