0
0
GCPcloud~5 mins

Why GCP architecture framework matters - Why It Works

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Building cloud systems can be confusing and risky without a clear plan. The GCP architecture framework helps you design systems that work well, stay safe, and save money by following proven ideas.
When you want to build a new app on Google Cloud and need a clear plan to avoid mistakes
When you want to make sure your cloud system can handle more users without breaking
When you want to keep your data safe and control who can see or change it
When you want to use Google Cloud services in the best way to save money
When you want to check if your cloud setup follows good practices and fix problems
Commands
This command creates a new Google Cloud project named Example Project. Projects are the main way to organize resources in GCP following the architecture framework.
Terminal
gcloud projects create example-project-12345 --name="Example Project"
Expected OutputExpected
Created [https://cloudresourcemanager.googleapis.com/v1/projects/example-project-12345].
--name - Sets a friendly name for the project
This command turns on the Compute Engine service in the project so you can create virtual machines. Enabling only needed services follows the framework's principle of minimal access.
Terminal
gcloud services enable compute.googleapis.com --project=example-project-12345
Expected OutputExpected
Operation "operations/enable-compute.googleapis.com" finished successfully.
--project - Specifies which project to enable the service in
This command creates a custom role with specific permissions. Using custom roles helps follow the security principle of least privilege in the framework.
Terminal
gcloud iam roles create customRoleExample --project=example-project-12345 --title="Custom Role" --permissions=compute.instances.start,compute.instances.stop --stage=GA
Expected OutputExpected
Created role projects/example-project-12345/roles/customRoleExample.
--permissions - Defines exactly what actions the role can perform
This command creates a virtual machine in the project and zone. Deploying resources in organized projects and zones helps with reliability and scalability.
Terminal
gcloud compute instances create example-vm --zone=us-central1-a --project=example-project-12345
Expected OutputExpected
Created [https://www.googleapis.com/compute/v1/projects/example-project-12345/zones/us-central1-a/instances/example-vm].
--zone - Specifies the location for the VM
This command lists all virtual machines in the project to verify the VM was created successfully and is running as expected.
Terminal
gcloud compute instances list --project=example-project-12345
Expected OutputExpected
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS example-vm us-central1-a n1-standard-1 10.128.0.2 34.68.194.64 RUNNING
--project - Specifies which project to list resources from
Key Concept

If you remember nothing else from this pattern, remember: following the GCP architecture framework helps you build cloud systems that are safe, reliable, and cost-effective.

Common Mistakes
Creating resources without organizing them into projects
This causes confusion and makes managing permissions and billing harder.
Always create and use separate projects to group related resources.
Enabling all services by default
This increases security risks and can lead to unexpected costs.
Enable only the services your project needs.
Assigning broad permissions to users or roles
This can allow users to do more than they should, risking security.
Use custom roles with only the permissions needed.
Summary
Create a Google Cloud project to organize your resources.
Enable only the services your project needs to keep it secure and cost-effective.
Use custom roles to give users only the permissions they require.
Deploy resources like virtual machines within your project and chosen zones.
Verify your resources are running correctly with list commands.