the notes
Section 1. Setting up a cloud solution environment
1.1 Setting up cloud projects and accounts. Activities include:
Creating a resource hierarchy
-
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
-
https://cloud.google.com/resource-manager/docs/quickstart-organizations
-
https://cloud.google.com/resource-manager/docs/default-access-control
-
https://cloud.google.com/resource-manager/docs/creating-managing-organization
-
https://cloud.google.com/resource-manager/docs/organization-setup
-
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
-
https://cloud.google.com/resource-manager/docs/creating-managing-folders
-
https://cloud.google.com/resource-manager/docs/creating-managing-projects
-
https://cloud.google.com/resource-manager/docs/moving-projects-folders
-
https://cloud.google.com/resource-manager/docs/project-migration
-
https://cloud.google.com/resource-manager/docs/organization-resource-management
-
https://cloud.google.com/resource-manager/docs/managing-multiple-orgs
Applying organizational policies to the resource hierarchy
-
https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-constraints
-
https://cloud.google.com/resource-manager/docs/organization-policy/overview
-
https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints
-
https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy
-
https://cloud.google.com/resource-manager/docs/organization-policy/using-constraints
-
https://cloud.google.com/resource-manager/docs/tags/tags-overview
-
https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing
-
https://cloud.google.com/resource-manager/docs/organization-policy/tags-organization-policy
-
https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
-
https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts
-
https://cloud.google.com/resource-manager/docs/organization-policy/defining-locations
-
https://cloud.google.com/resource-manager/docs/resource-settings/overview
-
https://cloud.google.com/resource-manager/docs/listing-all-resources
-
https://cloud.google.com/resource-manager/docs/resource-settings/manage-resource-settings
Granting Members IAM Roles Within a Project
Managing users and groups in Cloud Identity (manually and automated)
Enabling APIs within projects
Provisioning and setting up products in Google Cloud’s operations suite
1.2 Managing billing configuration. Activities include:
Creating one or more billing accounts
Linking projects to a billing account
Establishing billing budgets and alerts
Setting up billing exports
-
https://cloud.google.com/billing/docs/how-to/export-data-bigquery-setup
-
https://cloud.google.com/billing/docs/how-to/export-data-file
1.3 Installing and configuring the command line interface (CLI), specifically the Cloud SDK (e.g., setting the default project)
Section 2. Planning and configuring a cloud solution
2.1 Planning and estimating Google Cloud product use using the Pricing Calculator
-
https://cloud.google.com/compute/docs/sustained-use-discounts
-
https://cloud.google.com/compute/docs/instances/signing-up-committed-use-discounts
2.2 Planning and configuring compute resources. Considerations include:
Selecting appropriate compute choices for a given workload (e.g., Compute Engine, Google Kubernetes Engine, Cloud Run, Cloud Functions)
Using preemptible VMs and custom machine types as appropriate
-
https://cloud.google.com/compute/docs/instances/create-use-preemptible
-
https://cloud.google.com/compute/docs/instances/creating-instance-with-custom-machine-type
2.3 Planning and configuring data storage options. Considerations include:
Product choice (e.g., Cloud SQL, BigQuery, Firestore, Cloud Spanner, Cloud Bigtable)
Choosing storage options (e.g., Zonal persistent disk, Regional balanced persistent disk, Standard, Nearline, Coldline, Archive)
2.4 Planning and configuring network resources. Tasks include:
Differentiating load balancing options
Identifying resource locations in a network for availability
Configuring Cloud DNS
Section 3. Deploying and implementing a cloud solution
3.1 Deploying and implementing Compute Engine resources. Tasks include:
Launching a compute instance using Cloud Console and Cloud SDK (gcloud) (e.g., assign disks, availability policy, SSH keys)
-
https://cloud.google.com/compute/docs/instances/create-start-instance
-
https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances
-
https://cloud.google.com/compute/docs/instances/startup-scripts
-
https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options
-
https://cloud.google.com/compute/docs/instances/access-overview
-
https://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms
Creating an autoscaled managed instance group using an instance template
-
https://cloud.google.com/compute/docs/instance-templates/create-instance-templates
-
https://cloud.google.com/compute/docs/instances/create-vm-from-instance-template
-
https://cloud.google.com/compute/docs/instance-groups/creating-groups-of-managed-instances
Generating/uploading a custom SSH key for instances
-
https://cloud.google.com/compute/docs/instances/access-overview
-
https://cloud.google.com/compute/docs/connect/create-ssh-keys
-
https://cloud.google.com/compute/docs/connect/restrict-ssh-keys
Installing and configuring the Cloud Monitoring and Logging Agent
-
https://cloud.google.com/monitoring/agent/monitoring/installation
-
https://cloud.google.com/logging/docs/agent/logging/installation
Assessing compute quotas and requesting increases
3.2 Deploying and implementing Google Kubernetes Engine resources. Tasks include:
Installing and configuring the command line interface (CLI) for Kubernetes (kubectl)
Deploying a Google Kubernetes Engine cluster with different configurations including AutoPilot, regional clusters, private clusters, etc.
-
https://cloud.google.com/kubernetes-engine/docs/how-to/stateless-apps
-
https://cloud.google.com/kubernetes-engine/docs/how-to/stateful-apps
-
https://cloud.google.com/kubernetes-engine/docs/tutorials/persistent-disk
-
https://cloud.google.com/kubernetes-engine/docs/how-to/creating-an-autopilot-cluster
-
https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster
-
https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-regional-cluster
-
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters
Deploying a containerized application to Google Kubernetes Engine
Configuring Google Kubernetes Engine monitoring and logging
3.3 Deploying and implementing Cloud Run and Cloud Functions resources. Tasks include, where applicable:
Deploying an application and updating scaling configuration, versions, and traffic splitting
-
https://cloud.google.com/build/docs/deploying-builds/deploy-cloud-run
-
https://cloud.google.com/build/docs/deploying-builds/deploy-functions
-
https://cloud.google.com/run/docs/about-instance-autoscaling
-
https://cloud.google.com/run/docs/rollouts-rollbacks-traffic-migration
-
https://cloud.google.com/functions/docs/configuring/max-instances
Deploying an application that receives Google Cloud events (e.g., Pub/Sub events, Cloud Storage object change notification events)
3.4 Deploying and implementing data solutions. Tasks include:
Initializing data systems with products (e.g., Cloud SQL, Firestore, BigQuery, Cloud Spanner, Pub/Sub, Cloud Bigtable, Dataproc, Dataflow, Cloud Storage)
Loading data (e.g., command line upload, API transfer, import/export, load data from Cloud Storage, streaming data to Pub/Sub)
-
https://cloud.google.com/storage/docs/copying-renaming-moving-objects
-
https://cloud.google.com/storage-transfer/docs/create-manage-transfer-console
-
https://cloud.google.com/storage-transfer/docs/create-manage-transfer-program
-
https://cloud.google.com/sql/docs/mysql/import-export/import-export-sql
-
https://cloud.google.com/datastore/docs/export-import-entities
-
https://cloud.google.com/sdk/gcloud/reference/beta/dataproc/clusters/export
-
https://cloud.google.com/sdk/gcloud/reference/beta/dataproc/clusters/import
-
https://cloud.google.com/sdk/gcloud/reference/pubsub/subscriptions/pull
3.5 Deploying and implementing networking resources. Tasks include:
Creating a VPC with subnets (e.g., custom-mode VPC, shared VPC)
Launching a Compute Engine instance with custom network configuration (e.g., internal-only IP address, Google private access, static external and private IP address, network tags)
-
https://cloud.google.com/compute/docs/instances/create-start-instance
-
https://cloud.google.com/vpc/docs/configure-private-google-access
-
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address
-
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address
Creating ingress and egress firewall rules for a VPC (e.g., IP subnets, network tags, service accounts)
Creating a VPN between a Google VPC and an external network using Cloud VPN
Creating a load balancer to distribute application network traffic to an application (e.g., Global HTTP(S) load balancer, Global SSL Proxy load balancer, Global TCP Proxy load balancer, regional network load balancer, regional internal load balancer)
3.6 Deploying a solution using Cloud Marketplace. Tasks include:
Browsing the Cloud Marketplace catalog and viewing solution details
Deploying a Cloud Marketplace solution (i.e., using a solution from the marketplace)
3.7 Implementing resources via infrastructure as code. Tasks include:
Building infrastructure via Cloud Foundation Toolkit templates and implementing best practices
-
https://cloud.google.com/deployment-manager/docs/step-by-step-guide
-
https://cloud.google.com/deployment-manager/docs/deployments/deleting-deployments
-
https://cloud.google.com/deployment-manager/docs/deployments/viewing-manifest
-
https://cloud.google.com/deployment-manager/docs/reference/cloud-foundation-toolkit
-
https://cloud.google.com/deployment-manager/docs/configuration/use-references
-
https://cloud.google.com/docs/terraform/blueprints/terraform-blueprints
Installing and configuring Config Connector in Google Kubernetes Engine to create, update, delete, and secure resources
-
https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall
-
https://cloud.google.com/config-connector/docs/how-to/configuring-your-client
-
https://cloud.google.com/config-connector/docs/how-to/getting-started
Section 4. Ensuring successful operation of a cloud solution
4.1 Managing Compute Engine resources. Tasks include:
Managing a single VM instance (e.g., start, stop, edit configuration, or delete an instance)
-
https://cloud.google.com/compute/docs/instances/stop-start-instance
-
https://cloud.google.com/compute/docs/instances/schedule-instance-start-stop
-
https://cloud.google.com/compute/docs/instances/deleting-instance
-
https://cloud.google.com/compute/docs/instances/update-instance-properties
-
https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion
-
https://cloud.google.com/compute/docs/instances/moving-instance-across-zones
-
https://cloud.google.com/compute/docs/instances/migrating-interfaces-between-networks
-
https://cloud.google.com/compute/docs/instances/apply-machine-type-recommendations-for-instances
-
https://cloud.google.com/compute/docs/instances/changing-machine-type-of-stopped-instance
Remotely connecting to the instance
-
https://cloud.google.com/compute/docs/instances/connecting-to-instance
-
https://cloud.google.com/compute/docs/instances/transfer-files
-
https://cloud.google.com/compute/docs/instances/connecting-to-windows
-
https://cloud.google.com/compute/docs/instances/transfer-files-windows
Attaching a GPU to a new instance and installing necessary dependencies
Viewing current running VM inventory (instance IDs, details)
Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a snapshot)
-
https://cloud.google.com/compute/docs/disks/create-snapshots
-
https://cloud.google.com/compute/docs/disks/scheduled-snapshots
-
https://cloud.google.com/compute/docs/instances/windows/creating-windows-persistent-disk-snapshot
Working with images (e.g., create an image from a VM or a snapshot, view images, delete an image)
-
https://cloud.google.com/compute/docs/machine-images/create-machine-images
-
https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images
Working with instance groups (e.g., set autoscaling parameters, assign instance template, create an instance template, remove instance group)
-
https://cloud.google.com/compute/docs/autoscaler/scaling-cpu
-
https://cloud.google.com/compute/docs/autoscaler/scaling-load-balancing
-
https://cloud.google.com/compute/docs/autoscaler/scaling-stackdriver-monitoring-metrics
-
https://cloud.google.com/compute/docs/autoscaler/scaling-schedules
-
https://cloud.google.com/compute/docs/autoscaler/managing-autoscalers
-
https://cloud.google.com/compute/docs/instance-groups/delete-mig
-
https://cloud.google.com/compute/docs/instance-groups/add-remove-vms-in-mig
-
https://cloud.google.com/compute/docs/instance-templates/create-instance-templates
-
https://cloud.google.com/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups
Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK)
4.2 Managing Google Kubernetes Engine resources. Tasks include:
Viewing current running cluster inventory (nodes, pods, services)
-
https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-admin-overview
-
https://cloud.google.com/kubernetes-engine/docs/how-to/managing-clusters
-
https://cloud.google.com/kubernetes-engine/docs/how-to/upgrading-a-cluster
-
https://cloud.google.com/kubernetes-engine/docs/how-to/resizing-a-cluster
-
https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-autoscaler
-
https://cloud.google.com/kubernetes-engine/docs/how-to/deleting-a-cluster
Browsing Docker images and viewing their details in the Artifact Registry
Working with node pools (e.g., add, edit, or remove a node pool)
-
https://cloud.google.com/kubernetes-engine/docs/how-to/node-pools
-
https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning
-
https://cloud.google.com/kubernetes-engine/docs/how-to/node-images
-
https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades
-
https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair
Working with pods (e.g., add, edit, or remove pods)
Working with services (e.g., add, edit, or remove a service)
-
https://cloud.google.com/kubernetes-engine/docs/how-to/exposing-apps
-
https://cloud.google.com/kubernetes-engine/docs/how-to/service-parameters
Working with stateful applications (e.g., persistent volumes, stateful sets)
Managing Horizontal and Vertical autoscaling configurations
-
https://cloud.google.com/kubernetes-engine/docs/how-to/horizontal-pod-autoscaling
-
https://cloud.google.com/kubernetes-engine/docs/how-to/vertical-pod-autoscaling
-
https://cloud.google.com/kubernetes-engine/docs/how-to/multidimensional-pod-autoscaling
Working with management interfaces (e.g., Cloud Console, Cloud Shell, Cloud SDK, kubectl)
-
https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards
-
https://cloud.google.com/shell/docs/running-a-kubernetes-engine-app
4.3 Managing Cloud Run resources. Tasks include:
Adjusting application traffic-splitting parameters
Setting scaling parameters for autoscaling instances
Determining whether to run Cloud Run (fully managed) or Cloud Run for Anthos
4.4 Managing storage and database solutions. Tasks include:
Managing and securing objects in and between Cloud Storage buckets
-
https://cloud.google.com/storage/docs/access-control/create-manage-lists
-
https://cloud.google.com/storage/docs/encryption/default-keys
-
https://cloud.google.com/storage/docs/encryption/customer-managed-keys
-
https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys
-
https://cloud.google.com/storage/docs/encryption/customer-supplied-keys
-
https://cloud.google.com/storage/docs/encryption/using-customer-supplied-keys
-
https://cloud.google.com/storage/docs/encryption/client-side-keys
Setting object life cycle management policies for Cloud Storage buckets
Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery, Cloud Spanner, Datastore, Cloud Bigtable)
-
https://firebase.google.com/docs/firestore/query-data/queries
-
https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax
-
https://cloud.google.com/spanner/docs/tune-query-with-visualizer
-
https://cloud.google.com/spanner/docs/reference/standard-sql/query-syntax
-
https://cloud.google.com/dataflow/docs/guides/sql/dataflow-sql-intro
-
https://cloud.google.com/dataflow/docs/reference/sql/query-syntax
-
https://cloud.google.com/bigquery/external-data-cloud-storage
Estimating costs of data storage resources
Backing up and restoring database instances (e.g., Cloud SQL, Datastore)
-
https://cloud.google.com/sql/docs/mysql/backup-recovery/backing-up
-
https://cloud.google.com/sql/docs/mysql/backup-recovery/restore
-
https://cloud.google.com/sql/docs/mysql/backup-recovery/pitr
-
https://firebase.google.com/docs/firestore/manage-data/export-import
-
https://cloud.google.com/bigquery/docs/table-snapshots-intro
-
https://cloud.google.com/bigquery/docs/table-snapshots-create
-
https://cloud.google.com/bigquery/docs/table-snapshots-restore
-
https://cloud.google.com/bigquery/docs/table-snapshots-update
-
https://cloud.google.com/bigquery/docs/table-snapshots-scheduled
-
https://cloud.google.com/datastore/docs/export-import-entities
Reviewing job status in Dataproc, Dataflow, or BigQuery
-
https://cloud.google.com/dataproc/docs/concepts/jobs/life-of-a-job
-
https://cloud.google.com/dataflow/docs/guides/using-monitoring-intf
-
https://cloud.google.com/dataflow/docs/guides/using-command-line-intf
4.5 Managing networking resources. Tasks include:
Adding a subnet to an existing VPC
Expanding a subnet to have more IP addresses
Reserving static external or internal IP addresses
-
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address
-
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address
Working with Cloud DNS, Cloud NAT, Load Balancers and firewall rules
4.6 Monitoring and logging. Tasks include:
Creating Cloud Monitoring alerts based on resource metrics
-
https://cloud.google.com/monitoring/alerts/using-alerting-ui
-
https://cloud.google.com/monitoring/alerts/using-alerting-api
Creating and ingesting Cloud Monitoring custom metrics (e.g., from applications or logs)
-
https://cloud.google.com/monitoring/custom-metrics/open-census
-
https://cloud.google.com/monitoring/custom-metrics/creating-metrics
-
https://cloud.google.com/monitoring/custom-metrics/browsing-metrics
Configuring log sinks to export logs to external systems (e.g., on-premises or BigQuery)
Configuring log routers
Viewing and filtering logs in Cloud Logging
-
https://cloud.google.com/logging/docs/view/logs-viewer-interface
-
https://cloud.google.com/logging/docs/reference/tools/gcloud-logging
-
https://cloud.google.com/logging/docs/export/using_exported_logs
Viewing specific log message details in Cloud Logging
Using cloud diagnostics to research an application issue (e.g., viewing Cloud Trace data, using Cloud Debug to view an application point-in-time)
-
https://cloud.google.com/error-reporting/docs/viewing-errors
-
https://cloud.google.com/error-reporting/docs/managing-errors
-
https://cloud.google.com/profiler/docs/interacting-flame-graph
Viewing Google Cloud status
Section 5. Configuring access and security
5.1 Managing Identity and Access Management (IAM). Tasks include:
Viewing IAM policies
-
https://cloud.google.com/iam/docs/understanding-custom-roles
-
https://cloud.google.com/iam/docs/granting-changing-revoking-access
Creating IAM policies
-
https://cloud.google.com/iam/docs/granting-changing-revoking-access
-
https://cloud.google.com/iam/docs/managing-conditional-role-bindings
-
https://cloud.google.com/iam/docs/configuring-resource-based-access
Managing the various role types and defining custom IAM roles (e.g., primitive, predefined and custom)
5.2 Managing service accounts. Tasks include:
Creating service accounts
-
https://cloud.google.com/iam/docs/creating-managing-service-accounts
-
https://cloud.google.com/iam/docs/creating-managing-service-account-keys
Using service accounts in IAM policies with minimum permissions
Assigning service accounts to resources
Managing IAM of a service account
Managing service account impersonation
-
https://cloud.google.com/iam/docs/impersonating-service-accounts
-
https://cloud.google.com/iam/docs/manage-lateral-movement-insights
Creating and managing short-lived service account credentials
-
https://cloud.google.com/iam/docs/configuring-temporary-access
-
https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials