Getting started with GCP
In this section, we are going to describe how resources are organized inside GCP and how to interact with them. This is important, especially when the projects and their resources belong to large enterprises. Moreover, this section describes what tools users can use to interact with GCP.
GCP resource hierarchy
The cloud resource hierarchy has two main functions inside GCP:
- To manage a GCP project life cycle hierarchically inside one organization.
- Organization and Identity and Access Management (IAM) policies can be applied for project and resource access control.
The best way to understand the GCP resource hierarchy is to look at it from the bottom up. Resources are grouped into projects, which may belong to a single folder or organization node. Thus, the resource hierarchy consists of four elements, as shown in the following diagram:
Figure 1.13 – Resource hierarchy in GCP
Let's understand what each of the four elements is, as follows:
- Organization node: This is the root node for your organization and it centralizes the project's management in a single structure. The organization node is associated with a Google workspace or cloud identity account, which is mandatory.
- Folders: This is an additional grouping method that wraps projects and other folders hierarchically to improve separation and policy administration. You can apply an access control policy to the folder or even delegate rights to all the sub-folders and projects that are included.
- Projects: This is the fundamental grouping method for containing GCP resources and enabling billing. They are isolated from each other.
- Resources: These are GCP services that users can deploy.
With the resource hierarchy, it is easy to apply access control at various levels of your organization. Google uses IAM to assign granular access to a specific Google resource. IAM administrators can control who can do what on which resources. IAM policies can be applied at the organization level, folder level, or project level. Note that with multiple IAM policies applied at various levels, the most effective policy for a resource will be the union between the policy set on the resource itself and the ones inherited from the ancestors.
Interacting with GCP
There are five ways of interacting with GCP:
- Cloud Platform Console: This is a web user interface that allows you to use all GCP resources and services graphically.
- Cloud Shell and Cloud SDK: This is a command-line interface that allows you to use all GCP resources.
- RESTful API: This is an API that can be accessed via RESTful calls and allows you to access and use GCP resources and services.
- API client libraries: These are open libraries that are available in various programming languages and allow you to access GCP resources.
- Infrastructure as Code (IaC): Open source IaC tools such as Terraform or Google Deployment Manager can be used to deploy and manage IaaS and PaaS resources on GCP (https://cloud.google.com/docs/terraform).
The first two operating modes are more appropriate for cloud architects and administrators who prefer to have direct interaction with GCP. The other two are chosen by programmers and developers who build applications that use GCP services. In this book, we will focus more on the Console and Cloud Shell to explain GCP features.
The following screenshot shows the main components of the Console:
Figure 1.14 – Main components of the GCP Console
Let's explore what's labeled in the preceding screenshot:
- The navigation menu lets you access all the GCP services and resources (1).
- The combo menu lets you select the project you want to work with (2).
- The search bar lets you search for resources and more within the project (3).
- The Cloud Shell button lets you start the Cloud Shell (4).
- The Project Info card lets you control the project settings (5).
- The Resources card lets you monitor the active resources (6).
- The Billing card lets you monitor the cost and its estimation (7).
Cloud Shell is the preferred interaction method for administrators who want to use the command-line interface. Cloud Shell also has a graphical editor that you can use to develop and debug code. The following screenshot shows Cloud Shell:
Figure 1.15 – Cloud Shell
Cloud Shell Editor is shown in the following screenshot:
Figure 1.16 – Cloud Shell Editor
Cloud Shell comes with the Cloud SDK preinstalled, which allows administrators to interact with all GCP resources. gcloud, gsutil, and bq are the most important SDK tools that you will use to, for instance, manage Compute Engine instances, Cloud Storage, and BigQuery, respectively.
In this section, you learned about the logical architecture of GCP. In the next section, you will understand how virtual machines work in Google Cloud.
