Business use cases and product strategy
In this tutorial, we will learn about the Business use cases and product strategy. Moreover, we will learn how to implement many of the concepts that are discussed in Policy design for customers. It is based on the startup example in Policy design for startup customers.
Before you begin
- Firstly, ensure that you have an email address that you can use to provision Cloud Identity.
- Secondly, make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
Creating a domain
Firstly, before starting the tutorial, you must set up a domain that you will use to create your Cloud Identity. You will need to add a TXT verification record to your domain’s DNS records as part of the Cloud Identity onboarding flow.
Verifying the domain
- Firstly, verify that you own the domain by using the Search Console verification process.
- Secondly, in the Cloud Console, go to the Domain verification page.
- Thirdly, click Add domain.
- Then, in the Configure webhook notifications dialog, enter the domain to verify.
- Lastly, click Add domain.
Planning
During the planning stage, you need to map your organization to Google Cloud. A planning checklist can help you track what you need to do. However, for naming your projects and buckets, you can follow the provided naming convention or substitute your own.
Map your organization to Google Cloud
This tutorial addresses the following requirements, which are outlined in Policy Design for Startup Customers:
- Firstly, use Google Workspace to manage identities and provide office productivity tools. (Note: For the purposes of this tutorial, reference Cloud Identity.)
- Secondly, optimize for team autonomy and velocity. And, permit developers to choose their own tools, create their own resources and environments, experiment, and so on.
- Thirdly, use private repositories and registries.
- Then, implement guardrails to help protect security compliance, and so on.
- Next, alert for expenditures above a soft limit.
- After that, assume good intention, but have some high-level controls and be sure to issue an alert for any violation of newly added security controls.
- Lastly, give developers access to a shared set of resources. And, design the Google Cloud environment to grow smoothly.
Define a naming convention
Before you create the organizational structure and give permissions to your developers. Firstly, settle on a naming standard for folders, projects, labels, and service accounts. However, naming projects and Cloud Storage buckets in particular requires careful thought.
Projects
A project has a project number and a universally unique project ID, which is a short string of lowercase letters, digits, and dashes. When creating a project, you can specify the project ID. However, Google assigns the project number automatically.
Buckets
Each Cloud Storage bucket is unique across the platform and must follow the naming guidelines detailed in Bucket name requirements. However, don’t include your organization’s name as part of any bucket name. Buckets can inadvertently be made publicly accessible, so giving one an easily identifiable name might reveal more about your organization than you intended.
Configure Cloud Identity
This tutorial uses Cloud Identity to manage users.
- Firstly, complete the steps in the sign-up wizard. The first user that you need to create is one of the Google Cloud organization administrators.
- Secondly, when prompted for your organization administrator, enter Alice as the username and choose an appropriate password. However, the sign-up process takes you to the Create users and groups page, but you cannot create any users or groups until you accept the terms and conditions.
- Lastly, return to your email account and accept the terms and conditions.
Create your folders and assign IAM roles
- Firstly, to create an initial folder, in the Cloud Console, open the Manage Resources page.
- Secondly, click the Create Folder icon, and verify that your organization is in the destination box.
- Thirdly, using the Naming convention table that you created earlier, in the Folder Name box, type Development, and then click Create. However, the folder you create contains each development team’s folder along with the project that will hold resources that are shared across teams.
- Next, on the Create Folder page, in the Destination text box, verify that the Development folder is listed.
- Then, to create Dev team 1’s initial team folder under the Development folder, in the Folder Name text box, enter team-01-01, and then click Create.
- Now, to create Dev team 2’s initial team folder under the Development folder, in the Folder Name text box, enter team-02-01, and then click Create.
- Then, at the folder level, assign the Project Creator role to each Development team group for their allotted folder.
Open the IAM console page.
- After that, from the drop-down list, select the folder team-01-01, and then click Add.
- Now, in the Add member dialog, in the Members field, add the group Devteam1@[YOUR_DOMAIN], replacing [YOUR_DOMAIN] with your domain name.
- Then, in the Roles drop-down list, select the Resource Manager and Project Creator roles, and then click Add.
- After that, from the drop-down list, select the folder team-02-01, and then click Add.
- In the Add member dialog, in the Members field, add the group Devteam2@[YOUR_DOMAIN], replacing [YOUR_DOMAIN] with your domain name.
- Lastly, in the Roles drop-down list, select the Resource Manager and Project Creator roles, and then click Add.
Creating centralized projects
Create a project called ProjectCreation at the organization level.
- Firstly, in the Cloud Console, open the Manage Resources page.
- Secondly, from the Organization drop-down list, select your organization.
- Thirdly, click Create Project, and type ProjectCreation as the project name.
- Next, in the Location box, confirm that the organization is selected.
- Lastly, click Create.
However, you can use this project to create other projects in an automated, repeatable manner by using Deployment Manager templates.
Create a shared resources project named SharedResources under the top-level Development folder.
- Firstly, in the Cloud Console, open the Manage Resources page.
- Secondly, from the Organization drop-down list, select your organization.
- Thirdly, click Create Project, and type SharedResources as the project name.
- After that, to select the Development folder under which you want to create the project, in the Location box, click Browse .
- Lastly, click Create.
Reference: Google Documentation