Overview
This is the master note for the Associate Cloud Engineer certification learning path. The plan emphasizes Python automation while ensuring 100% coverage of exam objectives. Use this as your Map of Content (MOC) linking to individual phase notes, runbooks, and tool documentation.
Budget: $500 | Timeline: 9-10 weeks | Focus: Python Automation + Full Exam Coverage
Progress Dashboard
Exam Section Coverage
| Section | Weight | Status | Notes |
|---|---|---|---|
| 1. Setup | ~23% | π² Not Started | Phases 1-2 |
| 2. Implementation | ~30% | π² Not Started | Phases 3-5 |
| 3. Operations | ~27% | π² Not Started | Phases 6-7 |
| 4. Security | ~20% | π² Not Started | Phases 2, 8 |
Phase Progress
| Phase | Topic | Status | Deliverables |
|---|---|---|---|
| 1 | Foundation & Setup | π² | 4 tools |
| 2 | IAM & Service Accounts | π² | 2 tools |
| 3 | Compute & GKE | π² | 6 tools |
| 4 | Storage & Databases | π² | 3 tools |
| 5 | Terraform & Helm | π² | 2 configs |
| 6 | VPC, Firewall, LB | π² | 4 tools |
| 7 | Logging & Monitoring | π² | 4 tools |
| 8 | Custom Roles & Workload Identity | π² | 2 tools |
Budget Tracker
| Phase | Allocated | Spent | Resources |
|---|---|---|---|
| 1-2 | $5 | $0 | APIs only |
| 3 | $150 | $0 | Compute + GKE |
| 4 | $100 | $0 | Cloud SQL + Storage |
| 5 | β | $0 | Included above |
| 6 | $50 | $0 | Networking |
| 7 | $25 | $0 | Monitoring |
| 8 | $20 | $0 | Security config |
| Buffer | $150 | $0 | Unexpected |
| Total | $500 | $0 |
Phase 1: Foundation & Environment Setup
Duration: Week 1 | Exam Coverage: Section 1.1, 1.2
1.1 The Control Plane Setup
Exam Topics: Setting up cloud projects, enabling APIs, resource hierarchy
Concepts to Master:
- Google Cloud resource hierarchy: Organization β Folders β Projects β Resources
- Application Default Credentials (ADC) for local development
- API enablement and project configuration
Setup Commands:
gcloud init
gcloud auth application-default login
python -m venv gcp-automation
source gcp-automation/bin/activate
pip install google-cloud-resource-manager google-cloud-billingAutomation Project: Resource Hierarchy Explorer
| Field | Value |
|---|---|
| Purpose | Authenticate and visualize project structure |
| Library | google-cloud-resource-manager |
| Inputs | ADC credentials |
| Outputs | Tree view of org/folders/projects |
| Exam Mapping | 1.1: Creating a resource hierarchy |
Features to implement:
- Authenticate using ADC
- List all accessible projects
- Display folder/organization structure
- Check enabled APIs per project
Status: π² Complete
1.2 Billing Configuration & Cost Control
Exam Topics: Creating billing accounts, linking projects, budgets, alerts, exports
Concepts to Master:
- Billing accounts vs. projects relationship
- Budget alerts and programmatic notifications
- Billing export to BigQuery for analysis
Automation Project: Budget Guardian
| Field | Value |
|---|---|
| Purpose | Monitor and manage billing programmatically |
| Library | google-cloud-billing, google-cloud-billing-budgets |
| Inputs | Billing account ID |
| Outputs | Budget status, alerts configuration |
| Exam Mapping | 1.2: All billing objectives |
Features to implement:
- List billing accounts and linked projects
- Retrieve current budget configurations
- Create budgets with email alerts programmatically
- Query billing export data in BigQuery
Status: π² Not Started
1.3 Cloud Identity & Organization Policies
Exam Topics: Managing users/groups, organizational policies
Concepts to Master:
- Cloud Identity for user/group management
- Organization policies and constraints
- Constraint types: boolean, list, custom
Automation Project: Policy Auditor
| Field | Value |
|---|---|
| Purpose | Audit organization policies for compliance |
| Library | google-cloud-org-policy |
| Inputs | Organization ID |
| Outputs | Policy compliance report |
| Exam Mapping | 1.1: Applying organizational policies |
Features to implement:
- List all organization policies in effect
- Identify constraints at each hierarchy level
- Export compliance report
Status: π² Not Started
1.4 Quotas & Regional Availability
Exam Topics: Assessing quotas, requesting increases, product availability
Automation Project: Quota Dashboard
| Field | Value |
|---|---|
| Purpose | Monitor quota utilization and regional availability |
| Library | google-cloud-service-usage |
| Inputs | Project ID, target regions |
| Outputs | Quota health report |
| Exam Mapping | 1.1: Assessing quotas, confirming availability |
Features to implement:
- List all Compute Engine quotas
- Identify quotas >80% utilized
- Check service availability in target regions
Status: π² Not Started
Phase 2: Identity & Access Management
Duration: Week 2 | Exam Coverage: Section 4.1, 4.2
2.1 IAM Fundamentals
Exam Topics: Viewing/creating IAM policies, role types
Concepts to Master:
- IAM policy binding model: Member + Role + Resource
- Role types: Basic, Predefined, Custom
- Policy inheritance through resource hierarchy
- Deny policies for explicit denials
Automation Project: IAM Analyzer
| Field | Value |
|---|---|
| Purpose | Audit IAM policies and identify security issues |
| Library | google-cloud-iam, google-cloud-resource-manager |
| Inputs | Project ID |
| Outputs | Security recommendations |
| Exam Mapping | 4.1: Viewing/creating IAM policies, role types |
Features to implement:
- Retrieve IAM policy for a project
- List all members and their roles
- Flag overly permissive bindings (basic roles)
- Recommend predefined role replacements
Status: π² Not Started
2.2 Service Account Management
Exam Topics: Creating SAs, minimum permissions, impersonation, short-lived credentials
Concepts to Master:
- Service accounts as both identity and resource
- Impersonation vs. key files (prefer impersonation)
- Short-lived credentials with
generateAccessToken - Workload Identity for GKE
Setup Tasks:
- Create
automation-bot@PROJECT.iam.gserviceaccount.com - Grant
roles/compute.instanceAdmin.v1 - Grant yourself
roles/iam.serviceAccountTokenCreator
Automation Project: Secure Credential Manager
| Field | Value |
|---|---|
| Purpose | Manage service accounts without key files |
| Library | google-auth, google-cloud-iam-credentials |
| Inputs | Target SA email, required scopes |
| Outputs | Short-lived access token |
| Exam Mapping | 4.2: All service account objectives |
Key Pattern β Impersonation:
from google.auth import impersonated_credentials
target_credentials = impersonated_credentials.Credentials(
source_credentials=source_credentials,
target_principal='automation-bot@PROJECT.iam.gserviceaccount.com',
target_scopes=['https://www.googleapis.com/auth/cloud-platform'],
lifetime=3600
)Features to implement:
- Create service accounts programmatically
- Assign IAM roles with least privilege
- Generate short-lived tokens via impersonation
- Test token by making API call as SA
Status: π² Not Started
Phase 3: Compute Resources
Duration: Weeks 3-4 | Exam Coverage: Section 2.1, 3.1
3.1 Compute Engine Fundamentals
Exam Topics: Launching instances, availability policy, SSH keys, OS Login, VM Manager
Concepts to Master:
- Machine types: predefined, custom, shared-core
- Availability policies: live migration, automatic restart
- OS Login for centralized SSH access
- VM Manager for patch management
Automation Project: VM Lifecycle Manager
| Field | Value |
|---|---|
| Purpose | Manage VM lifecycle and reduce costs |
| Library | google-cloud-compute |
| Inputs | Project ID, max runtime threshold |
| Outputs | List of stopped VMs, cost savings |
| Exam Mapping | 2.1: Launching instances; 3.1: Viewing/managing instances |
Features to implement:
- List all running instances across zones
- Identify instances running > threshold
- Check OS Login enablement
- Stop/delete idle instances based on labels
Status: π² Not Started
3.2 Managed Instance Groups & Autoscaling
Exam Topics: Instance templates, autoscaled MIGs, Spot VMs, custom machine types
Concepts to Master:
- Instance templates as immutable blueprints
- MIG autoscaling policies: CPU, LB, custom metrics
- Spot VMs and preemption handling
Automation Project: Spot VM Fleet Manager
| Field | Value |
|---|---|
| Purpose | Deploy and monitor Spot VM fleets |
| Library | google-cloud-compute |
| Inputs | Template config, MIG settings |
| Outputs | Fleet status, preemption logs |
| Exam Mapping | 2.1: MIGs, Spot VMs, custom machine types |
Features to implement:
- Create instance template for Spot VMs
- Deploy MIG with autoscaling
- Monitor preemption events
- Track cost savings
Status: π² Not Started
3.3 Snapshots & Images
Exam Topics: Create/view/delete snapshots, schedule snapshots
Automation Project: Backup Automation
| Field | Value |
|---|---|
| Purpose | Automated backup with retention policies |
| Library | google-cloud-compute |
| Inputs | Disk names, retention days |
| Outputs | Backup compliance report |
| Exam Mapping | 3.1: Working with snapshots and images |
Features to implement:
- Create snapshots of specified disks
- Apply retention policies (delete old snapshots)
- Create snapshot schedules programmatically
- Generate backup compliance reports
Status: π² Not Started
3.4 Google Kubernetes Engine (GKE)
Exam Topics: kubectl, GKE Autopilot/Standard, regional/private clusters, node pools, Artifact Registry
Concepts to Master:
- GKE Autopilot vs. Standard mode
- Private clusters for security
- Node pools and autoscaling
- Workload Identity for Pod authentication
- Artifact Registry integration
Essential kubectl Commands:
kubectl get pods -A
kubectl describe pod <name>
kubectl logs <pod>
kubectl apply -f deployment.yaml
kubectl scale deployment <name> --replicas=3
kubectl rollout status deployment/<name>
kubectl get nodes
kubectl get servicesAutomation Project: GKE Cluster Manager
| Field | Value |
|---|---|
| Purpose | Programmatic GKE cluster management |
| Library | google-cloud-container |
| Inputs | Cluster config |
| Outputs | Cluster status, node pool info |
| Exam Mapping | 2.1: GKE deployment; 3.1: GKE operations |
Features to implement:
- Create GKE Autopilot cluster programmatically
- Retrieve cluster credentials
- List nodes, Pods, Services
- Manage node pools (add, resize, delete)
Status: π² Not Started
3.5 Kubernetes Workloads
Exam Topics: Pods, Services, StatefulSets, HPA, VPA, Autopilot resource requests
Concepts to Master:
- Deployment strategies: rolling update, blue-green
- Horizontal Pod Autoscaler (HPA)
- Vertical Pod Autoscaler (VPA)
- Autopilot resource requests/limits
Automation Project: Workload Optimizer
| Field | Value |
|---|---|
| Purpose | Optimize Kubernetes workload configurations |
| Library | kubernetes (Python client) |
| Inputs | Cluster context |
| Outputs | Optimization recommendations |
| Exam Mapping | 3.1: Pod autoscaling, resource requests |
Features to implement:
- List Deployments and resource configs
- Identify Pods without resource limits
- Apply HPA configurations
- Monitor scaling events
Status: π² Not Started
3.6 Cloud Run & Serverless
Exam Topics: Cloud Run deployment, traffic splitting, autoscaling, Eventarc
Concepts to Master:
- Cloud Run for stateless containers
- Cloud Run functions for event-driven code
- Eventarc for event routing
- Traffic splitting for gradual rollouts
Automation Project: Event-Driven Pipeline
| Field | Value |
|---|---|
| Purpose | Process Cloud Storage events automatically |
| Library | Cloud Functions + Firestore + Pub/Sub |
| Inputs | File upload to GCS bucket |
| Outputs | Processed data in Firestore |
| Exam Mapping | 2.1: Serverless + Eventarc |
Deployment Command:
gcloud functions deploy file-processor \
--gen2 \
--runtime=python311 \
--trigger-event-filters="type=google.cloud.storage.object.v1.finalized" \
--trigger-event-filters="bucket=YOUR_BUCKET"Features to implement:
- Cloud Function triggered on GCS upload
- Process file and write to Firestore
- Send notification via Pub/Sub
- Deploy new Cloud Run revisions
- Configure traffic splitting (90/10)
- Auto-rollback on high error rate
Status: π² Not Started
Phase 4: Storage & Data Solutions
Duration: Week 5 | Exam Coverage: Section 2.2, 3.2
4.1 Cloud Storage
Exam Topics: Storage classes, lifecycle management, data loading, multi-region
Concepts to Master:
- Storage classes: Standard, Nearline, Coldline, Archive
- Object lifecycle management rules
- Transfer Service for migrations
- Multi-region vs. dual-region buckets
Automation Project: Storage Lifecycle Manager
| Field | Value |
|---|---|
| Purpose | Optimize storage costs with lifecycle policies |
| Library | google-cloud-storage |
| Inputs | Bucket names, age thresholds |
| Outputs | Cost savings report |
| Exam Mapping | 2.2: Storage products; 3.2: Lifecycle management |
Features to implement:
- List buckets and storage classes
- Analyze object age distribution
- Apply lifecycle rules (transition to Coldline)
- Calculate cost savings
Status: π² Not Started
4.2 Database Solutions
Exam Topics: Cloud SQL, BigQuery, Firestore, Spanner, Bigtable, AlloyDB, backup/restore
Concepts to Master:
- Choosing the right database for workload type
- Cloud SQL for relational workloads
- BigQuery for analytics
- Firestore for document data
- Spanner for global consistency
Cloud SQL Connector Pattern (no SSL cert management):
from google.cloud.sql.connector import Connector
connector = Connector()
conn = connector.connect(
"project:region:instance",
"pg8000",
user="postgres",
password="secret",
db="mydb"
)Automation Project: Database Operations Suite
| Field | Value |
|---|---|
| Purpose | Unified database management across GCP services |
| Library | cloud-sql-python-connector, google-cloud-bigquery, google-cloud-firestore |
| Inputs | Connection configs |
| Outputs | Query results, backup status |
| Exam Mapping | 2.2: Data products; 3.2: Queries, backup/restore |
Features to implement:
- Connect to Cloud SQL via secure connector
- Trigger on-demand backups before migrations
- Query BigQuery and export results
- Manage Firestore documents
- (Extended) Spin up Memorystore, connect, tear down
- (Extended) Create Dataflow job from template
Status: π² Not Started
4.3 Data Loading & Transfer
Exam Topics: Command-line upload, load from GCS, Storage Transfer Service
Automation Project: Data Pipeline
| Field | Value |
|---|---|
| Purpose | Automated data ingestion to BigQuery |
| Library | google-cloud-storage, google-cloud-bigquery |
| Inputs | Local files or GCS paths |
| Outputs | Loaded tables, validation results |
| Exam Mapping | 2.2: Loading data; 3.2: Reviewing job status |
Features to implement:
- Upload local files to GCS
- Trigger BigQuery load job
- Monitor job status until completion
- Validate loaded data with query
- (Extended) Create Pub/Sub topic and publish messages
Status: π² Not Started
Phase 5: Infrastructure as Code
Duration: Week 6 | Exam Coverage: Section 2.4
5.1 Terraform Fundamentals
Exam Topics: IaC tooling, versioning, state management, updates
Concepts to Master:
- Terraform resource lifecycle
- Remote state in Cloud Storage
- Modules for reusability
- Terraform vs. Config Connector vs. Deployment Manager
State Backend Configuration:
terraform {
backend "gcs" {
bucket = "YOUR_STATE_BUCKET"
prefix = "terraform/state"
}
}Project: Complete Infrastructure Stack
Create Terraform configurations for:
- VPC with custom subnets
- Firewall rules with secure tags
- Cloud NAT for private instances
- Compute Engine instance with OS Login
- GKE Autopilot cluster
- Cloud SQL instance
- Cloud Storage bucket with lifecycle rules
Status: π² Not Started
5.2 Helm for Kubernetes
Exam Topics: Helm as IaC tooling
Tasks:
- Install Helm
- Deploy application using Helm chart
- Create custom chart for your application
Status: π² Not Started
Phase 6: Networking
Duration: Week 7 | Exam Coverage: Section 2.3, 3.3
6.1 VPC & Subnets
Exam Topics: Custom VPC, Shared VPC, adding/expanding subnets
Concepts to Master:
- Auto mode vs. custom mode VPCs
- Shared VPC for multi-project networking
- Secondary IP ranges for GKE
- Subnet expansion (can only expand, not shrink)
Automation Project: Network Inventory
| Field | Value |
|---|---|
| Purpose | Document and monitor network topology |
| Library | google-cloud-compute |
| Inputs | Project ID |
| Outputs | Network documentation |
| Exam Mapping | 2.3: VPC creation; 3.3: Subnet management |
Features to implement:
- List all VPCs and subnets
- Calculate IP address utilization
- Identify subnets needing expansion
- Document network topology
Status: π² Not Started
6.2 Firewall & Security
Exam Topics: Cloud NGFW policies, ingress/egress rules, secure tags, service accounts in rules
Concepts to Master:
- Firewall rules vs. firewall policies
- Secure tags for fine-grained control
- Service account targeting
- Hierarchical firewall policies
Automation Project: Firewall Auditor
| Field | Value |
|---|---|
| Purpose | Audit firewall rules for security issues |
| Library | google-cloud-compute |
| Inputs | Project ID |
| Outputs | Security compliance report |
| Exam Mapping | 2.3: Cloud NGFW policies |
Features to implement:
- List all firewall rules and policies
- Identify overly permissive rules (0.0.0.0/0)
- Check for deprecated network tags
- Generate compliance reports
Status: π² Not Started
6.3 Hybrid Connectivity
Exam Topics: Cloud VPN, VPC Peering, Cloud Interconnect
Concepts to Master:
- Classic VPN vs. HA VPN
- VPC Peering for GCP-to-GCP
- Cloud Interconnect for dedicated connections
- Cloud Router for dynamic routing
Automation Project: Connectivity Checker
| Field | Value |
|---|---|
| Purpose | Monitor hybrid connectivity health |
| Library | google-cloud-compute |
| Inputs | VPN/Peering configurations |
| Outputs | Connectivity status |
| Exam Mapping | 2.3: Network connectivity |
Features to implement:
- List VPC peerings and status
- Check VPN tunnel status
- Monitor connectivity health
- Alert on tunnel down events
Status: π² Not Started
6.4 Load Balancing
Exam Topics: Choosing and deploying load balancers
Concepts to Master:
- Global vs. regional load balancers
- External vs. internal load balancers
- HTTP(S), TCP/UDP, Network LB types
- Backend services and health checks
Tasks:
- Deploy HTTP(S) Load Balancer with Terraform
- Configure health checks
- Test failover behavior
Status: π² Not Started
6.5 DNS & NAT
Exam Topics: Cloud DNS, Cloud NAT
Concepts to Master:
- Public vs. private DNS zones
- Cloud NAT for outbound connectivity
- DNS peering and forwarding
Automation Project: DNS Manager
| Field | Value |
|---|---|
| Purpose | Manage DNS records programmatically |
| Library | google-cloud-dns |
| Inputs | Zone name, record configs |
| Outputs | DNS records |
| Exam Mapping | 3.3: Cloud DNS and Cloud NAT |
Features to implement:
- List all DNS zones and records
- Create/update DNS records
- Validate DNS resolution
Status: π² Not Started
6.6 Network Service Tiers
Exam Topics: Differentiating Network Service Tiers
Concepts to Master:
- Premium Tier: Googleβs global network, cold-potato routing
- Standard Tier: Public internet, hot-potato routing
- Cost vs. performance tradeoffs
Status: π² Not Started
Phase 7: Monitoring & Operations
Duration: Week 8 | Exam Coverage: Section 3.4
7.1 Cloud Monitoring
Exam Topics: Alerts, custom metrics, Ops Agent, Managed Prometheus, Active Assist
Concepts to Master:
- Metric types: built-in, custom, Prometheus
- Alert policies and notification channels
- Uptime checks
- Active Assist recommendations
Custom Metric Example:
from google.cloud import monitoring_v3
client = monitoring_v3.MetricServiceClient()
series = monitoring_v3.TimeSeries()
series.metric.type = "custom.googleapis.com/my_metric"
# ... add data points and writeAutomation Project: Custom Metrics Pipeline
| Field | Value |
|---|---|
| Purpose | Send custom metrics and manage alerts as code |
| Library | google-cloud-monitoring |
| Inputs | Metric data, alert configs |
| Outputs | Dashboards, alert policies |
| Exam Mapping | 3.4: Alerts, custom metrics, Ops Agent |
Features to implement:
- Send custom metrics to Cloud Monitoring
- Create alert policies programmatically
- Retrieve Active Assist recommendations
- Generate dashboards
- (Extended) Ingest Prometheus metrics from GKE
- (Extended) Build βRecommendation Executorβ for Active Assist
Status: π² Not Started
7.2 Cloud Logging
Exam Topics: Log buckets, log routers, filtering, audit logs, export to BigQuery
Concepts to Master:
- Log routing architecture
- Log sinks for export
- Structured logging best practices
- Audit log types: Admin Activity, Data Access, System Event
Structured Logging Pattern:
import google.cloud.logging
client = google.cloud.logging.Client()
client.setup_logging()
import logging
logging.info("Processing started", extra={
"json_fields": {
"correlation_id": "abc-123",
"operation": "file_process"
}
})Automation Project: Structured Logger
| Field | Value |
|---|---|
| Purpose | Centralized logging framework for all tools |
| Library | google-cloud-logging |
| Inputs | Log messages with metadata |
| Outputs | Structured logs in Cloud Logging |
| Exam Mapping | 3.4: Log buckets, routers, audit logs |
Features to implement:
- Use Cloud Logging client for structured logs
- Include correlation IDs for tracing
- Route specific logs to separate sinks
- Export to BigQuery for analysis
Status: π² Not Started
7.3 Cloud Diagnostics
Exam Topics: Cloud Trace, Cloud Profiler, Query Insights
Concepts to Master:
- Distributed tracing with Cloud Trace
- Performance profiling with Cloud Profiler
- SQL performance with Query Insights
Automation Project: Trace-Enabled Application
| Field | Value |
|---|---|
| Purpose | Add observability to Cloud Run application |
| Library | opentelemetry-exporter-gcp-trace |
| Inputs | HTTP requests |
| Outputs | Traces in Cloud Trace |
| Exam Mapping | 3.4: Cloud diagnostics |
Features to implement:
- Add OpenTelemetry instrumentation to Flask app
- Export traces to Cloud Trace
- Enable Query Insights on Cloud SQL
- Create trace-based alerts
Status: π² Not Started
7.4 Service Health & Gemini Cloud Assist
Exam Topics: Personalized Service Health dashboard, Gemini Cloud Assist
Tasks:
- Configure Service Health notifications
- Explore Gemini Cloud Assist in console
- (Extended) Build recommendation executor that pulls Gemini insights
Status: π² Not Started
Phase 8: Advanced Security
Duration: Week 9 | Exam Coverage: Section 4.1, 4.2 (advanced)
8.1 Custom IAM Roles
Exam Topics: Defining custom IAM roles
Concepts to Master:
- When to use custom vs. predefined roles
- Permission dependencies
- Role lifecycle and versioning
Automation Project: Role Manager
| Field | Value |
|---|---|
| Purpose | Create and manage custom IAM roles |
| Library | google-cloud-iam |
| Inputs | Permission list |
| Outputs | Custom role definition |
| Exam Mapping | 4.1: Custom IAM roles |
Features to implement:
- Create custom roles with specific permissions
- Test role permissions
- Document role configurations
Status: π² Not Started
8.2 Workload Identity
Exam Topics: Using service accounts with GKE applications
Concepts to Master:
- Workload Identity federation
- Kubernetes SA bound to GCP SA
- No key files in containers
Tasks:
- Enable Workload Identity on GKE cluster
- Configure Kubernetes service account
- Deploy application using Workload Identity
Status: π² Not Started
8.3 Cloud Asset Inventory & Gemini
Exam Topics: Configuring Cloud Asset Inventory, Gemini Cloud Assist
Automation Project: Asset Compliance Checker
| Field | Value |
|---|---|
| Purpose | Query and audit cloud assets for compliance |
| Library | google-cloud-asset |
| Inputs | Asset types, compliance rules |
| Outputs | Compliance report |
| Exam Mapping | 1.1: Cloud Asset Inventory |
Features to implement:
- Enable Cloud Asset Inventory
- Run asset queries
- Check for compliance violations
- Generate compliance reports
Status: π² Not Started
Runbook Template
Use this template for each automation tool you build:
## [Tool Name] Runbook
### Purpose
What does this tool do and why?
### Exam Mapping
- Section X.X: [Specific exam objective]
### Prerequisites
- Required IAM roles
- APIs that must be enabled
- Dependencies
### Inputs
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
### Usage
\`\`\`bash
python tool_name.py --project my-project
\`\`\`
### Outputs
What the tool produces (reports, changes, etc.)
### Interpreting Results
How to read and act on the output
### Troubleshooting
Common errors and solutions
### Related Tools
Links to related automation in this vaultQuick Reference: gcloud Commands
Project & Config
gcloud config set project PROJECT_ID
gcloud config list
gcloud projects list
gcloud services enable SERVICE_NAMEIAM
gcloud iam roles list
gcloud projects get-iam-policy PROJECT_ID
gcloud iam service-accounts create NAME
gcloud iam service-accounts keys createCompute
gcloud compute instances list
gcloud compute instances create NAME --machine-type=e2-micro
gcloud compute ssh INSTANCE_NAME
gcloud compute snapshots create NAME --source-disk=DISKGKE
gcloud container clusters create NAME --autopilot
gcloud container clusters get-credentials NAME
kubectl get pods -A
kubectl apply -f manifest.yamlCloud Run
gcloud run deploy SERVICE --image=IMAGE
gcloud run services update-traffic SERVICE --to-revisions=REV=50Storage
gsutil mb gs://BUCKET_NAME
gsutil cp FILE gs://BUCKET/
gsutil lifecycle set LIFECYCLE.json gs://BUCKETNetworking
gcloud compute networks create NAME --subnet-mode=custom
gcloud compute firewall-rules create NAME --allow=tcp:22
gcloud dns managed-zones create NAME --dns-name=DOMAINMonitoring
gcloud logging read "resource.type=gce_instance"
gcloud monitoring policies create --policy-from-file=POLICY.yamlExam Tips
Key Themes
- Least Privilege β Always choose the most restrictive option that works
- Managed Services β Prefer GCP-managed over self-managed when possible
- Automation β Console is for viewing; CLI/API for doing
- Cost Optimization β Spot VMs, committed use, lifecycle policies
- Security by Default β Private clusters, OS Login, no key files
Common Traps
- Basic roles (Owner/Editor/Viewer) are almost never the right answer
- Service account keys are rarely needed (use impersonation)
- Auto-mode VPCs have limitations vs. custom
- Cloud SQL backups are automatic but point-in-time recovery needs enabling
Time Management
- 2 hours for ~50 questions β 2.5 min per question
- Flag and move on; return to flagged questions
- Read all options before answering
Cost Optimization Checklist
- Set budget alerts at 25%, 50%, 75%, 90%
- Stop Cloud SQL when not studying
- Use GKE Autopilot (pay per Pod)
- Use Spot VMs for Compute Engine
- Delete resources after each phase
- Use
terraform destroyliberally - Leverage free tiers (Cloud Functions, Cloud Run, BigQuery)
Weekly Review Template
Week of: [DATE]
Phase Focus:
Completed:
In Progress:
Blocked:
Budget Spent This Week: $
Key Learnings: 1.
Next Week Goals: 1.
Links
Official Documentation
Practice
This Vault
- Link to your code repository
- Link to Terraform configs
- Link to Python scripts folder
Related
- gcp-overview β Why choose GCP
- gcp-learning-path β Learning roadmap
- gcp-resources β Courses and labs
- google-compute-engine β Deep dive into VMs
- GCE Mastery Roadmap β 20 hands-on projects
- GCP Hierarchy Explorer β Python project
- Python for DevOps β Python automation basics
- docker-to-cloud-run β Container deployment lab