Module 1: Setting up a cloud solution environment
Setting up cloud projects and accounts. Activities include:
- Creating a resource hierarchy
- Applying organizational policies to the resource hierarchy
- Granting members IAM roles within a project
- Managing users and groups in Cloud Identity (manually and automated)
- Enabling APIs within projects
- Provisioning and setting up products in Google Cloud’s operations suite
Managing billing configuration. Activities include:
- Creating one or more billing accounts
- Linking projects to a billing account
- Establishing billing budgets and alerts
- Setting up billing exports
- Installing and configuring the command-line interface (CLI), specifically the Cloud SDK (e.g., setting the default project).
Module 2. Planning and configuring a cloud solution
- Planning and estimating Google Cloud product use using the Pricing Calculator
- Planning and configuring compute resources. Considerations include:
- Selecting appropriate compute choices for a given workload
- Using preemptible VMs and custom machine types as appropriate
Planning and configuring data storage options. Considerations include:
- Product choice
- Choosing storage options
2.4 Planning and configuring network resources. Tasks include:
- Differentiating load balancing options
- Identifying resource locations in a network for availability
- Configuring Cloud DNS
Module 3: Deploying and implementing a cloud solution
3.1 Deploying and implementing Compute Engine resources. Tasks include:
- Launching a compute instance using Cloud Console and Cloud SDK (gcloud)
- Creating an autoscaled managed instance group using an instance template
- Generating/uploading a custom SSH key for instances
- Installing and configuring the Cloud Monitoring and Logging Agent
- Assessing compute quotas and requesting increases
3.2 Deploying and implementing Google Kubernetes Engine resources. Tasks include:
- Installing and configuring the command-line interface (CLI) for Kubernetes (kubectl)
- Deploying a Google Kubernetes Engine cluster with different configurations including AutoPilot, regional clusters, private clusters, etc.
- Deploying a containerized application to Google Kubernetes Engine
- Configuring Google Kubernetes Engine monitoring and logging
3.3 Deploying and implementing Cloud Run and Cloud Functions resources. Tasks include, where applicable:
- Deploying an application and updating scaling configuration, versions, and traffic splitting
- Deploying an application that receives Google Cloud events
3.4 Deploying and implementing data solutions. Tasks include:
- Initializing data systems with products
- Loading data
3.5 Deploying and implementing networking resources. Tasks include:
- Creating a VPC with subnets
- Launching a Compute Engine instance with custom network configuration
- Creating ingress and egress firewall rules for a VPC
- Creating a VPN between a Google VPC and an external network using Cloud VPN
- Creating a load balancer to distribute application network traffic to an application
3.6 Deploying a solution using Cloud Marketplace. Tasks include:
- Browsing the Cloud Marketplace catalog and viewing solution details
- Deploying a Cloud Marketplace solution
3.7 Implementing resources via infrastructure as code. Tasks include:
- Building infrastructure via Cloud Foundation Toolkit templates and implementing best practices
- Installing and configuring Config Connector in Google Kubernetes Engine to create, update, delete, and secure resources
Module 4: Ensuring successful operation of a cloud solution
4.1 Managing Compute Engine resources. Tasks include:
- Managing a single VM instance
- Remotely connecting to the instance
- Attaching a GPU to a new instance and installing necessary dependencies
- Viewing current running VM inventory
- Working with snapshots
- Working with images
- Working with instance groups
- Working with management interfaces
4.2 Managing Google Kubernetes Engine resources. Tasks include:
- Viewing current running cluster inventory
- Browsing Docker images and viewing their details in the Artifact Registry
- Working with node pools
- Working with pods
- Working with services
- Working with stateful applications
- Managing Horizontal and Vertical autoscaling configurations
- Working with management interfaces
4.3 Managing Cloud Run resources. Tasks include:
- Adjusting application traffic-splitting parameters
- Setting scaling parameters for autoscaling instances
- Determining whether to run Cloud Run (fully managed) or Cloud Run for Anthos
4.4 Managing storage and database solutions. Tasks include:
- Managing and securing objects in and between Cloud Storage buckets
- Setting object life cycle management policies for Cloud Storage buckets
- Executing queries to retrieve data from data instances
- Estimating costs of data storage resources
- Backing up and restoring database instances
- Reviewing job status in Dataproc, Dataflow, or BigQuery
4.5 Managing networking resources. Tasks include:
- Adding a subnet to an existing VPC
- Expanding a subnet to have more IP addresses
- Reserving static external or internal IP addresses
- Working with CloudDNS, CloudNAT, Load Balancers and firewall rules
4.6 Monitoring and logging. Tasks include:
- Creating Cloud Monitoring alerts based on resource metrics
- Creating and ingesting Cloud Monitoring custom metrics
- Configuring log sinks to export logs to external systems
- Configuring log routers
- Viewing and filtering logs in Cloud Logging
- Viewing specific log message details in Cloud Logging
- Using cloud diagnostics to research an application issue
- Viewing Google Cloud status
Module 5: Configuring access and security
5.1 Managing Identity and Access Management (IAM). Tasks include:
- Viewing IAM policies
- Creating IAM policies
- Managing the various role types and defining custom IAM roles
5.2 Managing service accounts. Tasks include:
- Creating service accounts
- Using service accounts in IAM policies with minimum permissions
- Assigning service accounts to resources
- Managing IAM of a service account
- Managing service account impersonation
- Creating and managing short-lived service account credentials