Overview
An Associate Cloud Engineer deploys and secures applications, services, and
infrastructure, monitors operations of multiple projects, and maintains enterprise
solutions to ensure that they meet target performance metrics. This individual has
experience working with public clouds and on-premises solutions. They are able to perform
common platform-based tasks to maintain and scale one or more deployed solutions that
leverage Google-managed or self-managed services on Google Cloud.
Syllabus Includes:
Setting up a cloud solution environment
Module 1: Setting up cloud projects and accounts.
- Creating a resource hierarchy
- Applying organizational policies to the resource hierarchy
- Granting members IAM roles within a project
- Managing users and groups in Cloud Identity (manually and automated)
- Enabling APIs within projects
- Provisioning and setting up products in Google Cloud’s operations suite
- Assessing quotas and requesting increases
Module 2: Managing billing configuration.
- Creating one or more billing accounts
- Linking projects to a billing account
- Establishing billing budgets and alerts
- Setting up billing exports
Planning and configuring a cloud solution
Module 1: Planning and configuring compute resources.
- Selecting appropriate compute choices for a given workload (e.g., Compute Engine,
Google Kubernetes Engine, Cloud Run, Cloud Functions)
- Using Spot VM instances and custom machine types as appropriate
Module 2: Planning and configuring data storage options.
- Product choice (e.g., Cloud SQL, BigQuery, Firestore, Spanner, Bigtable)
- Choosing storage options (e.g., zonal Persistent Disk, regional Persistent Disk,
Standard, Nearline, Coldline, Archive)
Module 3: Planning and configuring network resources.
- Load balancing
- Availability of resource locations in a network
- Network Service Tiers
Deploying and implementing a cloud solution
Module 1: Deploying and implementing Compute Engine resources.
- Launching a compute instance (e.g., assign disks, availability policy, SSH keys)
- Creating an autoscaled managed instance group by using an instance template
- Configuring OS Login
- Configuring VM Manager
Module 2: Deploying and implementing Google Kubernetes Engine resources.
- Installing and configuring the command line interface (CLI) for Kubernetes (kubectl)
- Deploying a Google Kubernetes Engine cluster with different configurations (e.g.,
Autopilot, regional clusters, private clusters, GKE Enterprise)
- Deploying a containerized application to Google Kubernetes Engine
Module 3: Deploying and implementing Cloud Run and Cloud Functions resources.
- Deploying an application
- Deploying an application for receiving Google Cloud events (e.g., Pub/Sub events,
Cloud Storage object change notification events, Eventarc)
- Determining where to deploy an application by using Cloud Run (fully managed), Cloud
Run for Anthos, or Cloud Functions
Module 4: Deploying and implementing data solutions..
- Deploying data products (e.g., Cloud SQL, Firestore, BigQuery, Spanner, Pub/Sub,
Dataflow, Cloud Storage, AlloyDB)
- Loading data (e.g., command line upload, load data from Cloud Storage, StorageTransfer Service)
Module 5: Deploying and implementing networking resources.
- Creating a VPC with subnets (e.g., custom mode VPC, Shared VPC)
- Creating ingress and egress firewall rules and policies (e.g., IP subnets, network tags,
service accounts)
- Peering external networks (e.g., Cloud VPN, VPC Network Peering)
Module 6: Implementing resources through infrastructure as code.
- Infrastructure as code tooling (e.g., Cloud Foundation Toolkit, Config Connector,
Terraform, Helm)
Ensuring successful operation of a cloud solution
Module 1: Managing Compute Engine resources.
- Remotely connecting to the instance
- Viewing current running VM inventory (e.g., instance IDs, details)
- Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a
snapshot, schedule a snapshot)
- Working with images (e.g., create an image from a VM or a snapshot, view images,
delete an image)
Module 2: Managing Google Kubernetes Engine resources.
- Viewing current running cluster inventory (e.g., nodes, Pods, Services)
- Configuring Google Kubernetes Engine to access Artifact Registry
- Working with node pools (e.g., add, edit, or remove a node pool)
- Working with Kubernetes resources (e.g., Pods, Services, Statefulsets)
- Managing Horizontal and Vertical autoscaling configurations
Module 3: Managing Cloud Run resources.
- Deploying new versions of an application
- Adjusting application traffic splitting parameters
- Setting scaling parameters for autoscaling instances
Module 4: Managing storage and database solutions.
- Managing and securing objects in Cloud Storage buckets
- Setting object lifecycle management policies for Cloud Storage bucket
- Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery,
Spanner, Firestore, AlloyDB)
- Estimating costs of data storage resources
- Backing up and restoring database instances (e.g., Cloud SQL, Firestore)
- Reviewing job status (e.g., Dataflow, BigQuery)
Module 5: Managing networking resources.
- Adding a subnet to an existing VPC
- Expanding a subnet to have more IP addresses
- Reserving static external or internal IP addresses
- Working with Cloud DNS and Cloud NAT
Module 6: Monitoring and logging.
- Creating Cloud Monitoring alerts based on resource metrics
- Creating and ingesting Cloud Monitoring custom metrics (e.g., from applications orlogs)
- Exporting logs to external systems (e.g., on-premises, BigQuery)
- Configuring log buckets, log analytics, and log routers
- Viewing and filtering logs in Cloud Logging
- Viewing specific log message details in Cloud Logging
- Using cloud diagnostics to research an application issue
- Viewing Google Cloud status
- Configuring and deploying Ops Agent
- Deploying Managed Service for Prometheus
- Configuring audit logs
Configuring access and security
Module 1: Managing Identity and Access Management (IAM).
- Viewing and creating IAM policies
- Managing the various role types and defining custom IAM roles (e.g., basic, predefined, custom)
Module 2: Managing service accounts.
- Creating service accounts
- Using service accounts in IAM policies with minimum permissions
- Assigning service accounts to resources
- Managing IAM of a service account
- Managing service account impersonation
- Creating and managing short-lived service account credentials