DEV Community

Cover image for GCP Essentials :: Resource Hierarchy
Gurkirat Singh
Gurkirat Singh

Posted on

GCP Essentials :: Resource Hierarchy

Hello guys, in this post you will learn about how google manages your resources and their access to users.

So, Projects are the main way you organize the resources that you use in GCP. Use them to group together related resources, usually because they have a common business objective.

There are four ways to interact with GCP's management layer: through the web-based console, through the SDK and its command-line tools, through the APIs, and through a mobile app. In this, I will be using mostly web-based console for the demonstration, but developers like cli, so I will also tell you how you can do same thing via cli toolkit.

Downloading the CLI

If you want to work with web-console, you can skip this part and move onto the next.

If you are docker user, you are lucky. Simply pull this docker image: https://hub.docker.com/r/google/cloud-sdk/, and spin up a container.

Alternatively, you can install the cli tool by following these steps: https://cloud.google.com/sdk/docs/downloads-interactive

To check whether it's installed or not, run the following command

gcloud version 
Enter fullscreen mode Exit fullscreen mode
# output
Google Cloud SDK 319.0.0
alpha 2020.11.13
beta 2020.11.13
bq 2.0.62
core 2020.11.13
gsutil 4.55
kubectl 1.16.13
Enter fullscreen mode Exit fullscreen mode

Once it's installed you can the use init command to authenticate your cli using google account

gcloud init --skip-diagnostics
Enter fullscreen mode Exit fullscreen mode

Hierarchy of Resources in GCP

Projects may be organized into folders. Folders can contain other folders. All the folders and projects used by your organization can be brought together under an organization node.

Projects, folders, organization nodes and some resources (like google cloud storage) are all places where the policies can be defined.

Projects can have different owners and users. Each GCP project has a name and a project ID (auto-generated, if not assigned) which is unique across the GCP.

To list all your projects, you can goto IAM & AdminManage Resources
image

or alternatively run the command

gcloud projects list 
Enter fullscreen mode Exit fullscreen mode

To create a project you can click on Create Project
image

or run the following command

gcloud projects create [unique-project-id] --name=ProjectName
Enter fullscreen mode Exit fullscreen mode

Learn more about projects from here: https://cloud.google.com/resource-manager/docs/creating-managing-projects, faor gcloud projects -h

If you have same projects in multiple folders and they are meant to be inherit same permissions, setting policies in folder will be a better approach.
image

The root of all this hierarchy is an organisation. It has a special policy that allow you to add the administrators who can change the policy, without sharing your root password.

Note If you are a gsuite user, your organisation will be created automatically and all the projects / folders you create will come under that. Otherwise you can sign up for a free trial of workspace

Read more about organisations from here: https://cloud.google.com/resource-manager/docs/creating-managing-organization

Note Resources inherit the policies of their parent resource. For instance, if you set a policy at the organization level, it is automatically inherited by all its children projects. And this inheritance is transitive, which means that all the resources in those projects inherit the policy too.

Resources

If you have any questions regarding this series, you can either comment down your problems (recommended) or you can reach me out personally at following platforms

Top comments (0)