Overview

An Associate Cloud Engineer deploys and secures applications, services, and infrastructure, monitors operations of multiple projects, and maintains enterprise solutions to ensure that they meet target performance metrics. This individual has experience working with public clouds and on-premises solutions. They are able to perform common platform-based tasks to maintain and scale one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.

  • The Associate Cloud Engineer exam assesses your ability to:

  • Set up a cloud solution environment
  • Plan and configure a cloud solution
  • Deploy and implement a cloud solution
  • Ensure successful operation of a cloud solution
  • Configure access and security.
Syllabus Includes:
Setting up a cloud solution environment

Module 1: Setting up cloud projects and accounts.

  • Creating a resource hierarchy
  • Applying organizational policies to the resource hierarchy
  • Granting members IAM roles within a project
  • Managing users and groups in Cloud Identity (manually and automated)
  • Enabling APIs within projects
  • Provisioning and setting up products in Google Cloud’s operations suite
  • Assessing quotas and requesting increases

Module 2: Managing billing configuration.

  • Creating one or more billing accounts
  • Linking projects to a billing account
  • Establishing billing budgets and alerts
  • Setting up billing exports
Planning and configuring a cloud solution

Module 1: Planning and configuring compute resources.

  • Selecting appropriate compute choices for a given workload (e.g., Compute Engine, Google Kubernetes Engine, Cloud Run, Cloud Functions)
  • Using Spot VM instances and custom machine types as appropriate

Module 2: Planning and configuring data storage options.

  • Product choice (e.g., Cloud SQL, BigQuery, Firestore, Spanner, Bigtable)
  • Choosing storage options (e.g., zonal Persistent Disk, regional Persistent Disk, Standard, Nearline, Coldline, Archive)

Module 3: Planning and configuring network resources.

  • Load balancing
  • Availability of resource locations in a network
  • Network Service Tiers
Deploying and implementing a cloud solution

Module 1: Deploying and implementing Compute Engine resources.

  • Launching a compute instance (e.g., assign disks, availability policy, SSH keys)
  • Creating an autoscaled managed instance group by using an instance template
  • Configuring OS Login
  • Configuring VM Manager

Module 2: Deploying and implementing Google Kubernetes Engine resources.

  • Installing and configuring the command line interface (CLI) for Kubernetes (kubectl)
  • Deploying a Google Kubernetes Engine cluster with different configurations (e.g., Autopilot, regional clusters, private clusters, GKE Enterprise)
  • Deploying a containerized application to Google Kubernetes Engine

Module 3: Deploying and implementing Cloud Run and Cloud Functions resources.

  • Deploying an application
  • Deploying an application for receiving Google Cloud events (e.g., Pub/Sub events, Cloud Storage object change notification events, Eventarc)
  • Determining where to deploy an application by using Cloud Run (fully managed), Cloud Run for Anthos, or Cloud Functions

Module 4: Deploying and implementing data solutions..

  • Deploying data products (e.g., Cloud SQL, Firestore, BigQuery, Spanner, Pub/Sub, Dataflow, Cloud Storage, AlloyDB)
  • Loading data (e.g., command line upload, load data from Cloud Storage, StorageTransfer Service)

Module 5: Deploying and implementing networking resources.

  • Creating a VPC with subnets (e.g., custom mode VPC, Shared VPC)
  • Creating ingress and egress firewall rules and policies (e.g., IP subnets, network tags, service accounts)
  • Peering external networks (e.g., Cloud VPN, VPC Network Peering)

Module 6: Implementing resources through infrastructure as code.

  • Infrastructure as code tooling (e.g., Cloud Foundation Toolkit, Config Connector, Terraform, Helm)
Ensuring successful operation of a cloud solution

Module 1: Managing Compute Engine resources.

  • Remotely connecting to the instance
  • Viewing current running VM inventory (e.g., instance IDs, details)
  • Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a snapshot, schedule a snapshot)
  • Working with images (e.g., create an image from a VM or a snapshot, view images, delete an image)

Module 2: Managing Google Kubernetes Engine resources.

  • Viewing current running cluster inventory (e.g., nodes, Pods, Services)
  • Configuring Google Kubernetes Engine to access Artifact Registry
  • Working with node pools (e.g., add, edit, or remove a node pool)
  • Working with Kubernetes resources (e.g., Pods, Services, Statefulsets)
  • Managing Horizontal and Vertical autoscaling configurations

Module 3: Managing Cloud Run resources.

  • Deploying new versions of an application
  • Adjusting application traffic splitting parameters
  • Setting scaling parameters for autoscaling instances

Module 4: Managing storage and database solutions.

  • Managing and securing objects in Cloud Storage buckets
  • Setting object lifecycle management policies for Cloud Storage bucket
  • Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery, Spanner, Firestore, AlloyDB)
  • Estimating costs of data storage resources
  • Backing up and restoring database instances (e.g., Cloud SQL, Firestore)
  • Reviewing job status (e.g., Dataflow, BigQuery)

Module 5: Managing networking resources.

  • Adding a subnet to an existing VPC
  • Expanding a subnet to have more IP addresses
  • Reserving static external or internal IP addresses
  • Working with Cloud DNS and Cloud NAT

Module 6: Monitoring and logging.

  • Creating Cloud Monitoring alerts based on resource metrics
  • Creating and ingesting Cloud Monitoring custom metrics (e.g., from applications orlogs)
  • Exporting logs to external systems (e.g., on-premises, BigQuery)
  • Configuring log buckets, log analytics, and log routers
  • Viewing and filtering logs in Cloud Logging
  • Viewing specific log message details in Cloud Logging
  • Using cloud diagnostics to research an application issue
  • Viewing Google Cloud status
  • Configuring and deploying Ops Agent
  • Deploying Managed Service for Prometheus
  • Configuring audit logs
Configuring access and security

Module 1: Managing Identity and Access Management (IAM).

  • Viewing and creating IAM policies
  • Managing the various role types and defining custom IAM roles (e.g., basic, predefined, custom)

Module 2: Managing service accounts.

  • Creating service accounts
  • Using service accounts in IAM policies with minimum permissions
  • Assigning service accounts to resources
  • Managing IAM of a service account
  • Managing service account impersonation
  • Creating and managing short-lived service account credentials