Certified Google Cloud Architect

Author Archives: anuj - Page 5

Containers on GCP – Runtime attacks versus Image Vulnerabilities

anuj January 23, 2024 Containers on GCP – Runtime attacks versus Image Vulnerabilities2024-01-23T16:30:06+00:00 Vulnerability Management No Comment

Runtime Attacks - Security Command Center - Premium Version Image vulnerabilities - Vulnerability Scanning in the Image Registry

Cloud Logging Buckets as Sink Logs in GCP

anuj January 23, 2024 Cloud Logging Buckets as Sink Logs in GCP2024-01-23T16:05:25+00:00 GCP Cloud Storage No Comment

Often , corporate compliance requirements require that logs be stored for a certain number of years. This is easily accomplished in GCP - by setting up a sink log for…

Cloud Storage – Retention Policies and Object Lifecycles

anuj January 22, 2024 Cloud Storage – Retention Policies and Object Lifecycles2024-01-22T05:25:26+00:00 GCP Cloud Storage No Comment

Retention Policies and Object Lifecycles Object lifecycles are well understood in terms of storage classes - standard, nearline, coldline, archive. You can change the storage class of an existing object…

Database Credentials in Google Cloud?

anuj January 22, 2024 Database Credentials in Google Cloud?2024-01-22T04:35:49+00:00 Secrets Manager No Comment

How and where do you store db Credentials in Google Cloud? Secrets manager allows you to store and retrieve credentials in either binary form (blob) or as plain text.

Firewall Rules in GCP – Service Accounts versus Tags

anuj January 22, 2024 Firewall Rules in GCP – Service Accounts versus Tags2024-01-22T04:21:06+00:00 GCP Networking No Comment

Both - network tags - and Service accounts - are viable options (for target instances) when defining firewall rules. However, if both these exist for a certain VM, it is…

Private Google access

anuj January 22, 2024 Private Google access2024-01-22T04:10:51+00:00 No Comment

Private Google access allows your instances to reach Google APIs and services using an internal IP address rather than a public IP address. ... You can enable Private Google access on a subnet level and…

Account Level IAM versus Application Level IAM access

anuj January 22, 2024 Account Level IAM versus Application Level IAM access2024-01-22T02:48:34+00:00 GCP IAM No Comment

Use Case A - You need to implement a central authorization mechanism for users of your App (say hosted on App engine) Use Case B - You need to implement…

Cloud Storage – Granting access to external users – e.g. Auditors

anuj January 20, 2024 Cloud Storage – Granting access to external users – e.g. Auditors2024-01-20T01:38:15+00:00 GCP Cloud Storage No Comment

The simplest thing to do is to create signed URLs (same as what you would do on AWS S3 buckets). The URL can be for the entire bucket or for…

Google App Engine Flex versus Standard

anuj January 19, 2024 Google App Engine Flex versus Standard2024-01-19T01:24:17+00:00 Google App Engine No Comment

GAE Flex lets you access the underlying OS.

Cloud Identity versus Google Workspace

anuj January 19, 2024 Cloud Identity versus Google Workspace2024-01-19T01:00:48+00:00 GCP IAM No Comment

User management in Workspace occurs through (not a cloud console) However, with cloud identity, you can now manage users directly from the GCP console. This means that there are two…

«‹3 456 7 ›»