Hello guys, in this post you will learn about how google manages your resources and their access to users.
So, Projects are the main way you organize the resources that you use in GCP. Use them to group together related resources, usually because they have a common business objective.
There are four ways to interact with GCP's management layer: through the web-based console, through the SDK and its command-line tools, through the APIs, and through a mobile app. In this, I will be using mostly web-based console for the demonstration, but developers like cli, so I will also tell you how you can do same thing via cli toolkit.
Downloading the CLI
If you want to work with web-console, you can skip this part and move onto the next.
If you are docker user, you are lucky. Simply pull this docker image: https://hub.docker.com/r/google/cloud-sdk/, and spin up a container.
Alternatively, you can install the cli tool by following these steps: https://cloud.google.com/sdk/docs/downloads-interactive
To check whether it's installed or not, run the following command
gcloud version
# output
Google Cloud SDK 319.0.0
alpha 2020.11.13
beta 2020.11.13
bq 2.0.62
core 2020.11.13
gsutil 4.55
kubectl 1.16.13
Once it's installed you can the use init command to authenticate your cli using google account
gcloud init --skip-diagnostics
Hierarchy of Resources in GCP
Projects may be organized into folders. Folders can contain other folders. All the folders and projects used by your organization can be brought together under an organization node.
Projects, folders, organization nodes and some resources (like google cloud storage) are all places where the policies can be defined.
Projects can have different owners and users. Each GCP project has a name and a project ID (auto-generated, if not assigned) which is unique across the GCP.
To list all your projects, you can goto IAM & Admin ⇒ Manage Resources
or alternatively run the command
gcloud projects list
To create a project you can click on Create Project
or run the following command
gcloud projects create [unique-project-id] --name=ProjectName
Learn more about projects from here: https://cloud.google.com/resource-manager/docs/creating-managing-projects, faor gcloud projects -h
If you have same projects in multiple folders and they are meant to be inherit same permissions, setting policies in folder will be a better approach.
The root of all this hierarchy is an organisation. It has a special policy that allow you to add the administrators who can change the policy, without sharing your root password.
Note If you are a gsuite user, your organisation will be created automatically and all the projects / folders you create will come under that. Otherwise you can sign up for a free trial of workspace
Read more about organisations from here: https://cloud.google.com/resource-manager/docs/creating-managing-organization
Note Resources inherit the policies of their parent resource. For instance, if you set a policy at the organization level, it is automatically inherited by all its children projects. And this inheritance is transitive, which means that all the resources in those projects inherit the policy too.
Resources
- GCP Resource Hierarchy Explained By Google
- How to Sign-Up for Trial Workspace Account
- Creating and Managing Organisations for Non GSuite Accounts
- Creating and Managing Projects
If you have any questions regarding this series, you can either comment down your problems (recommended) or you can reach me out personally at following platforms
- Email: tbhaxor@gmail.com
- Twitter: @tbhaxor
- LinkedIn: @gurkirat--singh
- Instagram: @_tbhaxor_
Top comments (0)