Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. To view audit logs, you must have the appropriate IAM permissions and roles: Enable data access logging for cloudsql: > gcloud projects get-iam-policy myproject123 > /tmp/policy.yaml > gcloud projects set-iam-policy myproject123 /tmp/policy.yaml

Private Service Connect is a capability of Google Cloud Networking that allows consumers to access managed services privately from inside their VPC network. Similarly, it allows managed service producers to host these services in their own separate VPC networks and offer a private connection to their consumers.

Network Connectivity Center creates a full mesh network between all spokes that are attached to the hub. It propagates all routes learned from a spoke to all the others, thus implementing full-mesh connectivity

BeyondCorp is Google’s implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.

Cloud Firestore is a cloud-hosted, NoSQL database that your Apple, Android, and web apps can access directly via native SDKs. Cloud Firestore is also available in native Node.js, Java, Python, Unity, C++ and Go SDKs, in addition to REST and RPC APIs.

Use a bastion host Con: Still have a VM with a public IP Use Cloud VPN/Interconnect Con: Developers are limited as to where they must be (i.e, connected to the network/VPN) Use Identity-Aware Proxy for TCP forwarding to forward a SSH/RDP connection to a remote instance without the need for a VPN connection Conclusion :…

The Identity-Aware Proxy(Cloud IAP) controls access to your cloud applications and VMs running on Google Cloud Platform(GCP)

Allows on-premises hosts to reach Google APIs and services using internal IPs To enable Private Google Access for on-premises hosts,