Google Cloud Platform (GCP) Cheatsheet

Table of Contents

1. Introduction to GCP
2. Core GCP Services
3. GCP Console
4. gcloud CLI
5. Compute Engine
6. Cloud Storage
7. Cloud IAM
8. Cloud SQL
9. Cloud Functions
10. Deployment Manager
11. Virtual Private Cloud (VPC)
12. Cloud Monitoring
13. Best Practices and Security

Introduction to GCP

Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube.

Key Benefits:

• Global infrastructure
• Strong security
• Innovative technology
• Flexible pricing
• Commitment to open source

Core GCP Services

1. Compute: Compute Engine, App Engine, Kubernetes Engine
2. Storage: Cloud Storage, Persistent Disk
3. Database: Cloud SQL, Cloud Spanner, Cloud Bigtable
4. Networking: Virtual Private Cloud (VPC), Cloud Load Balancing
5. Big Data: BigQuery, Dataflow, Pub/Sub
6. Machine Learning: AI Platform, Vision AI, Speech-to-Text

GCP Console

The GCP Console is a web-based interface to manage your Google Cloud resources.

1. Accessing the Console:

   • Go to console.cloud.google.com
   • Sign in with your Google account

2. Console Organization:

   • Navigation menu
   • Dashboard
   • Search bar
   • Active project selector

3. Creating a New Project:

   • Click on the project dropdown
   • Select "New Project"
   • Enter project name and organization
   • Click "Create"

gcloud CLI

The gcloud CLI is a command-line tool for managing GCP resources.

1. Installation: Follow the instructions at: https://cloud.google.com/sdk/docs/install

2. Initialize gcloud:

   gcloud init
   

3. Basic Command Structure:

   gcloud <service> <group> <command> <flags>
   

4. Example Commands:

   gcloud compute instances list
   gcloud storage buckets list
   gcloud projects list
   

Compute Engine

Compute Engine lets you create and run virtual machines on Google infrastructure.

1. Create a VM Instance:

   gcloud compute instances create my-vm      --zone=us-central1-a      --machine-type=e2-medium      --image-project=debian-cloud      --image-family=debian-10
   

2. List VM Instances:

   gcloud compute instances list
   

3. SSH into a VM:

   gcloud compute ssh my-vm --zone=us-central1-a
   

4. Stop a VM:

   gcloud compute instances stop my-vm --zone=us-central1-a
   

5. Delete a VM:

   gcloud compute instances delete my-vm --zone=us-central1-a
   

Cloud Storage

Cloud Storage is GCP's object storage service.

1. Create a Bucket:

   gcloud storage buckets create gs://my-bucket
   

2. Upload a File:

   gcloud storage cp myfile.txt gs://my-bucket/
   

3. List Bucket Contents:

   gcloud storage ls gs://my-bucket
   

4. Download a File:

   gcloud storage cp gs://my-bucket/myfile.txt ./
   

5. Delete a File:

   gcloud storage rm gs://my-bucket/myfile.txt
   

Cloud IAM

Cloud Identity and Access Management (IAM) lets you manage access control by defining who (identity) has what access (role) for which resource.

1. List IAM Policies:

   gcloud projects get-iam-policy PROJECT_ID
   

2. Add IAM Policy Binding:

   gcloud projects add-iam-policy-binding PROJECT_ID      --member=user:email@example.com      --role=roles/editor
   

3. Remove IAM Policy Binding:

   gcloud projects remove-iam-policy-binding PROJECT_ID      --member=user:email@example.com      --role=roles/editor
   

4. Create a Service Account:

   gcloud iam service-accounts create my-sa-name      --display-name "My Service Account"
   

Cloud SQL

Cloud SQL is a fully-managed database service that makes it easy to set up, maintain, manage, and administer your relational databases on Google Cloud Platform.

1. Create a Cloud SQL Instance:

   gcloud sql instances create my-instance      --tier=db-n1-standard-1      --region=us-central1
   

2. List Cloud SQL Instances:

   gcloud sql instances list
   

3. Create a Database:

   gcloud sql databases create my-database      --instance=my-instance
   

4. Create a User:

   gcloud sql users create my-user      --instance=my-instance      --password=my-password
   

Cloud Functions

Cloud Functions is GCP's serverless compute platform.

1. Deploy a Function:

   gcloud functions deploy my-function      --runtime python37      --trigger-http      --entry-point function_name
   

2. List Functions:

   gcloud functions list
   

3. Describe a Function:

   gcloud functions describe my-function
   

4. Delete a Function:

   gcloud functions delete my-function
   

Deployment Manager

Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud resources.

1. Create a Deployment:

   gcloud deployment-manager deployments create my-deployment      --config my-config.yaml
   

2. List Deployments:

   gcloud deployment-manager deployments list
   

3. Update a Deployment:

   gcloud deployment-manager deployments update my-deployment      --config my-updated-config.yaml
   

4. Delete a Deployment:

   gcloud deployment-manager deployments delete my-deployment
   

Virtual Private Cloud (VPC)

VPC provides networking functionality to Compute Engine virtual machine (VM) instances, Kubernetes Engine containers, and App Engine flexible environment.

1. Create a VPC Network:

   gcloud compute networks create my-vpc --subnet-mode=custom
   

2. Create a Subnet:

   gcloud compute networks subnets create my-subnet      --network=my-vpc      --region=us-central1      --range=10.0.0.0/24
   

3. Create a Firewall Rule:

   gcloud compute firewall-rules create my-rule      --network=my-vpc      --allow tcp:22,tcp:80,tcp:443
   

4. List VPC Networks:

   gcloud compute networks list
   

Cloud Monitoring

Cloud Monitoring provides visibility into the performance, uptime, and overall health of cloud-powered applications.

1. Create a Monitoring Workspace:

   gcloud monitoring workspaces create      --project=PROJECT_ID
   

2. List Metrics:

   gcloud monitoring metrics list
   

3. Create an Alert Policy:

   gcloud monitoring policies create      --display-name="My Alert Policy"      --condition="metric.type="compute.googleapis.com/instance/cpu/utilization" AND resource.type="gce_instance" AND metric.labels.instance_name="my-instance""      --threshold-value=0.8      --duration=5m
   

4. List Alert Policies:

   gcloud monitoring policies list
   

Best Practices and Security

1. Use Cloud IAM to manage access control
2. Enable two-factor authentication for user accounts
3. Use VPC Service Controls to create security perimeters
4. Enable Cloud Audit Logs to track activity
5. Use Cloud Key Management Service (KMS) for encryption key management
6. Implement least privilege access
7. Use Cloud Security Command Center for security and risk management
8. Regularly review and update firewall rules
9. Use Cloud Identity-Aware Proxy (IAP) to control access to your applications
10. Implement network segmentation using subnets and firewall rules