Table Of ContentThe Ultimate Guide
to Building a Google
Cloud Foundation
A one-on-one tutorial with one of Google’s
top trainers
Patrick Haggerty
BIRMINGHAM—MUMBAI
The Ultimate Guide to Building a Google
Cloud Foundation
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, without the prior written permission of the publisher, except in the case of brief
quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information
presented. However, the information contained in this book is sold without warranty, either express
or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable
for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products
mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the
accuracy of this information.
Group Product Manager: Rahul Nair
Publishing Product Manager: Niranjan Naikwadi
Senior Editor: Shazeen Iqbal
Content Development Editor: Romy Dias
Technical Editor: Rajat Sharma
Copy Editor: Safis Editing
Project Coordinator: Ashwin Dinesh Kharwa
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Production Designer: Prashant Ghare
Marketing Coordinator: Nimisha Dua
First published: July 2022
Production reference: 1220722
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80324-085-5
www.packt.com
To my beautiful and loving wife Donna, who said, “Of course you should
try and write a book,” and then supported me through the months of nights
and weekends it took to make that happen. Couldn’t have done it without
you, baby love.
Contributors
About the author
Patrick Haggerty was never quite sure what he wanted to be when he grew up, so he
decided he’d just try things until he figured it out. Thrown out of college at 20, he spent
4 years in the USMC learning responsibility (and to be a better apex predator). Out on
a disability, he turned wrenches in a mechanic shop, worked tech support, studied
Actuarial Science, and coded in more languages than he wants to remember. When
a job asked him to run some internal training, he discovered a lifelong passion: helping
people learn.
Patrick has worked as a professional trainer for 25+ years and spends most of his days
working for ROI Training and Google, helping people learn to leverage Google Cloud.
I’d like to thank Dave Carey, CEO of ROI Training (the #1 technical
training org around), for being the best boss ever, and for keeping me
solvent. I’d like to thank Packt for reaching out and encouraging me to write
this book, and then for all the great people they brought in to help. Finally,
I’d like to thank my fellow trainers and the people at Google who helped me
answer all sorts of odd questions.
About the reviewer
Hector Parra worked in corporate IT for more than 15 years, specializing in Failure
Monitoring and Automatic Recovery. Four years ago, he joined Google as a Customer
Solutions Engineer, helping the biggest customers in Spain and EMEA to make the
most out of Google Cloud for their marketing needs, whilst completing an executive
MBA degree at Quantic. Hector is a certified Google Cloud Digital Leader and co-leads
Google’s Mind the Gap program in Spain, which was created to encourage more young
women to pursue science and engineering careers. In his spare time, Hector is a big fan
of retro gaming, TV shows, and electronic music. He loves traveling with his wife, Eva,
and spending quality time with his big family, especially his two beloved nephews and
five grandchildren.
I would like to thank my family for their patience with the time and effort
required to review this book. My knowledge about the cloud wouldn’t be the
same without the amazing contribution of my colleagues at Google, both
in the cloud and marketing areas, from whom I’ve learned so much. Thank
you for these amazing last four years!
Table of Contents
Preface
1
Getting to Know Google's Cloud
How Google Cloud is a lot like Organizing Google Cloud
a power company 3 logically and physically 15
The four main ways of Google's core services 18
interacting with Google Cloud 5
Compute 20
Google Cloud Console 6 Data storage 29
The Google Cloud SDK and Cloud Shell 10 Firestore (Datastore) 36
The Google Cloud APIs 13 Bigtable 38
The Google Cloud mobile client 14 Memorystore 39
Summary 40
2
IAM, Users, Groups, and Admin Access
Step 1 – configuring identity Integrating Cloud Identity with
management 43 Microsoft AD 54
Creating an initial set of security groups 62
Cloud Identity setup 46
Step 3 – enabling administrator
Step 2 – adding an initial set of
access 64
users and security groups 48
Verifying initial Google Cloud
Cloud Identity managing users and
organization creation 66
acting as IdP 49
Configuring organization administrator
Cloud Identity managing IdP and an
group access 67
HR system managing users 50
Cloud Identity delegates all IdP and
Summary 71
user management to an external
(non-AD) provider 52
viii Table of Contents
3
Setting Up Billing and Cost Controls
Understanding billing Next comes Cloud Billing 79
terminology 74 Google Cloud Billing best practices 87
Step 4 – setting up billing
Summary 103
and cost controls 75
It starts with how you pay 75
4
Terraforming a Resource Hierarchy
Automating infrastructure Step 5 – creating a resource
with Terraform 106 hierarchy to control logical
organization 126
Infrastructure as Code to the rescue! 108
Terraform – the least you need Naming resources 126
to know 110 Designing the resource hierarchy 128
Implementing a resource hierarchy 134
Summary 143
5
Controlling Access with IAM Roles
Understanding IAM in Google Cloud starter security
Google Cloud 146 group ideas 157
Terraforming the permissions 158
Who? 147
Fine-tuning IAM permissions with
Can do what? 149
conditions 162
Step 6 – Adding IAM trust Deny policies 167
boundaries to the resource Limiting the use of privileged
hierarchy 152 identities 168
Reading a security role 154 Troubleshooting access 169
Use groups where you can 155
Summary 175
Table of Contents ix
6
Laying the Network
Networking in Google Cloud 178 Step 7 – building and
configuring our foundational
Understanding Virtual Private
Cloud networks 179 VPC network 195
Communicating between networked Updating your naming document 197
resources 183 Planning the Shared VPCs 198
Connecting VPC networks 184 Terraforming your Google
Leveraging Shared VPCs 187 Cloud network 206
Hybrid cloud options 190
Summary 207
Google Cloud network security 192
7
Foundational Monitoring and Logging
Getting to know the six core Step 8 – setting up foundational
instrumentation products in Cloud Logging and Cloud
Google Cloud 210 Monitoring 229
Instrumentation product overview 211 Logging foundation 229
Working with Cloud Logging 214 Foundational monitoring 232
Monitoring your resources 221
Food for thought 233
Summary 234
8
Augmenting Security and Registering for Support
Step 9 – augmenting Limiting access with the Organization
foundational security 236 Policy Service 245
General security elements 248
Data encryption 236
Improving security posture with
Step 10 – Setting up initial
the SCC 241
Google Cloud support 249
Final thoughts 251
Index
Other Books You May Enjoy
