Skip to main content

Hierarchy Structure

GCP enforces a well-defined and scalable resource hierarchy to manage access control and policies:

Organization > Folders > Projects > Resources
  • Organization: Root node representing a company (usually linked to a G Suite or Cloud Identity domain).
  • Folders: Optional grouping of projects, used for structuring teams, departments, or environments.
  • Projects: Core unit in GCP where resources are created and managed. Every resource belongs to exactly one project.
  • Resources: Individual services or components (e.g., Compute Engine VM, Cloud Function, etc.) provisioned inside a project.

Key Properties:

  • A Folder can contain multiple Projects or sub-Folders.
  • An Organization can contain multiple Folders.
  • IAM policies and Organization Policies can be applied at each level and are inherited by lower levels unless overridden.

Enterprise Recommendations for Resource Organization

1. Environment Isolation

  • Create separate projects for different environments like DEV, QA, STAGE, and PROD.
  • Benefit: Ensures complete separation between environments; changes in DEV do not impact PROD.

2. Department-Level Folders

  • Create dedicated folders per department (e.g., Finance, HR, Engineering).
  • Helps isolate production resources and manage IAM roles more effectively.

3. Shared Resources

  • Use a Shared Folder or Shared VPC model to host common resources like networking, IAM roles, or centralized services (e.g., logging, monitoring).

4. Project per App per Environment

Example:

  • Apps: A1 and A2
  • Environments: DEV and PROD
  • Create: A1-DEV, A1-PROD, A2-DEV, A2-PROD

Advantages:

  • Clean separation of concerns.
  • Easy rollback and deployment management.
  • Dev team has full access to DEV.
  • Ops/Support team gets restricted access to PROD only.

Billing Accounts in GCP

Overview:

  • A Billing Account is required to create and maintain resources.
  • It contains payment methods and usage records.

Key Facts:

  • Every Project must be associated with one Billing Account.
  • A Billing Account can be linked to multiple Projects.
  • An Organization can have multiple Billing Accounts.

Types of Billing Accounts:

  1. Self-Serve Billing:

    • Linked to a credit/debit card or bank account.
    • Suitable for individuals, startups, and small businesses.

  2. Invoiced Billing:

    • Google provides monthly invoices.
    • Typically used by large enterprises with credit arrangements.

Billing Structure Recommendations:

  • Startups: Use a single billing account for all projects.

  • Enterprises:

    • Create separate billing accounts per business unit or department.
    • Assign Billing Admins for each department to monitor and control spend.

Managing Billing: Budgets, Alerts, and Exports

Budgets and Alerts

  • Set up Budgets to define expected monthly/quarterly spend per project or billing account.

  • Configure Alert Thresholds:

    • Defaults: 50%, 90%, 100%

    • Notifications can be sent via:

      • Email to Billing Admins
      • Pub/Sub Topics (for automation, integrations)

Export Billing Data

  • Enable automated billing exports for cost analysis and compliance.

Export Destinations:

  1. BigQuery:

    • Enables advanced querying and dashboarding (e.g., via Looker Studio).
    • Ideal for daily cost breakdowns, service-level analytics, anomaly detection.

  2. Cloud Storage:

    • Good for raw data backups and archiving.
    • Data is stored in CSV or JSON formats.