Associate Cloud Engineers deploy applications, monitor operations, and manage enterprise solutions. They use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud.
This is ideal for those who have some experience in IT who would like to break into the cloud by learning about various commands and technologies used in Google Cloud Platform (GCP). This is a more technical introduction to GCP than the Cloud Digital Leader certification and has the intent to train you to be able to perform basic and advanced tasks.
The exam is 2 hours long and costs $125.
Exam Content & Outline – What Will You Be Tested On?
There are FIVE main skills that the exam will test you on:
- Setting up a cloud solution environment
- Planning and configuring a cloud solution
- Deploying and implementing a cloud solution
- Ensuring successful operation of a cloud solution
- Configuring access and security
Let’s look at each of these in more detail and find out what exactly to study in order to be certified as a Google Associate Cloud Engineer.
Setting Up a Cloud Solution Environment
This section teaches you how to give birth to your new projects on GCP. It will cover topics such as resource hierarchy and billing and local environment configuration.
- Setting up cloud projects and accounts
- Creating a resource hierarchy
- Applying organizational policies to the resource hierarchy
- Granting members IAM roles within a project
- ● Managing users and groups in Cloud Identity (manually and automated)
- ● Enabling APIs within projects
- ● Provisioning and setting up products in Google Cloud’s operations suite
- Managing billing configuration.
- Installing and configuring the command line interface (CLI), specifically the Cloud SDK (e.g., setting the default project)
Planning and Configuring a Cloud Solution
This section aims to equip you with a comprehensive understanding of the typical cloud architecture and provide you with the necessary skills to design solutions for hosting applications or functionalities on the cloud. Moreover, you will gain knowledge on calculating costs associated with using technology tailored to meet your organization’s unique needs. We believe that this section will be instrumental in helping you navigate the complexities of cloud computing, while providing you with the tools necessary to excel in your work.
- Planning and estimating Google Cloud product use using the Pricing Calculator
- Planning and configuring compute resources.
- Planning and configuring data storage options.
- Planning and configuring network resources
- Differentiating load balancing options
- Identifying resource locations in a network for availability
- Configuring Cloud DNS
Deploying and Implementing a Cloud Solution
Once you have a plan in place for a cloud solution, the exam expects you to know the steps required to effectively deploy the plan into action. This requires a series of steps on your part along with the required parameters to fine-tune the process.
- Deploying and implementing Compute Engine resources
- Launching a compute instance using the Google Cloud console and Cloud SDK (gcloud) (e.g., assign disks, availability policy, SSH keys)
- Creating an autoscaled managed instance group using an instance template
- Generating/uploading a custom SSH key for instances
- Installing and configuring the Cloud Monitoring and Logging Agent
- Assessing compute quotas and requesting increases
- Deploying and implementing Google Kubernetes Engine resources.
- Installing and configuring the command line interface (CLI) for Kubernetes (kubectl)
- Deploying a Google Kubernetes Engine cluster with different configurations including AutoPilot, regional clusters, private clusters, etc.
- Deploying a containerized application to Google Kubernetes Engine
- Configuring Google Kubernetes Engine monitoring and logging
- Deploying and implementing Cloud Run and Cloud Functions resources.
- Deploying an application and updating scaling configuration, versions, and traffic splitting
- Deploying an application that receives Google Cloud events (e.g., Pub/Sub events, Cloud Storage object change notification events)
- Deploying and implementing data solutions.
- Initializing data systems with products (e.g., Cloud SQL, Firestore, BigQuery, Cloud Spanner, Pub/Sub, Cloud Bigtable, Dataproc, Dataflow, Cloud Storage)
- Loading data (e.g., command line upload, API transfer, import/export, load data from Cloud Storage, streaming data to Pub/Sub)
- Deploying and implementing networking resources.
- Creating a VPC with subnets (e.g., custom-mode VPC, shared VPC)
- Launching a Compute Engine instance with custom network configuration (e.g., internal-only IP address, Google private access, static external and private IP address, network tags)
- Creating ingress and egress firewall rules for a VPC (e.g., IP subnets, network tags, service accounts)
- Creating a VPN between a Google VPC and an external network using Cloud VPN
- Creating a load balancer to distribute application network traffic to an application (e.g., Global HTTP(S) load balancer, Global SSL Proxy load balancer, Global TCP Proxy load balancer, regional network load balancer, regional internal load balancer)
- Deploying a solution using Cloud Marketplace
- Browsing the Cloud Marketplace catalog and viewing solution details
- Deploying a Cloud Marketplace solution
- Implementing resources via infrastructure as code
- Building infrastructure via Cloud Foundation Toolkit templates and implementing best practices
- Installing and configuring Config Connector in Google Kubernetes Engine to create, update, delete, and secure resources
Ensuring Successful Operation of a Cloud Solution
Security of information and data is crucial. Criminals have resorted to using sophisticated hacking software to illegally break in and steal precious data. Fortunately, Google Cloud upholds the highest security standards to safeguard your assets, while also providing you with state-of-the-art tools to monitor and log critical security incidents.
This section tests you on your ability to explain how GCP security and operations work together to create a solution that will ultimately make your data safe and sound.
- Managing Compute Engine (GCE) resources
- Managing a single VM instance (e.g., start, stop, edit configuration, or delete an instance)
- Remotely connecting to the instance
- Attaching a GPU to a new instance and installing necessary dependencies
- Viewing current running VM inventory (instance IDs, details)
- Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a snapshot)
- Working with images (e.g., create an image from a VM or a snapshot, view images, delete an image)
- Working with instance groups (e.g., set autoscaling parameters, assign instance template, create an instance template, remove instance group)
- Working with management interfaces (e.g., Google Cloud console, Cloud Shell, Cloud SDK)
- Managing Google Kubernetes Engine (GKE) resources
- Viewing current running cluster inventory (nodes, pods, services)
- Browsing Docker images and viewing their details in the Artifact Registry
- Working with node pools (e.g., add, edit, or remove a node pool)
- Working with pods (e.g., add, edit, or remove pods)
- Working with services (e.g., add, edit, or remove a service)
- Working with stateful applications (e.g. persistent volumes, stateful sets)
- Managing Horizonal and Vertical autoscaling configurations
- Working with management interfaces (e.g., Google Cloud console, Cloud Shell, Cloud SDK, kubectl)
- Managing Cloud Run resources
- Adjusting application traffic-splitting parameters
- Setting scaling parameters for autoscaling instances
- Determining whether to run Cloud Run (fully managed) or Cloud Run for Anthos
- Managing storage and database solutions
- Managing and securing objects in and between Cloud Storage buckets
- Setting object life cycle management policies for Cloud Storage buckets
- Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery, Cloud Spanner, Datastore, Cloud Bigtable)
- Estimating costs of data storage resources
- Backing up and restoring database instances (e.g., Cloud SQL, Datastore)
- Reviewing job status in Dataproc, Dataflow, or BigQuery
- Managing networking resources
- Adding a subnet to an existing VPC
- Expanding a subnet to have more IP addresses
- Reserving static external or internal IP addresses
- Working with Cloud DNS, Cloud NAT, Load Balancers, and Firewall rules
- Monitoring and logging
- Creating Cloud Monitoring alerts based on resource metrics
- Creating and ingesting Cloud Monitoring custom metrics (e.g., from applications or logs)
- Configuring log sinks to export logs to external systems (e.g., on-premises or BigQuery)
- Configuring log routers
- Viewing and filtering logs in Cloud Logging
- Viewing specific log message details in Cloud Logging
- Using cloud diagnostics to research an application issue (e.g., viewing Cloud Trace data, using Cloud Debug to view an application point-in-time)
- Viewing Google Cloud status
Configuring Access and Security
- Managing Identity and Access Management (IAM)
- Viewing and Creating IAM policies
- Managing the various role types and defining custom IAM roles (e.g., primitive, predefined and custom)
- Managing service accounts
- Creating service accounts
- Using service accounts in IAM policies with minimum permissions
- Assigning service accounts to resources
- Managing IAM of a service account
- Managing service account impersonation
- Creating and managing short-lived service account credentials
- Viewing audit logs
