Top 5 GCP Shoutout

My top 5 things I wish GCP would shout louder about

  • Ways to stop yourself deleting things you don’t want to delete.
    • Project liens. This stops you accidentally deleting a project. My colleague @MrTrustor waxes lyrical about that here
    • VM deletionProtection flag - this helps prevents the accidental deletion of a VM maybe you are running AD on an instance or perhaps you have a monitoring service that needs to be up and running all the time Use IAM to grant least privilege permissions
    • Cloud storage bucket locks. Using this you can define a retention period that stops objects being deleted or overwritten until the defined period has expired. You can set a lock which prevents reducing the retention time for objects in the bucket and a hold which retains the object indefinitely. I highly recommend you read the docs for the implication of using retention policies
  • DLP templates - These allow you to define your config to use with dlp so they are decoupled from the requests. It means rather than having to update requests in multiple places that define the inspect config or de-identify infotype(s) to process this can be updated once in the template
  • Cloud Shell - A sysadmin machine that is accessible from wherever it has some really nice features including:
    • It has all the things you probably need installed docker , gcloud etc
    • You don’t need to download service account keys ouath works it recognises you :-)
    • One click download from a git repo
    • If you don’t like using vim, vi or nano then you can use the basic editor. I do wish you could use visual studio code from there but you can’t have it all !
  • API explorer - Unsure what that call should be then this under publicised gem is where you should start . Select the service you’re interested in and you get plenty of help to format your call and test it out. The faq should help you with any questions you still have about this

  • Some of the docs pages

    • Release notes & Security advisories (I know those may technically be two things). Every product has its release notes pages . Not sure what feature has been released or looking for a security advisory then go to the product pages and click through. The release pages are particularly great as they will usually provide a link to more detail on the feature or product the release note relates to rather than just a single line or paragraph .
    • The Understanding IAM roles page is probably the page I personally use the most. Its a single page where you can see a summary of the IAM roles for each product and from there you can drill down into the detail.