GCP Resource Hierarchy

Understanding the Google Cloud Resource Hierarchy:

Google Cloud employs a structure known as the “Resource Hierarchy,” which serves as a systematic means of organizing resources. Picture it as a hierarchy composed of four primary elements:

• Organization
• Folder
• Project
• Resource

Organization: Positioned at the apex of the hierarchy, the organization serves as the highest level of authority, and only one organization exists within this structure.

Folder: Folder resources offer an optional way to further organize and create isolation boundaries between projects within the Google Cloud environment. Think of them as sub-organizations within the main organization resource. These folder resources serve the purpose of modeling various aspects within a company, including distinct legal entities, departments, and teams. The flexibility of folder resources is such that each folder can contain not only project resources but also other folder resources.

Key Attributes:

• Folder ID: A unique identifier for the folder.
• Folder Name: The name or label assigned to the folder.
• Parent Folder: Indicates the parent folder, if applicable. Helps establish the folder’s position within the hierarchy.
• Child Folders: Folders can contain other sub-folders, forming a hierarchical structure.
• Projects: Folders can contain multiple projects, providing organization and isolation.
• Access Control: Like projects, folders can have their access controls and permissions.
• Creation Timestamp: Records when the folder was created.

Project: The project resource represents the most basic organizational unit. The organization and folder resources can have multiple projects within them. To unlock the full potential of Google Cloud, having a project resource is a must. It acts as the cornerstone for a range of actions and features, like creating, activating, and using Google Cloud services.

Key Attributes:

• Project Resource ID: This is a unique identifier assigned to the project resource, ensuring its distinctiveness.
• Project Resource Number: Automatically generated upon project creation, it serves as a read-only reference.
• Display Name: A mutable property that allows for a user-defined name.
• Lifecycle State: This indicates the current status of the project resource, such as ‘ACTIVE’ or ‘DELETE_REQUESTED.’
• Labels: A set of labels that can be utilized for filtering and categorizing projects.
• Creation Timestamp: Records the time when the project resource was initially created.

Resource: Resources are the focal point of the hierarchy, representing the services and entities created and utilized within Google Cloud. For example cloud storage buckets, virtual machines, etc.

The Rationale Behind the Resource Hierarchy:

The resource hierarchy serves the vital purpose of establishing ownership and control. By employing this structure, access controls and policies can be enacted at different tiers, dictating permissions and regulations. It functions as a regulatory framework applied to varying sections of the hierarchy, with these regulations permeating downward(Policy Inheritence).

Exploring the Role of Organizations:

• While organizations are not mandatory, they offer distinct advantages. For instance, when a project is initiated using a Google Workspace or Cloud Identity account, it is automatically associated with an organization.

• Projects generated by members within the same account domain are automatically affiliated with the shared organization, facilitating cohesive management.

• Google Workspace super administrators possess default privileges to assign IAM (Identity and Access Management) roles. Their elevated authority warrants attention.

• An intriguing aspect of organizations is that when a project is created, its ownership is attributed to the organization, rather than the individual creator. This ensures project continuity even if the originator’s association changes.

In summary ihe Google Cloud Resource Hierarchy is a structured framework for resource management and regulation, with organizations playing a pivotal role in facilitating governance and control.