21 min to read

Google Cloud Platform Getting Started Guide

A comprehensive guide to GCP setup, service accounts, and SDK installation

Featured image


Overview

Google Cloud Platform (GCP) is Google’s comprehensive suite of cloud computing services that enables businesses and developers to build, deploy, and manage applications on Google’s infrastructure. This guide will walk you through the essential steps to get started with GCP, from creating your first account to mastering the command-line interface.

Today’s practical session covers:


Why Choose GCP?

GCP leverages the same infrastructure that powers Google’s own services like Search, Gmail, and YouTube.

This means you get access to cutting-edge technology with proven scalability and reliability at enterprise scale.

Unlike traditional cloud providers that adapted existing on-premises solutions to the cloud, GCP was built from the ground up as a cloud-native platform, offering unique advantages in areas like data analytics, machine learning, and global network performance.


What is Google Cloud Platform?

Google Cloud Platform is Google’s comprehensive cloud computing service suite that provides various tools and resources for businesses and developers to build, deploy, and manage applications while storing and processing data on Google’s infrastructure.

graph TD A[Applications] --> B[GCP Services] B --> C[Compute Engine] B --> D[Cloud Storage] B --> E[BigQuery] B --> F[Cloud SQL] B --> G[Kubernetes Engine] B --> H[Cloud Functions] I[Google Infrastructure] --> B J[Global Network] --> I


Key Features of GCP

Feature Description Benefit
Diverse Service Portfolio Computing, storage, databases, networking, ML services One-stop solution for all cloud needs
Flexible Cost Management Pay-as-you-use pricing model Cost-effective resource utilization
Security & Reliability Google's infrastructure with robust security Enterprise-grade security and high availability
Scalability Easy resource scaling based on demand Handle traffic spikes without manual intervention
Global Network Worldwide presence with edge locations Low latency and improved user experience
Innovation Focus AI/ML services and cutting-edge technologies Access to Google's research and development


Getting Started with GCP


1. Free Trial Account Creation

Creating a GCP free trial account is straightforward and provides significant value for learning and experimentation.

What You Get:

Steps to Create Account:

  1. Visit the Google Cloud Console
  2. Sign in with your existing Google account or create a new one
  3. Accept the terms of service
  4. Provide billing information (required but not charged during trial)
  5. Verify your account via phone or credit card

Important Note

While a credit card is required for verification, Google will not charge you unless you explicitly upgrade to a paid account. The free trial automatically stops when you exhaust the $300 credit or reach the 90-day limit.

After completing the setup, check your billing page to confirm your free credits:


2. Project Creation and Management

Every resource in GCP belongs to a project. Projects provide a way to organize resources, manage billing, and control access.

graph LR A[Organization] --> B[Project 1] A --> C[Project 2] A --> D[Project 3] B --> E[Compute Resources] B --> F[Storage Resources] B --> G[Database Resources] C --> H[Development Environment] D --> I[Production Environment]

Project Hierarchy Components:

Component Description Example
Project Name Human-readable project identifier My Web Application
Project ID Globally unique project identifier my-web-app-12345
Project Number Auto-generated unique numerical identifier 123456789012

Creating a New Project:

  1. Navigate to the IAM & AdminResource Manager
  2. Click Create Project
  3. Enter your project details: 
    Project Name: My First GCP Project
Project ID: my-first-gcp-project-2024
Location: No organization (for personal accounts)
  4. Click Create
Security Best Practice

Never include sensitive information in project names, project IDs, or other resource names. These identifiers may be exposed in logs, APIs, and resource references.


3. Service Account Creation

Service accounts are special Google accounts that belong to applications or compute workloads instead of individual users. They provide a secure way for applications to authenticate with GCP services.

Understanding Service Accounts:

Service accounts enable:

Creating a Service Account:

  1. Navigate to IAM & AdminService Accounts
  2. Click Create Service Account
  3. Configure the service account: 
      {
 "name": "my-app-service-account",
 "display_name": "My Application Service Account", 
 "description": "Service account for my web application"
  }
  4. Grant Project Access (Choose appropriate roles):
    • Owner: Full control over all resources
    • Editor: Read/write access to most resources
    • Viewer: Read-only access to resources
    • Custom roles: Specific permissions for specialized use cases
  5. User Access (Optional): Skip this step for service-to-service authentication
  6. Click Done


For learning purposes, select Owner, but in production, always follow the principle of least privilege.

Role Type Use Case Risk Level
Primitive Roles (Owner/Editor/Viewer) Quick setup, learning, prototyping High (Owner/Editor), Low (Viewer)
Predefined Roles Common service-specific tasks Medium
Custom Roles Specific business requirements Low (when properly configured)


4. Service Account Key Generation

Service account keys are JSON files that contain credentials for authenticating as a service account. These keys are essential for applications running outside of GCP to access GCP services.

Key Types and Usage:

Key Type Format Best For Security Considerations
JSON Key JSON file with private key External applications, local development Must be securely stored and rotated
P12 Key PKCS12 format Legacy applications Less secure, not recommended

Generating a JSON Key:

  1. Select your service account from the list
  2. Navigate to the Keys tab
  3. Click Add KeyCreate new key
  4. Select JSON format
  5. Click Create

The key file will automatically download to your computer. Keep this file secure - it provides programmatic access to your GCP resources.


Security Warning

Service account keys are sensitive credentials. Never commit them to version control, share them in chat, or store them in unsecured locations. Consider using alternatives like Workload Identity or Application Default Credentials when possible.


Google Cloud SDK Installation

The Google Cloud SDK provides command-line tools for managing GCP resources. The primary tool is gcloud, which allows you to create, configure, and manage GCP resources from your terminal.


Installation Methods

Method Platform Best For
Interactive Installer Windows, macOS, Linux Desktop development environments
Package Manager Linux distributions Server environments and automation
Docker Image Any platform with Docker Containerized workflows and CI/CD
Cloud Shell Browser-based Quick tasks and learning


Linux Installation (Ubuntu/Debian)

For Ubuntu WSL or native Linux environments:

# Download the Google Cloud CLI archive
curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-422.0.0-linux-x86_64.tar.gz

# Extract the archive
tar xvf google-cloud-cli-422.0.0-linux-x86_64.tar.gz

# Optional: View installation help
./google-cloud-sdk/install.sh --help

# Run the installation script
./google-cloud-sdk/install.sh


During installation, you’ll be prompted for several options:

Welcome to the Google Cloud CLI!

To help improve the quality of this product, we collect anonymized usage data
and anonymized stacktraces when crashes are encountered; additional information
is available at <https://cloud.google.com/sdk/usage-statistics>.

Do you want to help improve the Google Cloud CLI (y/N)? y

# Choose whether to modify your PATH
Modify profile to update your $PATH and enable shell command completion? (Y/n) Y

# Choose your shell profile
Enter a path to an rc file to update, or leave blank to use the default: [Enter]


Alternative Installation Methods

Package Manager Installation:

# Add the Cloud SDK distribution URI as a package source
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

# Import the Google Cloud public key
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -

# Update and install the Cloud SDK
sudo apt-get update && sudo apt-get install google-cloud-cli

Docker Usage:

# Run gcloud in a Docker container
docker run -it google/cloud-sdk:latest gcloud version

# For persistent configurations
docker run -it -v ~/.config/gcloud:/root/.config/gcloud google/cloud-sdk:latest


SDK Authentication and Initialization

After installation, initialize the SDK:

# Initialize gcloud configuration
gcloud init

The initialization process includes:

  1. Network Diagnostics: Checks your internet connection
  2. Authentication: Opens browser for Google account login
  3. Project Selection: Choose or create a project
  4. Default Region/Zone: Set default compute region
Welcome! This command will take you through the configuration of gcloud.

Your current configuration has been set to: [default]

Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.

Choose the account you would like to use to perform operations for this configuration:
 [1] user@example.com
 [2] Log in with a new account
Please enter your numeric choice: 1

Pick cloud project to use:
 [1] my-first-gcp-project
 [2] my-second-project  
 [3] Create a new project
Please enter numeric choice or text value (must exactly match list item): 1

Do you want to configure a default Compute Region and Zone? (Y/n) Y
Which Google Compute Engine zone would you like to use as project default?
 [1] us-central1-a
 [2] us-central1-b
 ...
Please enter your numeric choice: 1


Managing Multiple GCP Accounts

When working with multiple Google accounts or managing different environments (development, staging, production), you’ll need to configure and switch between different gcloud configurations. This section covers how to manage multiple accounts efficiently.


Understanding gcloud Configurations

gcloud configurations allow you to maintain separate sets of gcloud properties for different accounts, projects, and environments. Each configuration includes:

graph TB subgraph "gcloud Configuration Management" A[gcloud CLI] --> B[Configuration 1: Personal] A --> C[Configuration 2: Work] A --> D[Configuration 3: Client Project] B --> E[personal@gmail.com] B --> F[my-personal-project] B --> G[us-west1-a] C --> H[work@company.com] C --> I[company-production] C --> J[us-central1-a] D --> K[client@project.com] D --> L[client-project-123] D --> M[europe-west1-a] end style A fill:#ff9999 style B fill:#99ccff style C fill:#99ff99 style D fill:#ffcc99


1. Checking Current Configurations

First, let’s examine the available configuration commands and current setup:

# View available configuration commands
gcloud config configurations

# List all existing configurations
gcloud config configurations list


Example output:

NAME     IS_ACTIVE  ACCOUNT               PROJECT              COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       somaz@gmail.com      somaz-project        us-central1-a         us-central1


2. Managing Configuration Names and States

Renaming Configurations

If you want to rename your default configuration to something more descriptive:

# First, create a new temporary configuration to deactivate the current one
gcloud config configurations create temp-config
gcloud config configurations activate temp-config

# Now rename the default configuration
gcloud config configurations rename default --new-name=personal

# Switch back to your renamed configuration
gcloud config configurations activate personal

# Clean up the temporary configuration
gcloud config configurations delete temp-config
Important Note

You cannot rename an active configuration. Always create a temporary configuration first, switch to it, then rename the original configuration.


3. Adding a Second Account

Step 1: Create a New Configuration

# Create a new configuration for your second account
gcloud config configurations create work-account

# Activate the new configuration
gcloud config configurations activate work-account

Step 2: Authenticate with the Second Account

# Login with your second Google account
gcloud auth login


This command will open your browser for authentication. After successful login, set the account for the current configuration:

# Set the account for the current configuration
gcloud config set account work@company.com

# Optionally set a default project
gcloud config set project work-project-id

Step 3: Verify Multiple Accounts

# List all authenticated accounts
gcloud auth list


Example output:

   Credentialed Accounts
ACTIVE  ACCOUNT
*       work@company.com
        personal@gmail.com


4. Switching Between Accounts

Using Configuration Activation

# Switch to personal account configuration
gcloud config configurations activate personal

# Verify the switch
gcloud config list

# Switch to work account configuration
gcloud config configurations activate work-account

# Verify the switch
gcloud config list

Quick Account Switching Within Same Configuration

# Switch account without changing configuration
gcloud config set account personal@gmail.com

# Or switch back to work account
gcloud config set account work@company.com


5. Project Management Across Accounts

After switching accounts, you can verify and manage different projects:

# Switch to personal account
gcloud config configurations activate personal

# List projects accessible to personal account
gcloud projects list

# Switch to work account
gcloud config configurations activate work-account

# List projects accessible to work account
gcloud projects list


Example outputs:

Personal Account Projects:

PROJECT_ID              NAME              PROJECT_NUMBER
personal-web-app        Personal Website  736664391334
learning-project        Learning GCP      470321790129

Work Account Projects:

PROJECT_ID              NAME                    PROJECT_NUMBER
company-production      Production Environment  836664391445
company-staging         Staging Environment     570321790230
company-development     Development Environment 123456789012


6. Service Account Authentication

For automated workflows and CI/CD pipelines, you can activate service accounts:

# Activate a service account using key file
gcloud auth activate-service-account --key-file=/path/to/service-account-key.json

# Verify service account activation
gcloud auth list

# Set the service account as the active account
gcloud config set account service-account@project.iam.gserviceaccount.com
Authentication Method Command Use Case
User Account Login gcloud auth login Interactive development, switching accounts
Service Account gcloud auth activate-service-account Automation, CI/CD pipelines, server applications
Application Default gcloud auth application-default login Local development with GCP client libraries


Understanding GCP Authentication

GCP SDK authentication primarily uses OAuth 2.0, an open standard for authorization. This enables secure authentication and authorization for users, service accounts, and applications accessing GCP resources.

sequenceDiagram participant User participant gcloud participant Google Auth participant GCP APIs User->>gcloud: gcloud init gcloud->>Google Auth: Request authorization Google Auth->>User: Redirect to login page User->>Google Auth: Provide credentials Google Auth->>gcloud: Return authorization code gcloud->>Google Auth: Exchange code for tokens Google Auth->>gcloud: Access & refresh tokens gcloud->>GCP APIs: API calls with access token


Authentication Process Steps:

  1. SDK Installation: Download and install Google Cloud SDK locally
  2. SDK Initialization: Run gcloud init to start configuration
  3. OAuth 2.0 Authentication: Login via browser and grant permissions
  4. Credential Storage: SDK stores access and refresh tokens locally
  5. Service Account Authentication: (Optional) Use JSON keys for automated access

Credential Storage Locations:


Authentication Methods Comparison

Method Use Case Security Level Setup Complexity
User Account (OAuth) Interactive development and testing High Simple
Service Account Keys Server applications and automation Medium Medium
Application Default Credentials Applications running on GCP High Simple
Workload Identity Kubernetes workloads on GKE Very High Complex


Key Differences: gcloud init vs gcloud auth login

Understanding when to use each command:

gcloud init:

gcloud init
# Performs: authentication, project selection, region/zone configuration

gcloud auth login:

gcloud auth login
# Performs: authentication only, no configuration changes
Best Practice

Use gcloud init for initial setup and when you need to configure multiple aspects. Use gcloud auth login when you only need to authenticate a different account or refresh expired credentials.


Essential GCP CLI Commands

Master these fundamental gcloud commands to effectively manage your GCP resources:


Configuration Management

# Check current configuration
gcloud config list

# View all available configurations
gcloud config configurations list

# Create a new configuration
gcloud config configurations create production

# Switch between configurations
gcloud config configurations activate production

# Set project for current configuration
gcloud config set project my-project-id

# Set default region and zone
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a


Account and Authentication

# List authenticated accounts
gcloud auth list

# Login with a different account
gcloud auth login

# Set active account
gcloud config set account user@example.com

# Authenticate using service account key
gcloud auth activate-service-account --key-file=path/to/keyfile.json

# Revoke credentials
gcloud auth revoke user@example.com


Project Management

# List all accessible projects
gcloud projects list

# Get current project details
gcloud projects describe my-project-id

# Create a new project
gcloud projects create my-new-project --name="My New Project"

# Set billing account for project
gcloud billing projects link my-project-id --billing-account=ACCOUNT_ID


Compute Engine Operations


Cloud Storage Operations


Service Management

# List available APIs and services
gcloud services list --available

# Enable a service
gcloud services enable compute.googleapis.com

# List enabled services
gcloud services list --enabled

# Disable a service
gcloud services disable compute.googleapis.com


IAM and Security


GCP Free Tier Considerations

The GCP Free Tier provides generous allowances for learning and small-scale applications, but it’s important to understand the limits to avoid unexpected charges.


Free Tier Structure

Tier Type Duration Credits/Limits Services Included
Free Trial 90 days $300 credit Most GCP services (with some restrictions)
Always Free No expiration Service-specific monthly quotas Limited set of services with usage limits


Always Free Tier Limits

Key services with permanent free allowances:

Compute Engine:

• 1 f1-micro instance per month (US regions only)
• 30 GB standard persistent disk storage
• 5 GB snapshot storage per month
• 1 GB network egress per month (excluding China and Australia)

Cloud Storage:

• 5 GB regional storage per month
• 5,000 Class A operations per month
• 50,000 Class B operations per month
• 1 GB network egress per month

BigQuery:

• 1 TB queries per month
• 10 GB storage per month
• Loading, copying, and exporting data is free

Cloud Functions:

• 2 million invocations per month
• 400,000 GB-seconds of compute time
• 200,000 GHz-seconds of compute time


Cost Management Best Practices

Avoid Unexpected Charges

Set up billing alerts and budgets before you start experimenting. Even free tier services can incur charges if you exceed the quotas.

Essential Cost Controls:

1. Set up Budget Alerts:


2. Monitor Resource Usage:
# Check current billing information
gcloud billing accounts list

# View project billing status
gcloud billing projects describe PROJECT_ID
3. Clean Up Resources Regularly:
# List all resources that might incur charges
gcloud compute instances list
gcloud storage buckets list
gcloud sql instances list

# Use filters to find old resources
gcloud compute instances list --filter="creationTimestamp < '2024-01-01'"

Common Cost Traps to Avoid:


Practical Examples and Use Cases


Setting Up a Development Environment


Automated Deployment Script


Monitoring and Logging Setup


What’s Next?

This guide provides a solid foundation for working with Google Cloud Platform. To continue your GCP journey, consider exploring these topics:

  1. Infrastructure as Code: Learn Terraform and Cloud Deployment Manager
  2. Container Orchestration: Dive into Google Kubernetes Engine (GKE)
  3. Data Analytics: Explore BigQuery, Dataflow, and Pub/Sub
  4. Machine Learning: Get started with Vertex AI and AutoML
  5. Security Best Practices: Implement IAM, VPC, and security controls


graph LR A[GCP Fundamentals] --> B[Compute Services] A --> C[Storage & Databases] A --> D[Networking] B --> E[Kubernetes Engine] C --> F[Data Analytics] D --> G[Security & IAM] E --> H[DevOps & CI/CD] F --> I[Machine Learning] G --> J[Production Deployment]


References