This content guides users through setting up a Google Cloud Platform (GCP) organization, including configuring Cloud Identity, verifying a custom domain, creating a hierarchical folder structure, and establishing projects for logical resource separation and access control.
Mind Map
Cliquer pour agrandir
Cliquez pour explorer la carte mentale interactive complète
foreign [Music]
in last two videos we have covered how
to create a gcp free to your account and
configure building
second video was a console walkthrough
where we learned that how to use various
DCP services
today we are going to cover how to
configure gcp organization create folder
structure and projects as per our needs
hit here
wherever you go to a company or when you
start a cloud migration every company
has their own domain for this example we
have a domain booked with godaddy.com
which is cloud Sprint dotted we will be
working with this domain for all our labs
labs
the second thing which we're going to
talk about is Google workspace admin
Google workspace admin helps us to
configure Cloud identity
create our users create our groups for
our corporate
for our Enterprise users we can provide
permissions to you gcp you can attach
Cloud ID to org and gcp
the third thing will the second part of
the lab is all about setting up folders
and projects
well then we will learn that how to set
up an organization how to create folders
how to divide that in environments and
how are we going to create projects that
the last layer which is resources
so we'll be discussing this in detail on
doing the lab as well
before we move to the
next segment let's understand how gcp
work looks like
so organization is the First Resource
which represents your company
any I am row granted at this level are
inherited by all resources under the organization
organization
second is the folder limit
folders can contain projects other
folders or a combination of both roles
granted at the highest folder level will
be inherited by projects and other
folders that are contained in the parent
folder for example if you apply any
permission on devops folder it will be
applied to both the folders Tab and
production and all the projects Within
These two folders because
policies are inherited from top to
bottom so the third layer is the project
label project represents a trust
boundary within your company and it is
logical separation of resources
the fourth is resource layer which is
the minimum level of the permissions
that's the so far uh decent enough
Enterprise level start which we're gonna
do in our Labs now without any further
delay let's try to create our
organization setup users
folders structure project label and
for this you need to click on IM
identity and organization here you can
clearly see that you can manage your
user accounts groups for employees you
can create organizational structure
which is centrally controlled you can
create projects resources you can
configure security guidelines
we'll click on go to the checklist when
you come here the checklist you'll see
that your current account Cloud Sprint
31 gmail.com is not associated with any
organization now if you want to have
your own domain and attach this Google Cloud
Cloud
projects with your your organization you
need to enable Cloud identity and create
the organization so without any further
delays we'll begin the setup once you
click on begin the setup you'll be
redirected to this page where you'll be
asked that what kind of workspace user
are you
the first step is are you a new customer
are you a workspace customer or you
already have a cloud identity since we
don't have anything we will say I am a
new customer
after that I'll click on the sign up for
cloud identity because DBS we are
suggesting for the first time in this
window it will just ask you some basic
details like your business name your
country your email address
and your domain as we have already book
domain with
GoDaddy will copy and paste it there
yeah we'll use the domain
will put out the username which we want
to show in the admin so here we are
creating the admin user push current cloudspin.in
cloudspin.in
educating the user is fine will submit
the capture after submitting a captcha
our Cloud entity
account has been created
once you log in from this account
you will be asked to accept the terms
and conditions once you accept the terms
and conditions
you'll be thrown to the admin console
which is
a place where you control all users
groups identity domain ownership everything
everything
now the second step is to verify your
Cloud Sprint dot in we have created the
Cloud identity now we are going to
verify the domain you have to ask you
have to sign in into godaddy.com but
since I have already signed in another
window it will not ask me so I'm just
gonna click on connect
and that will verify my ownership that
yes I am the owner of this domain that
that basically takes four to five
minutes to verify yeah after five
minutes it got verified
now my domain is verified
now on the screen you can see
it is verified by Cloud identity it is
satisfied that I am the owner of this
domain the second step is to create new users
users
this admin panel helps you to create
users in bulk you can make any kind of
changes you can create groups for now
let's create a test user test dot user
at the cloudspring.in
we have added that user you will be
getting the username password
or add an email address of that
particular user if you want to see you
go to directory users and you can see
you have the
user created we can also create group
because while working on gcp we will be
only working with groups it's not a best
practice to give you know the rights to
an individual this is how
we can create groups we can also assign
owners like we it for now in our
operation we have to use as pusher and
another one is test users so both of
them either of them can be owner of it
all all of them maybe
that's how you create groups in here
right so
as now we have created a cloud identity
so for now we have created Cloud
identity our admin account and a test user
user
now we have to login from that
particular account which is our
organization admin to move further
because that's that's that was the point
of creating that identity now I'll click
on continue and I'll switch account so
far we were logging in through our Gmail
ID but now we will change it to pushkar
additive Cloud Sprint dot in that is our
Cloud identity which we have created
I'll click on select
it will redirect ask me to enter my
password once I enter my password I
delete it should take me to consolid.cloud.google.com
consolid.cloud.google.com
but you see it is throwing me an error
that I do not have access to Google
Cloud to resolve this problem you have
to go to your admin panel
go to apps additional Google services
and you need to check that your Google
Cloud platform is on or off in my case
it was off I turned it on
again I'm going back after turning this on
on
I'm going to switch my account and
select Pushkin at the red cloudspin.in
and he didn't see that I am again foreign
yeah here you can see that alternation
is created and I'm granted the
organization admin role
that's the first part of the lab which
is created and completed
now we are no more part of a nor
organization place we are part of cloud Sprint
organization yeah no organization we'll
just refresh it and see if our
organization setup is completed or not
and you can go back to home page yes as
you can see our cloud
spring dot in organization is set up
completely fine
that's that's how you set up
the organization in these three to four
steps which we just followed you can
follow in your project and do it now the
second part we will go ahead is of
creating folders and creating projects
projects
for that I need to add more permissions
because you need to be
a folder admin to create folders for at
the organization level and you need to
be owner of the
organization to make any changes in the
projects so quickly I'm gonna give those
two permissions I get folder admin I am
giving owner
note one thing I'm giving it on the
cloud Sprint audience that is at the org level
level
so all
new projects will by default have these
permissions for this user which is
pushkar at the Red Cloud Sprint Dot foreign
the structure which we discussed I'm
gonna create some folders
so the idea is to create data science folder
folder
devops folder and within that we'll have Dev
Dev
and production folders within Dev we'll
have Dev project within production will
have production projects
so that's how quickly you can create the
folders so I'm creating Dev data science
if it is created the wrong place you can
select and move it to the right folder
as well that is also possible
so uh in here I created data science Dev
I'm going to create one more
you can also select play with the location
location
for now let's select here and create a
data science folder
which is data science Dev
we are creating project now created a project
project
this project is being created
this project is created in its
refreshing check if it is created
successfully yes the project is created
but at the wrong location so what we'll
do we'll select the project and move it
now dev has the data science dot dash def
project and we're going to click click
again when I create a folder of production
production
now follow the location you can also
select the folder like like now we want
to create it under data science field
select location as data science
you created this production folder
automatically is created under data sets
so you don't have to move anything will
create another project
project
the location will be production
we'll say the project name is data science
science
dash production
this project ID is very important
because while working with terraform
you'll be needing it so and if you want
to change it this is the time to change
it because this cannot be changed later
on once it is created
so far we have created data science
folder two folders within that and two
projects within that there's suppose
another team which is devops team and
they also want to have the same structure
structure
and why do we segregate these folders
these folders are segregated for operator
operator
I am permissions you want to give more
privilege on development environment
Less on production if you do it like
this through terraform it's very very
easy to manage those permissions and you
can follow terraform
completely infrastructure as cold life
cycle which we will cover a later part
of this course
yeah so again we have created Devon
production folders for devops team as
well let's quickly create two projects
for them and move it to the right
buckets so in here again I'm selecting
devops location without moving I don't
have to move it I'll say devops Dev
create it
create project
devops prod create it in the devops and
yeah project creation takes some time a
minute maybe
yeah let's see load the page and find
out if the structure which we wanted is
done or not our devops projects were not
at the right location so we're just
moving it to the right buckets
yes so that is our complete
desired situation where we want it to be
and we just wanted to create our organic
organization we created it we created
data science in devops folders we
created environments as Dev production
for both the teams we created projects
within them resources which we will be
creating in the later part of the section
section
when when we cover all other services
we'll be creating resources during those labs
labs
yep that's that's how you create your
resources you create your projects you
create your folders and you manage your
iron roles and permissions
one thing I want to highlight is that we
have created this test user but you did
see that in the
organization I am why because we didn't
give that permission specifically
we can say okay let's test it yeah you
can see it is detected itself
which means the sync is working
perfectly fine you can give a viewer
role the test user can come and view
your resources whatever you have created
in Google Cloud
that's pretty fine and you have a viewer
user and you have pushka.cloudsprint as
all administrator accounts you can
change projects by clicking on the
projects you cannot have access on all
the projects depending on which team he
belongs to you will have that kind of
group and you'll have that kind of
permissions that that will cover in the
IM section in the next video most probably
probably
you cannot edit the role because it is
coming from the
ordination level that's what we
discussed in the earlier part of this
video that policies follow top to bottom
if something is added on the
org level it will be inherited in all
when you select the project this so you
need to create a shortcut because every
time it's it's difficult to you know
browse through your project for that gcp
gives you a feature called start you can
start your projects which marks as star
Azure projects whichever you want to
work on daily basis so that's how it
will come under start that will help you
to reduce your time and you can quickly
go to your projects that's how you
change your projects again coming back
to the identity and organization so we
have completed our two steps which first
was mandatory we we set up our identity
verified domain and created the
organization we mapped our colleagues
test user pushkaris at cloudsprint dot
in to Google Cloud now these things will
be doing one by one in the next videos subscribe
subscribe
hope you liked the video
Cliquez sur n'importe quel texte ou horodatage pour accéder directement à ce moment de la vidéo
Partager :
La plupart des transcriptions sont prêtes en moins de 5 secondes
Copie en un clicPlus de 125 languesRechercher dans le contenuAller aux horodatages
Collez une URL YouTube
Entrez le lien de n'importe quelle vidéo YouTube pour obtenir la transcription complète
Formulaire d'extraction de transcription
La plupart des transcriptions sont prêtes en moins de 5 secondes
Installez notre extension Chrome
Obtenez les transcriptions instantanément sans quitter YouTube. Installez notre extension Chrome et accédez en un clic à la transcription de n'importe quelle vidéo directement depuis la page de lecture.
