Now that we have learned how to create accounts, build a resource hierarchy, and set up roles, we will look into IAM policies that connect all of those items to allow users to access resources in a fine-grained way within a hierarchy. In IAM, Cloud Identity users, Cloud Identity groups, service accounts, and, for some…
Author: examcert
IAM roles – Google Cloud Engineer Exam Guide
In Google Cloud, permissions are not assigned to users and groups directly. Instead, users have roles assigned to them. Roles are a collection of permissions. Permissions usually match API methods that describe which operations are allowed on a resource and have the following form: <service>.<resource>.<action>. Figure 12.12 – Example of a role, which is a…
Building a resource hierarchy
In the Google Cloud resource hierarchy, an organization is provisioned automatically and it is the top-level node above all other folders, projects, and resources. Any policies or restrictions set at the organization level will apply to the folders, projects, and resources that fall under it. The hierarchy helps to manage access to resources, so there…
Users and groups – Google Cloud Engineer Exam Guide
You can create accounts for each user to be managed by Cloud Identity manually in the Users tab in the Directory section of the Google Admin console by selecting Add new user as shown in Figure 12.7. Alternatively, you can upload user accounts via a CSV file, sync users with your existing LDAP directory, such…
Implementing Identity and Security in Google Cloud
In the previous chapters, topics such as roles, users, and service accounts often appeared in the context of what permissions are needed to access or configure a specific Google Cloud service. This chapter will provide more visibility on identity and access in Google Cloud. In addition, we will focus on the security aspter and learn…
Predefined roles for Google Cloud’s operations suite services
When working with Google Cloud’s operations suite products described in this section (Debugger, Profiler, and Trace, but also Logging and Monitoring, which were presented earlier in this chapter), it is essential to know what the permissions model looks like. For example, what role can be assigned to a user that wants only to view dashboards?…
Using cloud diagnostics to research an application issue
It is possible to diagnose an issue caused by a code in your application using Cloud Monitoring alone. Still, you will have to somehow go from metrics to the request and logs that generated that metric’s data point. Also, examining logs from a web service in Logs Explorer to track the most common errors would…
Configuring log sinks to export logs to external systems
We configured a sink to route logs to a new log bucket in the previous section. Log buckets are the default choice for storing logs. It is also possible to route all or a subset of logs to alternative locations for longer retention (Google Cloud Storage), in-depth analysis (BigQuery), or third-party applications (in the cloud…
Configuring log routers – Google Cloud Engineer Exam Guide
Imagine a situation where you have a policy in your company that requires you to keep all logs coming from your workloads in a specific geographic region. Because the _Default log bucket is global (logs generated in a particular region are stored in this region), you must change this default behavior. To modify the destination…
Fiber-Optic Cabling – 100-150 Exam Guide
Fiber-Optic Cabling (30.5)Networking media selection is being driven by the growing needs for network bandwidth. The distance and performance of fiber-optic cable make it a good media choice to support these network needs. This topic will examine the characteristics of fiber-optic cabling use in data networks.Properties of Fiber-Optic Cabling (30.5.1)As you have learned, fiber-optic cabling…