Cloud basics & GCP

GCP exposes ~200 services via REST APIs and the gcloud CLI, organized under a hierarchy: Organization → Folders → Projects → Resources. Each resource (a VM, a bucket, a DB) is scoped to exactly one project.

A project is the unit of billing, quotas, and IAM. Every API call references a project id; enable APIs per project before using them. A project has an alphanumeric project-id (immutable) and a project-number.

Regions are failure-isolated geographic areas (e.g. europe-west1). Each region contains multiple zones (europe-west1-b, -c, -d) for in-region HA. Multi-regional services replicate across regions automatically.

IAM binds principals (user, service account, Google group, domain) to roles (collection of permissions) on a resource. Roles are additive and inherited down the hierarchy. Prefer predefined roles over primitive ones (owner/editor/viewer are too broad); use custom roles only when justified.

Billing is per-project with export to BigQuery for analysis. Set budget alerts early — a misconfigured service (e.g. a public bucket scraped daily) can generate unexpected charges.