Author Archives: anuj - Page 4
Database Credentials in Google Cloud?
How and where do you store db Credentials in Google Cloud? Secrets manager allows you to store and retrieve credentials in either binary form (blob) or as plain text.
Firewall Rules in GCP – Service Accounts versus Tags
Both - network tags - and Service accounts - are viable options (for target instances) when defining firewall rules. However, if both these exist for a certain VM, it is…
Private Google access
Private Google access allows your instances to reach Google APIs and services using an internal IP address rather than a public IP address. ... You can enable Private Google access on a subnet level and…
Account Level IAM versus Application Level IAM access
Use Case A - You need to implement a central authorization mechanism for users of your App (say hosted on App engine) Use Case B - You need to implement…
Cloud Storage – Granting access to external users – e.g. Auditors
The simplest thing to do is to create signed URLs (same as what you would do on AWS S3 buckets). The URL can be for the entire bucket or for…
Google App Engine Flex versus Standard
GAE Flex lets you access the underlying OS.
Cloud Identity versus Google Workspace
User management in Workspace occurs through (not a cloud console) However, with cloud identity, you can now manage users directly from the GCP console. This means that there are two…
Synchronizing Users versus Federating Users in GCP
From your Corporate AD, you have two options to bring your users into GCP Federation = Use Cloud Identity to accomplish this Synchronization = Use GCP Cloud Directory Sync Service…
Customer supplied keys and cloud storage
There is often a data compliance requirement - to use your own corporate provided encryption keys. If you want to user your own supplied encryption keys, you HAVE to use…
Organizations in GCP versus Organizations in AWS
What are organizations in GCP used for? Organizations in GCP are used to group resources - not to federate identities ( AWS Control Tower). You can connect VPCs in two…