DEV Community

Carol Rocha Floro
Carol Rocha Floro

Posted on

GCP Associate 2 - hierarchy

#googlecloud #cloud #certification

Project attributes

A project has 3 main attributes:

  • Name: chosen by the user at the moment of the creation, doesn't have to be unique. It can be changed after creation.
  • ID: chosen by the user at the moment of the creation, must be unique.
  • Number: automatically generated by Google, it's unique.

Don't include sensitive data in the project attributes.

A project ID has the following requirements:
Must be 6 to 30 characters in length.
Can only contain lowercase letters, numbers, and hyphens.
Must start with a letter.
Cannot end with a hyphen.
Cannot be in use or previously used; this includes deleted projects.
Cannot contain restricted strings, such as google, null, undefined, and ssl.

When a project is created, the creator is granted the owner role by default.

A project can be created via console, CLI and API.

CLI: gcloud projects create PROJECT_ID
On the cloud shell or local shell having installed the gcloud CLI.

API: projects.create() method

Tags on project creation are available but not yet fully launched and might have limited support.

More on hierarchy

Projects can be at the top of the hierarchy (without any organization or folder) if created by free trial or tier users.

Diagram stating the main difference between organization policy and IAM

While IAM (Identity Access Management) focuses on who can do something on an specific resource, Organization Policy focuses on restrictions to specific resources such as folders or projects, or even the entire organization node.

Diagram showing the organization hierarchy with examples

Organization policies can be used to define constraints on specific resources and limit the enforcement of those constraints to others.

There are predefined organization policies but the administrator can also create custom ones. A custom policy can override the default inheritance.

Constraints

Defines what behaviors are controlled. It'll always be a list or a boolean.

  • List: lists allowed or denied values provided by the adm.
  • Boolean: enforced or not enforced for a resource. Tags can be used to define if a constraint will be enforced to a determined resource associated to that tag.

Violations

When a service acts counter to the organization policy.
New policies are usually not retroactive.
Services in violation will not be shut down and continue their original behavior until the violation is resolved manually.

Top comments (0)

Read next

jorgetovar profile image

Build Go Serverless REST APIs and Deploy to AWS using the SAM framework (Amazon Linux 2 Runtime)

Jorge Tovar -

hkhelil profile image

Kubernetes Multi-Cluster Management 📦

Hamdi KHELIL -

vst profile image

Managing NixOS on DigitalOcean with Colmena

Vehbi Sinan Tunalioglu -

noorscript profile image

Connecting to Your Linux EC2 Instance Using PuTTY on Window

Noor Fatima -