Google Cloud Resource hierarchy
Google Cloud's resource hierarchy provides a way to organize and manage resources such as projects, folders, and organizations in a structured manner. This hierarchy helps in applying policies, setting permissions, and maintaining control over resources. Hereβs a high-level overview:
Organization:
The top level of the hierarchy.
Represents a company or entity.
All resources within the Google Cloud environment fall under an organization.
Helps in centralizing the management and administration of resources.
Organization policies and IAM (Identity and Access Management) roles can be applied here and inherited by child resources.
Folders:
Nested under the organization.
Used to group projects and other folders for better organization.
Can have policies and IAM roles specific to them, inherited by contained resources.
Useful for departments, teams, or projects within a company to segregate resources.
Projects:
The primary unit for creating and using Google Cloud resources.
Everything in Google Cloud (e.g., VM instances, storage buckets, databases) is contained within a project.
Projects contain resources and services that can be managed together.
IAM roles and permissions can be set at the project level, controlling access to the project's resources.
Resources:
The actual services and entities created within projects (e.g., Compute Engine VMs, Cloud Storage buckets, BigQuery datasets).
Permissions and policies can be applied to individual resources, but typically inherit from the project level.
Organization (example.com)
βββ Folder (Engineering)
β βββ Project (Dev Project)
β β βββ Resource (Compute Engine VM)
β βββ Project (Test Project)
βββ Folder (Marketing)
βββ Project (Website)
βββ Project (Analytics)
Last updated