Resources and Access in the Cloud Flashcards
(20 cards)
What are the four main levels of the Google Cloud Resource Hierarchy, from top to bottom?
- Organization Node, 2. Folders, 3. Projects, 4. Resources.
What is the purpose of the “Organization Node” in the Google Cloud Resource Hierarchy?
It represents the entire company and is the top-level container for all your company’s Google Cloud folders, projects, and resources. It’s where global policies can be applied.
What role do “Folders” play in the Google Cloud Resource Hierarchy?
They group projects, often corresponding to departments or teams, allowing for better organization and the application of policies to multiple projects at once.
What is a “Project” in Google Cloud?
A fundamental organizing entity where you create, manage, and use Google Cloud resources. Billing, APIs, and IAM permissions are typically managed at this level.
What important principle describes how IAM policies are applied down the Resource Hierarchy?
Inheritance. Policies set at a higher level (e.g., Organization or Folder) are generally inherited by the levels below them (e.g., Projects and Resources).
What is Identity and Access Management (IAM)?
A service that controls who (members) can do what (roles/permissions) on which Google Cloud resources.
What are the three main components of an IAM policy?
- Member (the “who”: user, group, service account), 2. Role (the “what can be done”: a collection of permissions), 3. Resource (the “on which”: the Google Cloud resource the policy applies to).
Name the three types of IAM Roles.
- Basic Roles, 2. Predefined Roles, 3. Custom Roles.
Describe “Basic Roles” in IAM.
Broad, powerful roles like Owner, Editor, and Viewer. They grant wide-ranging permissions across all services in a project.
What are “Predefined Roles” in IAM?
More granular roles provided by Google Cloud that offer fine-grained access control for specific services (e.g., “Compute Instance Admin” or “Storage Object Viewer”). They help implement the principle of least privilege.
When would you use a “Custom Role” in IAM?
When Basic or Predefined roles don’t meet your specific needs. Custom roles allow you to bundle a precise set of permissions.
What is a “Service Account” in Google Cloud?
A special type of non-human Google account that belongs to your application or virtual machine, not an individual user.
What is the primary purpose of a Service Account?
To allow code (applications, VMs) to authenticate and interact with Google Cloud services securely without using human credentials.
What is Cloud Identity?
Google’s Identity as a Service (IDaaS) solution used to centrally manage users, groups, and their access to Google services, including Google Cloud.
How does Cloud Identity relate to IAM?
Users and groups managed in Cloud Identity can be used as “members” in IAM policies to grant them roles and permissions on Google Cloud resources.
What is the Google Cloud Console?
The web-based graphical user interface (GUI) for managing Google Cloud projects and resources.
What is the Google Cloud SDK (Software Development Kit)?
A set of command-line tools (e.g., gcloud, gsutil) that you can install to manage Google Cloud services from your terminal or through scripts.
What is Cloud Shell?
A browser-based command-line interface within the Google Cloud Console that provides access to the Google Cloud SDK tools without local installation.
How are APIs (Application Programming Interfaces) used with Google Cloud?
They allow your own applications and services to programmatically interact with and control Google Cloud services.
What is the Google Cloud app used for?
A mobile application for monitoring the status of your Google Cloud services, receiving alerts, and performing some basic management tasks on the go.
