☁️

Understanding Google Cloud Resource Hierarchy

Apr 22, 2025

View transcript

Functional Structure of Google Cloud

Google Cloud Resource Hierarchy

  • Levels of Hierarchy:
    1. Resources
      • Includes virtual machines, Cloud Storage buckets, tables in BigQuery, etc.
    2. Projects
      • Organizes resources
      • Projects can be grouped into folders
    3. Folders
      • Can contain projects, subfolders, or both
    4. Organization Node
      • Top-level, encompasses all projects, folders, and resources
  • Policy Management
    • Policies can be applied at project, folder, and organization node levels
    • Inheritance of policies: Policies applied to folders affect all projects within

Projects in Google Cloud

  • Role and Function:
    • Basis for enabling and using services (e.g., APIs, billing, collaborators)
    • Each project is a separate entity
    • Managed and billed separately
  • Attributes:
    • Project ID: Unique, immutable
    • Project Name: User-created, changeable
    • Project Number: Unique, used internally
  • Management Tools:
    • Resource Manager tool:
      • API to manage projects (create, update, delete)
      • Can recover deleted projects
    • Accessible via RPC API & REST API

Folders in Google Cloud

  • Purpose:
    • Assign policies at chosen granularity
    • Resources inherit permissions from folders
  • Hierarchy:
    • Folders can group projects under an organization
    • Useful for departments to manage resources independently
    • Enable policy uniformity across multiple projects
  • Requirements:
    • Must have an organization node to use folders

Organization Node

  • Role:
    • Topmost resource
    • Contains all folders, projects, and resources
  • Special Roles:
    • Organization Policy Administrator: Control policy changes
    • Project Creator Role: Controls project creation and spending
  • Creation:
    • Automatically created if using Google Workspace
    • Can be generated using Cloud Identity if no Workspace domain
    • Allows domain members to create projects and billing accounts

Summary

  • Understanding the hierarchy is crucial for managing resources and policies effectively
  • Projects and folders have distinct roles and require proper management and organization
  • The organization node serves as the centralized control point for managing access and policies across the cloud environment.

Full transcript