Overview
An Associate Cloud Engineer deploys and secures applications, services, and
infrastructure, monitors operations of multiple projects, and maintains enterprise
solutions to ensure that they meet target performance metrics. This individual has
experience working with public clouds and on-premises solutions. They are able to perform
common platform-based tasks to maintain and scale one or more deployed solutions that
leverage Google-managed or self-managed services on Google Cloud.
Syllabus Includes:
Setting up a cloud solution environment
Module 1: Setting up cloud projects and accounts.
Creating a resource hierarchy
Applying organizational policies to the resource hierarchy
Granting members IAM roles within a project
Managing users and groups in Cloud Identity (manually and automated)
Enabling APIs within projects
Provisioning and setting up products in Google Cloud’s operations suite
Assessing quotas and requesting increases
Module 2: Managing billing configuration.
Creating one or more billing accounts
Linking projects to a billing account
Establishing billing budgets and alerts
Setting up billing exports
Planning and configuring a cloud solution
Module 1: Planning and configuring compute resources.
Selecting appropriate compute choices for a given workload (e.g., Compute Engine,
Google Kubernetes Engine, Cloud Run, Cloud Functions)
Using Spot VM instances and custom machine types as appropriate
Module 2: Planning and configuring data storage options.
Product choice (e.g., Cloud SQL, BigQuery, Firestore, Spanner, Bigtable)
Choosing storage options (e.g., zonal Persistent Disk, regional Persistent Disk,
Standard, Nearline, Coldline, Archive)
Module 3: Planning and configuring network resources.
Load balancing
Availability of resource locations in a network
Network Service Tiers
Deploying and implementing a cloud solution
Module 1: Deploying and implementing Compute Engine resources.
Launching a compute instance (e.g., assign disks, availability policy, SSH keys)
Creating an autoscaled managed instance group by using an instance template
Configuring OS Login
Configuring VM Manager
Module 2: Deploying and implementing Google Kubernetes Engine resources.
Installing and configuring the command line interface (CLI) for Kubernetes (kubectl)
Deploying a Google Kubernetes Engine cluster with different configurations (e.g.,
Autopilot, regional clusters, private clusters, GKE Enterprise)
Deploying a containerized application to Google Kubernetes Engine
Module 3: Deploying and implementing Cloud Run and Cloud Functions resources.
Deploying an application
Deploying an application for receiving Google Cloud events (e.g., Pub/Sub events,
Cloud Storage object change notification events, Eventarc)
Determining where to deploy an application by using Cloud Run (fully managed), Cloud
Run for Anthos, or Cloud Functions
Module 4: Deploying and implementing data solutions..
Deploying data products (e.g., Cloud SQL, Firestore, BigQuery, Spanner, Pub/Sub,
Dataflow, Cloud Storage, AlloyDB)
Loading data (e.g., command line upload, load data from Cloud Storage, StorageTransfer Service)
Module 5: Deploying and implementing networking resources.
Creating a VPC with subnets (e.g., custom mode VPC, Shared VPC)
Creating ingress and egress firewall rules and policies (e.g., IP subnets, network tags,
service accounts)
Peering external networks (e.g., Cloud VPN, VPC Network Peering)
Module 6: Implementing resources through infrastructure as code.
Infrastructure as code tooling (e.g., Cloud Foundation Toolkit, Config Connector,
Terraform, Helm)
Ensuring successful operation of a cloud solution
Module 1: Managing Compute Engine resources.
Remotely connecting to the instance
Viewing current running VM inventory (e.g., instance IDs, details)
Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a
snapshot, schedule a snapshot)
Working with images (e.g., create an image from a VM or a snapshot, view images,
delete an image)
Module 2: Managing Google Kubernetes Engine resources.
Viewing current running cluster inventory (e.g., nodes, Pods, Services)
Configuring Google Kubernetes Engine to access Artifact Registry
Working with node pools (e.g., add, edit, or remove a node pool)
Working with Kubernetes resources (e.g., Pods, Services, Statefulsets)
Managing Horizontal and Vertical autoscaling configurations
Module 3: Managing Cloud Run resources.
Deploying new versions of an application
Adjusting application traffic splitting parameters
Setting scaling parameters for autoscaling instances
Module 4: Managing storage and database solutions.
Managing and securing objects in Cloud Storage buckets
Setting object lifecycle management policies for Cloud Storage bucket
Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery,
Spanner, Firestore, AlloyDB)
Estimating costs of data storage resources
Backing up and restoring database instances (e.g., Cloud SQL, Firestore)
Reviewing job status (e.g., Dataflow, BigQuery)
Module 5: Managing networking resources.
Adding a subnet to an existing VPC
Expanding a subnet to have more IP addresses
Reserving static external or internal IP addresses
Working with Cloud DNS and Cloud NAT
Module 6: Monitoring and logging.
Creating Cloud Monitoring alerts based on resource metrics
Creating and ingesting Cloud Monitoring custom metrics (e.g., from applications orlogs)
Exporting logs to external systems (e.g., on-premises, BigQuery)
Configuring log buckets, log analytics, and log routers
Viewing and filtering logs in Cloud Logging
Viewing specific log message details in Cloud Logging
Using cloud diagnostics to research an application issue
Viewing Google Cloud status
Configuring and deploying Ops Agent
Deploying Managed Service for Prometheus
Configuring audit logs
Configuring access and security
Module 1: Managing Identity and Access Management (IAM).
Viewing and creating IAM policies
Managing the various role types and defining custom IAM roles (e.g., basic, predefined, custom)
Module 2: Managing service accounts.
Creating service accounts
Using service accounts in IAM policies with minimum permissions
Assigning service accounts to resources
Managing IAM of a service account
Managing service account impersonation
Creating and managing short-lived service account credentials