Container Registry is a container image repository to manage Docker images, perform vulnerability analysis, and define fine-grained access control. Features Automatically build and push images to a private registry when you commit code to Cloud Source Repositories, GitHub, or Bitbucket. You can push and pull Docker images to your private Container Registry utilizing the standard Docker command-line interface. The system creates a Cloud Storage bucket to store all of your images the first time you push an image to Container Registry You have the ability to maintain control over who can access, view, or download images. Pricing Container Registry charges for the following: Storing images on Cloud Storage Network egress for containers stored in the registry. Network ingress is free. If the Container Scanning API is enabled in either Container Registry, vulnerability scanning is turned on and billed for both products.

  A fully managed git repository where you can securely manage your code. Features You will be able to extend your git workflow with Cloud Source Repositories. Set up a repository as a Git remote. Push, pull, clone, log, and perform other Git operations as required by your workflow. You can create multiple repositories for a single Google Cloud project. This allows you to organize the code associated with your cloud project in the best way. View repository files from within the Cloud Source Repositories using Source Browser. You can filter your view to focus on a specific branch, tag, or commit. Private repositories are for free. Can be automatically synced with Github and Bitbucket repositories. Integrates with Cloud Build to automatically build and test an image when changes are pushed to Cloud Source Repositories. You can get insights on actions performed on your repository with Cloud Audit Logs. Pricing Cloud Source Repositories charges based on: Per user Storage Egress network...

  Build, test, and deploy on Google Cloud Platform’s serverless CI/CD platform. Features Cloud build is a fully serverless platform that helps you build your custom development workflows for building, testing, and deploying. Cloud Build can import source code from: Cloud Storage Cloud Source Repositories GitHub Bitbucket Supports Native Docker. You can import your existing Docker file. Push images directly to Docker image storage repositories such as Docker Hub and Container Registry. You can also automate deployments to Google Kubernetes Engine (GKE) or Cloud Run for continuous delivery. Automatically performs package vulnerability scanning for vulnerable images based on policies set by DevSecOps. You can package source into containers or non-container artifacts like Maven, Gradle, Go, or Bazel. Pricing The first 120 build-minutes per day is free. The succeeding time is charged. Google Cloud Build Cheat Sheet References: https://cloud.google.com/cloud-build/ https://cloud.google.c...

  Cloud Monitoring collects metrics, events, and metadata, hosted uptime probes, and application instrumentation to gain visibility into the performance, availability, and health of your applications and infrastructure. Features Collect metrics from multicloud and hybrid infrastructure in real time. Metrics, events, and metadata are displayed with rich query language that helps identify issues and uncover significant patterns. Reduces time spent navigating between systems with one integrated service for metrics, uptime monitoring, dashboards, and alerts. Workspaces Cloud Monitoring utilizes workspaces to organize and manage its information. A Workspace can manage the monitoring data for a single Google Cloud project, or it can manage the data for multiple Google Cloud projects and AWS accounts. But, a Google Cloud project or an AWS account can only be associated with one Workspace at a time. You must have at least one of the following IAM role name for the Google Cloud project to c...

  An exabyte-scale, fully managed service for real-time log management.  Helps you to securely store, search, analyze, and alert on all of your log data and events. Features Write any custom log, from any source, into Cloud Logging using the public write APIs. You can search, sort, and query logs through query statements, along with rich histogram visualizations, simple field explorers, and the ability to save the queries. Integrates with Cloud Monitoring to set alerts on the logs events and logs-based metrics you have defined. You can export data in real-time to BigQuery to perform advanced analytics and SQL-like query tasks. Cloud Logging helps you see the problems with your mountain of data using Error Reporting. It helps you automatically analyze your logs for exceptions and intelligently aggregate them into meaningful error groups. Cloud Audit Logs Cloud Audit Logs maintains audit logs for each Cloud project, folder, and organization. There are four types of logs you can ...

  Google Cloud Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud resources. Features You can write template and configuration files and utilize them to create deployments that have a variety of Google Cloud services working together, such as: Cloud Storage Compute Engine Cloud SQL A configuration defines the structure of your deployment. You must specify a configuration on a YAML file to create a deployment. It contains the following: type and properties of the resources that are part of the deployment any templates the configuration should use additional subfiles that can be executed to create your final configuration. It is recommended that you break your configuration into templates to simplify your deployment and make it easier to replicate and troubleshoot. A template is a separate file that defines a set of resources. You can reuse templates across different deployments, to help you manage complex deployments...

  Google Cloud Console is a web admin interface to manage your Google cloud infrastructure. Features You can create projects on Google Cloud Console. With Cloud Console, you can quickly find and check the health of all your cloud resources in one place, including virtual machines, network settings, and data storage. Logging Manage and audit user access to project resources. Track down production issues quickly by viewing logs. You can explore the Google Cloud Marketplace and launch cloud solutions with just a few clicks. Billing View a detailed billing breakdown of your bills. Set spending budgets to avoid unexpected surprises Cloud Console enables you to connect to your virtual machines via Cloud Shell. You can quickly handle admin tasks using this instant-on Linux machine equipped with your favorite tools including Google Cloud SDK preconfigured and authenticated. Pricing Cloud Console is available at no cost to Google Cloud Platform customers.

  You can configure billing on Google Cloud in a variety of ways to meet different needs. To use Google Cloud services, you must have a valid Cloud Billing account, Features If you have a project that is not linked to a Cloud Billing account, you will have limited use of products and services available for your project. Cloud Billing Account & Payments Profile Cloud Billing Account It is set up in Google Cloud and is used to define who pays for a given set of Google Cloud resources and Google Maps Platform APIs. Access control to a Cloud Billing account is established by IAM roles. A Cloud Billing account is connected to a Google payments profile. Google Payments Profile Stores your payment instrument like credit cards and debit cards, to which costs are charged. Stores information about who is responsible for the profile. This serves as a document center where you can view invoices and payment history. Cloud Billing Reports The Cloud Billing Reports page allows you to view you...

  Cloud Pub/Sub is a fully-managed real-time messaging service for event driven systems that allows you to send and receive messages between independent applications. Features Capable of global message routing to simplify multi-region systems. Synchronous, cross-zone message replication and per-message receipt tracking ensure at-least-once delivery at any scale. Pub/Sub delivers each message at least once, so the Pub/Sub service might redeliver messages. You can declare independent quota and billing for publishers and subscribers. Cloud Pub/Sub doesn’t have shards or partitions. You just need to set your quota, publish, and consume. Key Concepts Topic It is a named resource to which publishers send messages. Subscription Is a named resource representing the stream of messages from a specific topic, to be sent to the subscribing application. Message The combination of data and attributes that a publisher sends to a topic and is eventually sent to subscribers. Message attribute A key...

  Build fully managed Apache Spark, Apache Hadoop, Presto, and other OSS clusters on the Google Cloud Platform using Cloud Dataproc. Features You can spin up resizable clusters quickly with various virtual machine types, disk sizes, number of nodes, and networking options on Cloud Dataproc. Dataproc provides autoscaling features to help you automatically manage the addition and removal of cluster workers. Cloud Dataproc has built-in integration with the following Google Cloud services for a more complete and robust platform. Cloud Storage BigQuery Cloud Bigtable Cloud Logging Cloud Monitoring AI Hub It is capable of image versioning. This will allow you to switch between different versions of the tools you want to use. To avoid charges for inactive clusters, you can utilize Dataproc’s scheduled deletion. You can manage your clusters via Cloud Console Web UI Cloud SDK RESTful APIs SSH access. Dataproc can be provisioned with custom images according to your needs. Workflow templates ...

  Cloud Dataprep by Trifacta is an intelligent data service for visually exploring, cleaning, and preparing structured and unstructured data for analysis, reporting, and machine learning. Features You can transform structured or unstructured datasets of any size — megabytes to petabytes — with equal ease and simplicity. Cloud Dataproc can transform datasets stored in CSV, JSON, or relational table formats. You can process data stored in Cloud Storage, BigQuery, or from your desktop, then export the refined data to BigQuery or Cloud Storage for storage, analysis, visualization, or machine learning. Uses a proprietary algorithm that interprets the data transformation intent of a user’s data selection. You can leverage hundreds of transformation functions readily available to turn your data into the asset you want. Cloud Dataprep enables users to collaborate on similar flow objects in real-time or to create copies for other team members to use for independent tasks. Explore your data ...

Cloud Dataflow is a fully managed data processing service for executing a wide variety of data processing patterns. Features Dataflow templates allow you to easily share your pipelines with team members and across your organization. You can also take advantage of Google-provided templates to implement useful but simple data processing tasks. Autoscaling lets the Dataflow automatically choose the appropriate number of worker instances required to run your job. You can build a batch or streaming pipeline protected with customer-managed encryption key (CMEK) or access CMEK-protected data in sources and sinks. Dataflow is integrated with VPC Service Controls to provide additional security on data processing environments by improving the ability to mitigate the risk of data exfiltration. Pricing Dataflow jobs are billed per second, based on the actual use of Dataflow batch or streaming workers. Additional resources, such as Cloud Storage or Pub/Sub, are each billed per that service’s pricin...

  Secret Manager is a secure and convenient method to store API keys, passwords, certificates, and other sensitive data. It provides a central place as the source of truth to manage, access, and audit secrets across Google Cloud. Features Secret names are project-global resources, but secret data is stored in regions. You can choose specific regions in which to store your secrets. Secret data is immutable and most operations take place on secret versions. Secret Manager integrates with IAM. Every interaction with Secret Manager generates an audit entry with Cloud Logging enabled to help you detect system anomalies. You can enable context-aware access to Secret Manager from hybrid environments using VPC Service Controls. Pricing Secret Manager charges for operations and active secret versions. A version is considered active if it is in the ENABLED or DISABLED state. Google Cloud Secret Manager Cheat Sheet Reference: https://cloud.google.com/secret-manager

  The Google Cloud Key Management Service (KMS) is a cloud-hosted key management service that enables you to manage encryption keys on the Google Cloud Platform. Features Lets you manage your symmetric and asymmetric cryptographic keys the same way you manage them in an on-premises environment. You can decide to use the keys generated by Cloud KMS with other Google Cloud services. These keys are known as customer-managed encryption keys (CMEK). Can use external KMS to protect your data in Google Cloud and separate data from key. You can generate a new key version for your symmetric keys automatically at a fixed time interval when you set a rotation schedule for your keys. Encrypt Kubernetes secrets in GKE with keys you manage in Cloud KMS. Moreover, you can store API keys, passwords, certificates, and other sensitive information with the Secret Manager storage system. Pricing Cloud KMS pricing is based on: the number of active key versions the protection level on the key versions u...

  Create and manage permissions for your Google Cloud resources with Identity Access Management (IAM). Provides a unified view into your organization’s security policy with built-in auditing to ease compliance purposes. Features Lets you authorize who can take specific actions on resources to give you full control and visibility on your Google Cloud services centrally. Permissions are represented in the form of  service.resource.verb Can map job functions into groups and roles. With IAM, users only get access to what they need to get the job done. Cloud IAM enables you to grant access to cloud resources at fine-grained levels, well beyond project-level access. You can leverage Cloud Identity to easily create or sync user accounts across applications and projects. IAM lets you set policies at the following levels of the resource hierarchy: Organization level The organization resource represents your company. IAM roles granted at this level are inherited by all resources under t...

  Cloud Identity is an API for provisioning and managing identity resources. Is a unified identity, access, app, and endpoint management (IAM/EMM) platform that helps IT and security teams maximize end-user efficiency, protect company data, and transition to a digital workspace. Features Use a single admin console to manage user, access, app, and device policies. Monitor your security and compliance posture with reporting and auditing capabilities, and investigate threats with Security Center. Helps you enforce policies for personal and corporate devices. Give users one-click access to apps with Single Sign-On (SSO). Hybrid Identity Management Extend your on-premises directory to the cloud with Google Cloud Active Directory Sync. This will enable simpler access to traditional apps and infrastructure with secure LDAP. Integrates with hundreds of applications out of the box. Pricing Cloud Identity has free and premium editions. Premium edition charges your organization per month per ...

  Help protect your applications and websites against denial of service and web attacks. Detect and mitigate attacks against your Cloud Load Balancing workloads. Mitigate OWASP Top 10 risks and help protect workloads on-premises or in the cloud. Features Comes with predefined rules for protection against OWASP Top 10 risks. Easily monitor the metrics associated with your policies in the Cloud Monitoring dashboard. View suspicious traffic patterns on the Cloud Armor dashboard directly. Can be run in preview mode to understand and study ahead of the effects of the rules defined on production traffic. Identify and enforce access control based on the geographic location of incoming traffic and IP addresses. Can protect and defend on-premises applications from DDoS and web attacks. Pricing Google Cloud Armor Managed Protection tiers: The Standard tier charges for security policies and rules within that policy, including well-formed L7 requests that are evaluated by a security policy. Th...