-
Metadata
Every virtual machine (VM) instance stores its metadata on a metadata server. Your VM automatically has access to the metadata server API without any additional authorization. Compute Engine maintains the metadata keys and values for your VMs and projects in directories. Each directory stores metadata entries in the form of key-value pairs. Some directories contain…
-
Define a golden image
Sharing custom images: Deny access to non-custom images using a resource manager constraint: DEPRECATE now, then OBSOLETE in 7 days, then DELETE in 14 days:
-
Audit Logging
Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. To view audit logs, you must have the appropriate IAM permissions and roles: Enable data access logging for cloudsql: > gcloud projects get-iam-policy myproject123 > /tmp/policy.yaml > gcloud projects set-iam-policy myproject123 /tmp/policy.yaml
-
Naming convention
Verbose names provide clarity on resource structure and ownership For example: Project: acme-sales-clientinsight-prod Service Account: sa-insight-reporting-api@acme-sales-clientinsight-prod
-
Error Reporting
Error Reporting aggregates errors produced in your running cloud services. These errors are either reported by the Error Reporting API or are inferred to be errors when Error Reporting inspects log entries for common text patterns such as stack traces.
-
Cloud Profiler
Cloud Profiler continuously gathers CPU usage and memory-allocation information from your production applications. It attributes that information to the application’s source code, helping you identify the parts of the application consuming the most resources, and otherwise illuminating the performance characteristics of the code.
-
Cloud Trace
Cloud Trace is a distributed tracing system for Google Cloud that collects latency data from applications and displays it in near real-time in the Google Cloud console.
-
Ops Agent
The Ops Agent is the primary agent for collecting telemetry from your Compute Engine instances. Combining the collection of logs, metrics, and traces into a single process, the Ops Agent uses Fluent Bit for logs, which supports high-throughput logging, and the OpenTelemetry Collector for metrics and traces. If you’re using Kubernetes, Cloud Functions, or App Engine to deploy your…
-
Alerting Policies
Create notifications in response to a policy that exceeds some condition.