You can create accounts for each user to be managed by Cloud Identity manually in the Users tab in the Directory section of the Google Admin console by selecting Add new user as shown in Figure 12.7. Alternatively, you can upload user accounts via a CSV file, sync users with your existing LDAP directory, such…

In the previous chapters, topics such as roles, users, and service accounts often appeared in the context of what permissions are needed to access or configure a specific Google Cloud service. This chapter will provide more visibility on identity and access in Google Cloud. In addition, we will focus on the security aspter and learn…

When working with Google Cloud’s operations suite products described in this section (Debugger, Profiler, and Trace, but also Logging and Monitoring, which were presented earlier in this chapter), it is essential to know what the permissions model looks like. For example, what role can be assigned to a user that wants only to view dashboards?…

It is possible to diagnose an issue caused by a code in your application using Cloud Monitoring alone. Still, you will have to somehow go from metrics to the request and logs that generated that metric’s data point. Also, examining logs from a web service in Logs Explorer to track the most common errors would…

We configured a sink to route logs to a new log bucket in the previous section. Log buckets are the default choice for storing logs. It is also possible to route all or a subset of logs to alternative locations for longer retention (Google Cloud Storage), in-depth analysis (BigQuery), or third-party applications (in the cloud…

Imagine a situation where you have a policy in your company that requires you to keep all logs coming from your workloads in a specific geographic region. Because the _Default log bucket is global (logs generated in a particular region are stored in this region), you must change this default behavior. To modify the destination…