GCP Digest Issue 2

15 June 2020
Back to homepage

It's been a turbulent two weeks. I hope that everyone is doing well.

A great deal has also happened in the past two weeks in GCP. Jakarta region has been launched. BigQuery gets table-level ACLs. Cross-region replication is now a thing in Cloud SQL. Pub/Sub offers message filtering.

In my own projects, I have been playing around with Cloud Tasks as my task queue manager. I wrote a blog post to explain all that I have learnt: Managing background jobs with Cloud Tasks

Happy reading!
- Jonathan

Jakarta comes online

Jakarta region is now online as asia-southeast2

Why is this a big deal? Jakarta is in Indonesia, Southeast Asia's most populous nation with about 270 million people. Jakarta will be GCP's second region in Southeast Asia, after Singapore. With this new region, Google Cloud is set to emerge as a strong cloud contender in a nation with many emerging startups, and even some unicorns.

Available products and services in Jakarta include Cloud Storage, Compute Engine, Dataflow, Dataproc, Datastore, Firestore, Pub/Sub, Memorystore for Redis, BigQuery, Bigtable, App Engine, Cloud SQL, Cloud VPN, and Cloud KMS (no Cloud Functions, yet).

BigQuery: Table-level Access Controls

Another game-changer that will probably mess up current answers to professional certification exam questions is BigQuery's table-level access controls, or table ACLs. With BigQuery table-level ACLs, you can Cloud IAM controls at the table scope, satisfying the principle of "least privilege."

Together with existing column-level controls, BigQuery is well-adapted to provide sufficient granularity in data governance and regulatory compliance. In essence, Table ACLs enable you to share a single table, for reading and/or writing, without the surrounding dataset. Previously, many BigQuery customers use authorized views to control read-only access to tables. Table ACLs allow simply sharing a single table as is.

Cross-Region Replicas for Cloud SQL

Cloud SQL cross-region replication is now available for MySQL and PostgreSQL database engines. This ensures business continuity by allowing your Cloud SQL database to failover to another region in the event of a Google Cloud region failure. 

A cross-region replica is a copy of the primary in another region that reflects changes to the primary instance in almost real time, ensuring little data loss in the event of a region failure. A replica is read-only, and can be used to offload reads from the primary database. In the event of a regional failure (or a planned migration), the read replica is promoted to a primary instance.

Skill Badges, New 6-week Learning Paths, Online-proctored Certifications

  • Newly introduced Google Cloud Skill Badges allow you to train for and earn skill badges that you can then use to show competencies. The digital badges are earned through completing labs and a rigorous hands-on skill test on Qwiklabs, which is free for 30-days through to end of 2020. Select one of the available quests to get started! (great for early-stage professionals)
  • Also new is the 6-week Learning Paths designed to help you prepare for the certification most suited to your role, offered through Pluralsight and Qwiklabs. Certifications covered are Associate Cloud Engineer, Professional Cloud Architect, and Professional Data Engineer. (great for experienced professionals)
  • Lastly, the aforementioned three certifications are now available remotely via online proctored certification testing. Watch the YouTube video to learn more and sign up to take you exam here.

Firewall Insights

Firewall Insights provides visibility into firewall usage and detects firewall configuration issues. It is offered as a Network Intelligence Center module. Use Firewall Insights to detect and provide easy remediation options for a number of key firewall issues, including:
  • Rules that have been overshadowed and cannot be reached
  • Unnecessary allow rules, open ports, and IP ranges
  • Sudden hit increases on firewall rules (and drill down into source of traffic)
  • Redundant firewall rules
  • Deny firewall rules with hit counts

Hierarchical firewall policies

Existing Virtual Private Cloud (VPC) firewall rules are created at the network level within a given Google Cloud project. Using hierarchical firewall policies, you can create both ingress and egress rules at the organization and folder levels within an organization. This allows security admins to define and deploy consistent firewall rules across a number of projects.

Support for Target Service Account in the hierarchical firewall policies also allows targeting certain firewall rules to a selected group of instances across the organization without having to define such rules within each individual project. The org- and folder-level rules are automatically applied to existing and new VMs in each relevant project, i.e. hierarchical firewall policies can’t be overridden by VPC firewall rules. More in the blog post.

Cloud Monitoring dashboard templates

Earlier in the year, GCP added a Dashboard API to Cloud Monitoring, allowing users to manage custom dashboard and charts programmatically. Now, GCP is sharing their newly created Github repository with more than 30 dashboard templates to help you get started. The Terraform module for this API is now also available on Github as well.

Pub/Sub message filtering

Pub/Sub now allows you to filter messages at the subscription level. After you create a subscription with a filter, the subscription only delivers the messages that match the filter. Pub/Sub automatically acknowledges the messages that don't match the filter.

How is this useful? At a glance, it seems useful by allowing messages of different types be handled by different subscribers, while maintaining a single topic. Less overhead in maintaining many topics for each type of subscriber.

Beta? GA?

Entered GA Entered Beta For more product updates, visit Google Cloud release notes

Press Releases


  • Firebase Live (Watch Tuesdays at 9:30 PST from June 23rd through July 21st.)
  • Next OnAir (Weekly, starting July 14)


See you next time!

Send me GCP Digest

One newsletter, every two weeks.

We care about the protection of your data. Read our Privacy Policy.