0
0
GCPcloud~30 mins

Security design principles in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Implementing Security Design Principles in GCP
📖 Scenario: You are working as a cloud engineer for a small company moving its applications to Google Cloud Platform (GCP). Your task is to set up a simple, secure environment following basic security design principles to protect company data and resources.
🎯 Goal: Build a GCP project configuration that applies key security design principles: least privilege access, network segmentation, and secure storage. You will create a service account with limited permissions, configure a Virtual Private Cloud (VPC) network with subnets, and set up a Cloud Storage bucket with restricted access.
📋 What You'll Learn
Create a service account named app-service-account with the role roles/storage.objectViewer.
Create a VPC network named secure-vpc with two subnets: frontend-subnet and backend-subnet.
Create a Cloud Storage bucket named secure-data-bucket with uniform bucket-level access enabled.
Grant the service account read-only access to the storage bucket.
💡 Why This Matters
🌍 Real World
Companies use these security design principles to protect their cloud resources from unauthorized access and reduce risk.
💼 Career
Cloud engineers and security specialists must implement these principles to build secure cloud environments that comply with best practices and regulations.
Progress0 / 4 steps
1
Create a service account
Create a service account named app-service-account in your GCP project.
GCP
Need a hint?

Use the gcloud iam service-accounts create command with the exact name app-service-account.

2
Assign storage object viewer role to the service account
Assign the role roles/storage.objectViewer to the service account app-service-account for your project.
GCP
Need a hint?

Use gcloud projects add-iam-policy-binding with the service account email and the role roles/storage.objectViewer.

3
Create a VPC network with two subnets
Create a VPC network named secure-vpc with two subnets: frontend-subnet in region us-central1 and backend-subnet in region us-east1.
GCP
Need a hint?

Use gcloud compute networks create with --subnet-mode=custom and then create two subnets with gcloud compute networks subnets create.

4
Create a secure Cloud Storage bucket and grant access
Create a Cloud Storage bucket named secure-data-bucket with uniform bucket-level access enabled. Then grant the service account app-service-account the role roles/storage.objectViewer on this bucket.
GCP
Need a hint?

Use gcloud storage buckets create with --uniform-bucket-level-access and then gcloud storage buckets add-iam-policy-binding to grant the service account access.