Every virtual machine (VM) instance stores its metadata on a metadata server. Your VM automatically has access to the metadata server API without any additional authorization. Compute Engine maintains the metadata keys and values for your VMs and projects in directories. Each directory stores metadata entries in the form of key-value pairs. Some directories contain…

Sharing custom images: Deny access to non-custom images using a resource manager constraint: DEPRECATE now, then OBSOLETE in 7 days, then DELETE in 14 days:

Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. To view audit logs, you must have the appropriate IAM permissions and roles: Enable data access logging for cloudsql: > gcloud projects get-iam-policy myproject123 > /tmp/policy.yaml > gcloud projects set-iam-policy myproject123 /tmp/policy.yaml

Private Service Connect is a capability of Google Cloud Networking that allows consumers to access managed services privately from inside their VPC network. Similarly, it allows managed service producers to host these services in their own separate VPC networks and offer a private connection to their consumers.

Network Connectivity Center creates a full mesh network between all spokes that are attached to the hub. It propagates all routes learned from a spoke to all the others, thus implementing full-mesh connectivity

BeyondCorp is Google’s implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN.

Cloud Firestore is a cloud-hosted, NoSQL database that your Apple, Android, and web apps can access directly via native SDKs. Cloud Firestore is also available in native Node.js, Java, Python, Unity, C++ and Go SDKs, in addition to REST and RPC APIs.

Use a bastion host Con: Still have a VM with a public IP Use Cloud VPN/Interconnect Con: Developers are limited as to where they must be (i.e, connected to the network/VPN) Use Identity-Aware Proxy for TCP forwarding to forward a SSH/RDP connection to a remote instance without the need for a VPN connection Conclusion :…