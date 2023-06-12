



Learning how to use the public cloud for your first project can feel like searching for treasure in a deep hidden dungeon or fighting a fire-breathing dragon. There are jargon to learn, arcane formulas to unravel, and countless ways to get into trouble. Despite plotting a course across unfamiliar landscapes, it is also, on some level, an exciting adventure into the unknown.

There are ways to secure your journey and keep all your resources safe from thieves and (digital) magicians. As you explore, you need strong identity and access management (IAM) policies to protect your project and its resources. Otherwise, you’ll end up with nasty bandits running around in your environment.

So can you jump right in and worry about the details later? Sure, you could use a build-as-you-go approach, but before building a stone castle Second, you’ll need to consider the underlying architecture. Otherwise, you may end up sinking in the swamp. Worse, it can catch fire, collapse, and sink into the swamp. nobody wants that. It’s important to create a mental model to organize your cloud resources for proper protection.

Create a trust boundary using Google Cloud resource hierarchies

Start by considering how your business works and map it to a tree hierarchy in the cloud. At the top is the organization, followed by divisions and business divisions, and within each are subdivisions and divisions. Finally, there are various teams with principals at the bottom of the tree. This organizational structure should be represented in a cloud hierarchy, as access control using identity management becomes very easy.

Look at the example of the fictional continent of Middle-earth mapped to the elements of the resource hierarchy. Notice how easy it is to establish limited access to your most valuable resources.

