google cloud platfrom

93 topics across 7 chapters

Chapter 1

Fundamentals & resource model

GCP global infrastructure: regions, zones, edge

Resource hierarchy: organization, folders, projects, quotas

Billing basics: accounts, budgets, and cost attribution

Tooling: Console, Cloud Shell, and gcloud CLI

App identity on GCP: service accounts, ADC, and workload identity federation

2 subtopics

Lab: use Application Default Credentials (ADC) with a client library

Lab: configure Workload Identity Federation for keyless authentication

Architecture & landing zone basics (environments, projects, shared services)

Chapter 2

Security, IAM & governance

↗ App identity on GCP: service accounts, ADC, and workload identity federation (see Chapter 1)

IAM fundamentals: policies, roles, least privilege

2 subtopics

Lab: debug IAM access using Policy Troubleshooter and Audit Logs

Exercise: design least-privilege with predefined vs custom roles

Org Policy & policy-as-code

2 subtopics

Starter set: enforce common Org Policy constraints (no public buckets, allowed regions)

Practice: manage policies with Terraform (policy-as-code workflow)

Encryption, keys & secrets: Cloud KMS and Secret Manager

2 subtopics

Lab: create a CMEK key, set rotation, and apply it to a service

Lab: store secrets in Secret Manager and grant access to a service account

Perimeter security: VPC Service Controls and Private Service Connect (PSC)

Security posture & detection: SCC and audit logs

Chapter 3

Networking

VPC design: subnets, routes, Shared VPC

2 subtopics

Blueprint: plan IP ranges and implement a Shared VPC (host/service projects)

Pattern: publish services privately with Private Service Connect (PSC)

Egress/ingress: Cloud NAT and Private Google Access

Load balancing & CDN patterns

Hybrid connectivity: Cloud VPN, Interconnect, Cloud Router

2 subtopics

Lab: set up a site-to-site Cloud VPN tunnel and verify routing

Concepts: Interconnect types and Cloud Router (BGP) design basics

DNS & service discovery: Cloud DNS and Service Directory

Network security controls: firewalls, Cloud Armor, TLS

Chapter 4

Compute & containers

Compute Engine: images, templates, and managed instance groups

2 subtopics

Lab: deploy a Managed Instance Group with autoscaling and health checks

Lab: secure VM access with OS Login and IAP TCP forwarding

GKE: cluster basics and day-2 operations

2 subtopics

Lab: deploy an app to GKE and configure Horizontal Pod Autoscaling

Checklist: upgrades, node pools, and release channels in GKE

Cloud Run: deploy containers and connect to VPC

2 subtopics

Lab: deploy a container to Cloud Run using revisions and traffic splitting

Lab: connect Cloud Run to a VPC and lock down access with IAM

Event-driven serverless: Cloud Functions (gen2) and Eventarc

CI/CD & artifacts: Cloud Build and Artifact Registry

2 subtopics

Lab: build + test + push an image with Cloud Build to Artifact Registry

Practice: progressive delivery (staging→prod) using a deploy pipeline

Storage for compute: Persistent Disk and Filestore

2 subtopics

Exercise: choose Persistent Disk types and tune IOPS/throughput expectations

Decision guide: Filestore vs Cloud Storage vs local SSD for a workload

Chapter 5

Storage & databases

Cloud Storage: lifecycle, IAM, and transfer options

2 subtopics

Lab: configure Cloud Storage lifecycle rules and uniform bucket-level access

Lab: create signed URLs and compare transfer options (gsutil/STST)

↗ Storage for compute: Persistent Disk and Filestore (see Chapter 4)

Cloud SQL: HA, backups, and secure connectivity

2 subtopics

Lab: connect to Cloud SQL via private IP (and review IAM DB auth options)

Lab: configure backups/PITR and add a read replica for Cloud SQL

Spanner: schema design and horizontal scaling

Firestore: data model, indexes, and security rules

Bigtable: row key design and replication

Migration & DR planning: RPO/RTO, runbooks, transfer services

2 subtopics

Workshop: define RPO/RTO and write a DR runbook (failover + failback)

Plan: pick migration tools (DMS, Storage Transfer Service) and cutover steps

Chapter 6

Data, analytics & ML

BigQuery: modeling, partitioning, performance, and cost

2 subtopics

Exercise: design partitioning/clustering for a BigQuery table

Practice: control BigQuery costs (slot model basics + query optimization checklist)

Pub/Sub: messaging patterns and delivery semantics

2 subtopics

Exercise: reason about at-least-once delivery, ack deadlines, and retries

Lab: implement dead-letter topics and ordering keys in Pub/Sub

Dataflow: streaming pipelines and operations

2 subtopics

Lab: build a streaming pipeline (Pub/Sub → Dataflow → BigQuery)

Runbook: monitor and troubleshoot Dataflow (backlog, watermarks, scaling)

Dataproc: Spark/Hadoop basics and when to use it

Vertex AI: train, deploy, and monitor models

2 subtopics

Lab: deploy a model to a Vertex AI endpoint and test autoscaling

Concepts: model monitoring, drift, and basic MLOps responsibilities

BI: Looker / Looker Studio basics

Data governance: Dataplex and Data Catalog fundamentals

Chapter 7

Operations & cost management

↗ CI/CD & artifacts: Cloud Build and Artifact Registry (see Chapter 4)

Observability: Cloud Logging, Monitoring, Trace

2 subtopics

Lab: create a log sink (to BigQuery/Storage) and tune exclusions

Lab: create an alerting policy and a basic SLO dashboard

Reliability/SRE on GCP: SLOs, incident response, postmortems

Infrastructure as Code (IaC) with Terraform on GCP

2 subtopics

Lab: scaffold a Terraform project (providers, remote state, workspaces)

Practice: create reusable modules and promote changes via CI

Cost management: budgets, recommender, committed use discounts

2 subtopics

Lab: create budgets/alerts and export billing data to BigQuery

Practice: use Recommender for rightsizing + evaluate committed use discounts

↗ Migration & DR planning: RPO/RTO, runbooks, transfer services (see Chapter 5)

Ops automation: Cloud Scheduler, Workflows, Cloud Tasks

2 subtopics

Lab: run a scheduled job (Cloud Scheduler → Cloud Run/HTTP target)

Lab: orchestrate steps with Workflows and enqueue tasks with Cloud Tasks