Google Cloud Platform (GCP) Knowledge

Contents

• Overview
• Core Idea
• Key Concepts
  • Role-Based Access Control (RBAC)
  • Identity and Access Management (IAM)
• Resources
  • forwarding-rules
  • target-pools
  • addresses

Overview

Google Cloud Platform (GCP) is Google’s cloud computing platform, making available compute, storage, and networking resources along with a host of managed offerings built on top of them.

The individual datacenters powering GCP are abstracted underneath the concept of geographical “Regions” and, within Regions, “Zones”. Applications may be deployed to multiple regions and zones to mitigate failure risks.

The two main interfaces to GCP are through:

• Google’s web-based Cloud Console
• Google’s Cloud SDK

Client applications are organized into “Projects” that may employ multiple GCP products to attain functionality. Each project may define a set of users that in turn are assigned to roles in accordance with a role-based access control policy.

Core Idea

Bundle Google’s compute, storage, and network infrastructure into products available for rent and use by external customers. Secure organizations and projects through role-based access control.

Key Concepts

Role-Based Access Control (RBAC)

An overview is available in the RBAC knowledge document.

GCP uses RBAC to define what functionality is available to users of an organization and within a project. This functionality is grouped into “roles”. “Service Accounts”, or user accounts that are used by automated infrastructure and not backed by a real person, are employed extensively.

Identity and Access Management (IAM)

The suite of tools and policies GCP makes available to authorize who can take action on specific cloud resources. Control and auditing are built-in.

Resources

forwarding-rules

Means of directing traffic matching an IP address to some other target, like a load balancer. Can be externally accessible or internal-only. Allows you to maintain an IP address as underlying resources change.

target-pools

A group of instances that receive traffic from forwarding rules.

If a forwarding-rule is used to point to a target-pool, the instance chosen is based on the hash of the source and destination. More info available here.

addresses

IP addresses that may be ephemeral or reserved. Service characteristics change based on network tier (PREMIUM or STANDARD) and whether designated as regional or global.