Latest Google Certified Professional Cloud Architect

Learn to set up a Google Cloud account, log into the Google Cloud Console, and navigate regions and zones while exploring GCP services and interaction methods.

Learn how to create a Google Cloud account, choose an individual account, provide tax and payment details, and activate a $300 credit before accessing the Cloud Console.

Learn to navigate the Google Cloud console dashboard, manage projects and billing, customize widgets, and access compute, database, networking, and operations services in a demo walkthrough.

Explore Google cloud platform services—from compute engine, app engine, and cloud functions to cloud management, networking, databases, big data, identity and security, and machine learning—and compare IaaS, PaaS, SaaS tradeoffs.

Explore how to interact with Google Cloud using cloud control, mobile app, browser-based command line tools, Cloud API, and Cloud SDK to deploy and manage resources.

Install the Cloud SDK on your local machine with an installer, then initialize by logging in, selecting a default project, and using the command prompt to interact with Google Cloud.

Learn how to organize Google Cloud resources with resource management and IAM to improve cost control, data security, and access policy management, including resource hierarchy, billing accounts, identities, and permissions.

Explore what constitutes a resource in Google Cloud, from compute engines to cloud storage. Learn how resources are scoped regionally, zonally, or globally, with pricing by resource type.

Understand the Google Cloud resource hierarchy from organizations to projects and resources. See how access policies attach to each level, with trial accounts unable to create organizations or folders.

Explore how hierarchical resource organization enables policy inheritance across organization, project, and resources, with centralized management, cost roll-ups, and project-level service enabling and billing.

Projects in Google Cloud act as resource containers to manage resources and costs. The demo covers creating projects, linking to a billing account, viewing quotas, enabling APIs, and shutdown consequences.

Explore quotas in Google Cloud Platform, including global and regional limits on resources such as Compute Engine instances, networks, and API requests, and how to request quota increases from Google.

Learn how billing accounts determine who pays for Google Cloud resources, view credit balances and forecasted costs, and drill down bills by project, service, or labels.

Navigate to the billing account overview and payment overview to review current payments, manage payment methods with at least one active method, and review your payment profile and automatic payments.

Learn how projects link to a single billing account, how multiple projects share it, and how to manage roles, invoices, and changes to billing accounts.

Learn how to set up budgets and alerts to monitor actual and forecasted cloud spending, trigger notifications at threshold values, and prevent surprise bills while managing costs.

Configure billing export to automatically export billing data to a dataset in a chosen project and Asia region, enabling analysis with Excel or similar tools.

Use the DCB calculator to estimate cloud service costs. Configure compute engine settings—instances, OS, machine type and family—and save or email the estimate, with example costs.

Explore identity and access management in the cloud by defining identities, permissions, and roles, and learn how to assign roles and attach policies to resources for secure access control.

Identify who can access Google Cloud resources by understanding members, such as Google accounts, service accounts, and groups, and use groups to assign permissions at scale.

Understand how service accounts enable machine-to-machine authentication in GCP, representing a program's identity with key pairs for authentication, not user accounts.

Explore how Google Cloud permissions and roles control access to resources, from granular permissions to primitive and predefined roles, and how to assign, combine, and manage billing for project members.

Learn to create project members and assign predefined roles at the project level. Edit or remove assignments, add new members by email, and control permissions with role-based access.

Create custom roles in DCP, copy and modify permissions from existing rules, and assign these roles to IAM members to enforce least privilege.

Create and manage a GCP service account for an application, assign the cloud storage object creator role, and generate and securely save the service account key for API calls.

Attach policies at project, folder, organization, or bucket levels to bind members to rules that grant actions on resources; policies inherit down the hierarchy and determine effective permissions.

Discover how audit logs reveal who did what, where, and when in Google Cloud, with admin activity, system, and data access logs enabled by default and cannot be disabled.

Learn to view and control audit logs in cloud console, enable or disable logs for the EPA, and use stackdriver logging to filter admin activity and last six hours records.

Explore Google Compute Engine and other compute offerings to deploy apps on Google Cloud. Compare iaas, paas, and saas options like cloud functions and cloud run for scalable, managed deployment.

Explore Google Compute Engine features and use cases, including customizable virtual machines, custom images, instance templates, load balancing, auto scaling, and encrypted data, with pricing and sustained use discounts.

Learn to select Google Cloud compute engine machine types: predefined or custom, balancing CPU and memory for memory-intensive or compute-intensive workloads, with the option to add GPUs or TPUs.

Explore machine type options in Google Compute Engine, including general-purpose, memory-optimized, and GPU families. Apply labels to organize resources by environment or function and consider region and zone for performance.

Explore how graphics processing units accelerate machine learning and data processing workloads. Learn about gpu-enabled instances for graphics-intensive applications, along with zone-based cpu and memory limits and billing considerations.

Explore cloud disk types, including local disks, regional persistent disks, and SSD persistent options, and learn their durability, latency, encryption, resizing, snapshots, and cross-zone availability.

Learn to configure Google Cloud disks for Compute Engine by selecting image, operating system, and disk type (balanced, persistent, or SSD), setting size and encryption, and managing backups.

Understand what an image is in compute engine, and learn the options of using public images or custom images to create instances with bootloader, operating system, and software configurations.

Create a disk from a public image in Google Cloud Compute Engine, configuring image, location, size, type, encryption keys, labels, and snapshots.

Create a custom image from a disk by naming it, selecting the source, choosing single or multiple regions (Asia), and configuring labels and encryption keys before finalizing.

Understand snapshots as incremental backups stored in cloud storage, where the first snapshot is a full backup and later ones capture only changed data, reducing costs compared with images.

Create a manual snapshot by selecting two to three sources, naming it, and choosing a region with labels; the snapshot uses the same encryption and is stored in cloud storage.

Learn to create an automatic disk snapshot schedule, set daily backups in Asia, choose single or multi-bucket storage, define retention, and attach the schedule to a disk.

Configure networking for a virtual machine in gcp, including firewall rules to control access for web apps; attach network tags and interfaces, and assign internal or external IPs for security.

Discover startup scripts and metadata on Google Compute Engine for automated initialization from Cloud Storage. Learn about preemptible instances, on-host maintenance, and auto restart for cost-effective reliability.

Explore sole tenant nodes that provide dedicated hardware to isolate your workload from others in the cloud, suitable for gaming, finance, and healthcare workloads.

Create a compute engine vm, choose machine type and image, attach a disk, install Apache, and start a web app accessible via external ip.

Learn how to use instance templates in Google Cloud to define a VM’s machine type, memory, networking, and labels once, then create identical instances efficiently, with templates scoped to zones.

Learn to create a virtual machine using an instance template that presets image, networking, and other configurations, enabling quick, repeatable VM deployments and reuse of the template.

Follow a three-step vm creation flow with a startup script, then create a custom image of the vm to quickly deploy multiple identical web servers via an instance template.

Master managed instance groups to deploy identical vms with templates, enabling auto healing, load balancing, and regional high availability; contrast unmanaged groups that lack auto scaling and healing.

Create and manage a managed instance group by selecting a template, configuring auto scaling based on CPU utilization, setting min and max instances, and defining health checks and firewall rules.

Explore the differences between stateless and stateful managed instance groups. Compare workload handling, data persistence, scalability, and update strategies with examples like ElasticSearch and MongoDB.

Discover rolling updates in MIG that gradually apply to instances, with subset testing before deployment, and configure proactive mode, reactive mode, and opportunistic updates with maximum unavailable and minimum time.

Demonstrates a rolling update in a managed instance group, configuring minimum and maximum new instances (percent or fixed), choosing opportunistic or immediate rollout, and validating updates before full deployment.

Learn how compute engine pricing works, with per-resource charges for CPU, memory, and traffic, and maximize savings through sustained use and committed use discounts, using the console or calculator.

Explore external and internal GCP load balancers, which use a single IP to route traffic to the nearest backend, auto scale resources, and provide failover across regions.

Explore load balancer categorization by location and traffic type, including global versus regional and external versus internal deployments, with SSL termination at the edge.

Explore Google Cloud network load balancer concepts, including global external balancing, regional traffic distribution, TCP/UDP support, and the path to back end feature that preserves client IP for direct responses.

Explore how a global external load balancer uses a single IP to route traffic across regions, providing regional distribution and faster response than DNS-based solutions.

Explain how a three-tier web app uses a global external load balancer to route internet traffic across regions, then internal load balancers guide requests to middleware and data stores.

Explore the data models of a cloud load balancer, including external IP addresses, URL maps, target proxies, and backend services for routing internet traffic.

Develop and monitor health checks for external and internal load balancers to automatically replace unhealthy backend instances in Google Cloud, with configurable check intervals, and success and failure thresholds.

Configure global load balancing to direct traffic to the nearest region with capacity, terminate SSL at the load balancer, and centralize certificate management while exposing a single global IP address.

Configure load balancing to distribute traffic among multiple instances using a distribution algorithm and a maximum utilization rate; route requests to instances with available capacity.

Use a decision tree to decide which Google Cloud load balancer to use for a given use case, weighing internal vs external traffic, SSL proxy options, and IPv6 support.

Deploy a global external http load balancer in Google Cloud Platform to distribute internet traffic across two instances using a backend service, cpu-based balancing, and health checks.

App Engine offers a managed, serverless compute service for web app deployment, letting you avoid provisioning and infrastructure maintenance while handling scaling, failover, and monitoring.

Compare App Engine with Compute Engine and Cloud Functions, highlighting App Engine’s managed, scalable deployment, automatic deployment, and customization versus Compute Engine’s infrastructure control and Cloud Functions’ serverless approach.

Explore App Engine features, including the flexible environment and custom runtimes, container-based deployments, automatic scaling, and integrated monitoring, security rules, and multi-environment workflows from development to production.

Explore App Engine application components, including creating an app within a project, choosing a region, and managing one or more services with versions, traffic splitting, and auto or manual scaling.

Compare monolithic and microservice architectures, where isolated services communicate over the network and versions enable traffic splitting and A/B testing, while shared resources like memcache and Cloud Datastore support system.

Create an app engine application by selecting a region closest to customers in your project, noting location cannot be changed or deleted without removing the project, then deploy a service.

Demonstrates deploying a service inside an App Engine standard environment, including testing, deployment commands, and monitoring via logs, instances, and basic performance metrics.

Compare the standard environment and flexible environment to decide the best fit for your use case. Understand cost, auto scaling, scale-to-zero, and runtime modification limits across supported languages.

Explore the flexible environment, where application instances run in containers on Compute Engine machines, enabling automatic or manual scaling and dockerfile customization with access to same-project resources.

Learn how to deploy services in the flexible environment alongside standard environment, using Python runtimes, app.yaml configurations, and manual scaling with one always-on instance.

Explore traffic splitting to allocate a percentage of traffic by IP address, cookie, or random distribution. Use this for A/B testing to gradually expose a new model before full rollout.

Learn to split and migrate traffic between two service targets, choosing gradual warm-up or immediate migration. Assess latency impact as traffic shifts and warm-up requests prepare the new target.

Explore application scaling options by configuring automatic, basic, and manual scaling; set minimum and maximum instances, CPU utilization thresholds, and on-demand behavior for latency-sensitive workloads.

Define roles and permissions to restrict access, configure the certificate for your custom domain, apply access control, and use a security scanner to detect vulnerabilities in your cloud app.

Explore firewall configuration and security scanning for cloud apps: configure firewall rules to allow or deny traffic by IP, enable a security scanner, and review vulnerability findings.

Explore app engine pricing by environment, noting that flexible and standard options drive compute, memory, and network charges plus data storage in services like memcache.

Learn how to use the app.yaml service description file to define a service name, identifiers, and environment variables for deploying an application.

Explore Google capabilities engine, a management and orchestration system for container clusters in GCP, and learn how Dubonnet provides automatic management, monitoring, and scaling of containerized workloads.

Explore how the Kubernetes control plane in Google Kubernetes Engine orchestrates clusters, schedules workloads, upgrades itself, and manages nodes and networking via the API.

Explore Kubernetes concepts like nodes, clusters, pods, containers, and the control plane, and learn how Kubernetes automatically repairs, upgrades, and coordinates scheduling via the API server.

Create multiple node pools with dissimilar configurations inside a cluster, each using the same or different instance templates, and update or delete pools and images without impacting the whole cluster.

Demonstrates creating a Kubernetes cluster with default configurations or full customization. Choose location (single, regional, or multi-zone), configure node pools, auto scaling, and security settings.

Learn how labels function as key-value pairs attached to objects, how you can attach or modify them after creation, and how selectors use these labels to organize and select resources.

Learn how a Kubernetes service gives a stable IP to a group of pods, using labels to select front-end and back-end containers, and supports internal and external access.

Identify storage options in your cluster using volumes attached to your port, shared by all containers, including ephemeral volumes lost on restart and persistent volumes that retain data.

Configure clusters to meet availability and budget by choosing single, multi, or regional deployments. Regional clusters replicate the control plane across zones, boosting resiliency and availability at higher cost.

Describe declarative deployment using yaml to specify the desired state, compare current versus desired state, and automatically manage replicas, stateless pods, templates, and deployments through a deployment controller.

Deploy a WordPress application in a gcp cluster using the public wordpress docker image, configure deployment and replicas, and expose it with a load balancer service via an external ip.

Explore autoscaling in cloud architectures, learning how to set minimum and maximum nodes, continuously monitor demand, and automatically balance workloads by adding or removing nodes to optimize performance and cost.

Explore how traditional load balancers distribute external traffic to app ports using a service and iptables, versus container-based load balancing with network endpoint groups and ingress controllers.

Explore configuring GKE features such as local SSD support for nodes, selecting compute-optimized machines, choosing public or private clusters, enabling container load balancing, RBAC, logging, monitoring, labels, and rolling updates.

Anthos enables a single control pane to manage multi-cloud and hybrid Kubernetes clusters, ensuring consistent security policies, portability, and simplified lifecycle across Google Cloud and other environments.

Compare IaaS and PaaS to choose the right cloud service. Leverage multicloud and hybrid deployment to move across clouds and datacenters with startup or large organization flexibility.

Explore serverless cloud functions as a service, triggered by events, with pay-as-you-go execution and automatic resource provisioning, plus seamless integration with cloud logging and monitoring.

Explain how cloud functions trigger on events from cloud services like storage, execute statelessly in foreground or background, and why they’re not ideal for web apps or low latency tasks.

Explore how cloud functions enable data processing and post-processing of media in cloud storage, trigger events from third-party apps and Firebase, and support mobile backends and IoT at scale.

Learn to create a Google Cloud function with a static trigger, configure its name and region, choose a trigger type and authentication, and deploy, test, and monitor its metrics.

Discover cloud function pricing by analyzing request volumes and allocated memory, with free invocations up to millions and outbound data transfer charges set by gigabytes.

Learn how Cloud Run enables serverless, container-based workloads on Google Cloud, running stateless applications on demand and only paying for resources when in use.

Discover how to deploy a cloud run service with a public image, configure the service, enable the Cloud Run API, manage revisions, and expose the endpoint to the internet.

Explore the difference between public and private IP addresses, how local networks use private addresses, gateways and NAT to reach the internet, and basic firewall security.

Explore classless inter-domain routing (cidr) concepts by examining private IP ranges like 192.168 and 172.16, subnet masks, and network versus host parts through practical binary and routing analogies.

Explore Google Cloud VPC networking, connecting cloud resources to own resources, and compare Google Cloud's global VPC to AWS’s regional VPC across regions and subnets.

Explore Google Cloud VPC features, including subnet IP ranges, internal and external IP addressing, firewall rules for secure ingress and egress, shared and isolated networks.

Explore Google Cloud VPC subnets, their regional and zone alignment, non overlapping IP ranges, and how subnets segment development and production environments for scalable, available networking.

This lecture explains the default VPC (default BBC) in Google Cloud, its automatically created regional subnets with private IP ranges, and the default firewall rules that govern traffic.

Explore a custom VPC with auto mode on Google Cloud, configure firewall rules and subnets, and understand IP addressing and auto mode templates.

Create a custom VPC in Google Cloud, convert from auto to custom mode, configure subnets with IP and alias IPs, and manage firewall rules and load balancing.

Explore Google cloud vpc types, including default networks with auto mode and custom vpc, and how ip addressing, firewall rules, gateways, and internal communication enable or restrict internet access.

Explore how internal and external IP addresses are assigned to VM instances within a VPC, including subnet uniqueness, primary and secondary IPs, and ephemeral versus static IPs.

Firewall rules act as the first line of defense, controlling inbound and outbound traffic between VMs, networks, and services, with targets defined by tags, service accounts, or VM groups.

Define firewall rules by specifying whether to allow or deny traffic, set the target (service accounts or network tags), define source or destination, pick protocol, and assign an evaluation order.

Learn to secure a cloud virtual machine with firewall rules by creating and testing allow and deny policies that control inbound traffic to an apache web server in a VPC.

Learn to create and attach a static ip address to a cloud instance, access a web app with the new ip, and detach or delete unused ips to avoid charges.

Explore how Google Cloud VPC routes steer traffic between VMs using routing tables, destinations, and next hops, with default routes, static routes, and dynamic rules and route priorities.

Choose between premium and standard networking services to optimize data communication with Google Cloud, leveraging Google's global backbone for low latency, high reliability, and regional or global load balancing.

Learn how a shared VPC connects resources from multiple projects within the same organization, enabling cross-project communication via IP addresses and attached service projects.

VPC peering enables two networks to communicate using internal IP addresses. It requires mutual configuration and non-overlapping IP ranges, delivering private, low-latency connectivity and cost savings.

Learn to create a VPC network peering connection between two networks, set names, select networks, enable from both sides, verify active state, and delete if needed.

Configure a bastion host as an external IP entry point to securely access internal VMs via their internal IPs, protecting all VMs from public internet exposure.

Discover how internal virtual machines with no external IPs access the internet via a single public IP using Google Cloud NAT, without exposing them to the public internet.

Learn how to configure a NAT gateway in a custom vpc to let internal instances access the internet without an external ip, using automatic ip assignment.

Explore Google Cloud VPC pricing: ingress is free, egress is charged; intra-zone traffic is free, external IPs and log storage incur costs, and networking service tiers vary.

Explore hybrid networking options in Google Cloud, including Cloud Interconnect and Cloud VPN, learn how private networking connects resources across cloud and non cloud environments with secure, highly available connectivity.

Cloud interconnect delivers high speed, low latency private connections between on-premises networks and Google Cloud, via dedicated or partner interconnect, enabling internal IP communication and avoiding the public internet.

Explore direct peering with Google Cloud for on-premises connectivity, access Google Cloud services and G-suit with no upfront cost, and enjoy discounted pricing for egoless traffic and service provider options.

Compare direct peering and direct interconnect, noting that direct peering offers access to DCP products and services, while interconnect creates a high-speed physical connection to the cloud and lacks access.

Explore how Cloud VPN extends on-prem networks to Google Cloud using classic or high availability options, with encryption, dual tunnels, and dynamic routing via Cloud Router.

Enable dynamic routing between your network and Google Cloud with Cloud Router and a BGP session, replacing static routes and automatically advertising topology changes.

Compare interconnect partner, interconnect dedicated, carrier interconnect, and Cloud VPN to choose the best hybrid connection for your Google Cloud use case, guided by a simple decision framework.

Resolve domain names to IP addresses using Cloud DNS, a global, high-availability service with public and private records, authoritative name servers, and propagation monitoring.

Explore Cloud CDN to deliver fast, reliable web and video content with global distribution, edge caching, and origin fetch when cached misses, reducing latency for regional users.

Build a custom VPC with firewall rules, configure internet gateway access, and extend your data center with hybrid networking via Cloud VPN and Cloud CDN for static content.

Explore Google Cloud storage options, including persistent block storage and object storage, with data replicated across data centers via the Colossus system.

Explore cloud storage as a persistent, scalable object store for unstructured data, with automatic scaling, cross-geography replication, 99.9% durability, and limitless storage for large objects up to 5 TB.

Explore bucket and object fundamentals in cloud storage, including unique names, labels, metadata, and access control, plus lifecycle rules and object immutability up to five terabytes.

Learn to create and manage Google Cloud Storage buckets and objects, choose a globally unique bucket name and location, set storage class and access controls, and review costs.

Discover cloud storage classes, including standard, nearline, and archive, and how bucket defaults and object-level inheritance shape durability, availability, and cost.

Create bucket lifecycle rules to automatically move objects from standard to nearline after 30 days, archive after one year for seven years, and delete when retention ends.

Demonstrates copying, moving, and deleting objects between buckets, including selecting a destination, specifying an object name, and choosing permissions. Learn how to verify results and understand that deletions are permanent.

Learn how to protect data as a critical asset by using bucket-level uniform access control, contrasting with fine-grained object-level access control to secure sensitive data.

Learn how cloud storage objects are private by default, grant public access with object and bucket permissions, and host a static website using DNS and a load balancer.

Learn how signed URLs grant time-limited, permissioned access to cloud storage objects for users, apps, or third parties without exposing credentials.

Enable object versioning to protect cloud storage data from overwrites, manage object generations and metadata updates, and view or copy latest or all versions across buckets.

Object change notification lets applications watch bucket object updates and deletions, receiving event details; use Cloud Functions to process events and review audit logs.

Discover how cloud storage pools provide a filesystem-like interface to Google cloud storage, mapping object names to files and directories on Linux and macOS, enabling seamless application access.

Explore Google Cloud data transfer options—online and offline transfers, transfer appliances, and storage transfer services—focusing on cost, time, security, integrity, pre/post validation, and backups.

Google cloud storage provides strong consistency for uploads, downloads, metadata changes, deletes, and bucket listings, while access control updates follow eventual consistency with propagation delays.