1. Resources - VMs - Storage buckets - anything in Google Cloud 1. Projects - collection of resources 2. Folders - collection of projeects 1. Organization node Projects - managing APIs - enabling billing - adding removing collaborators ## Identity and Access Management (IAM) - admins apply policies who can do what on which resources - “who” = principal - “can do what” = role - collection of permissions Three kinds of roles in IAM 1. basic - owner - editor - viewer - billing admin 1. predefined 2. custom ## Service Accounts Give permissions to a virtual machine rather than a person? Service accounts do need to be managed ## Cloud Identity Hook into AD, LDAP systems to remove users from Google Cloud organizations ## Interacting with Google Cloud Four ways to interact: 1. Google Cloud console - GUI to help deploy, scale, diagnose production issues on the web 2. Cloud SDK and Cloud Shell - SDK: set of tools including Google CLi to manage apps - Cloud Shell: Debian-based VM with 5 GB of home storage 1. APIs - services offer APIs so code can control them 2. Google Cloud app