GCP Digest Issue 6

17 August 2020
Back to homepage

GCP Digest was supposed to go out last week but I was too tired after work to make that happen. I don't think anyone noticed, and it turned out there was nothing too groundbreaking going on these few weeks given the US summer break and the already "ground shattering" stuff announced during the first few weeks of Next OnAir. I might apply this "cheat week" strategy now and then, is anyone complaining? It was also tempting to leave GCP Digest out in the cold but I am always surprised by the amount of stuff I learn by forcing myself to write this digest. 

On the personal side, I started a "Cloud Architect" job with that title, similar to the name on the Professional Cloud Architect certification that GCP is offering. Interestingly, only GCP calls it Cloud Architect, AWS calls it Certified Solutions Architect, and Azure calls it Azure Solutions Architect. I guess I dare venture to say that I am now a (rookie?) solutions architect. Do I miss coding on the job? No, not at all. For now, my organization expects me to be architect, prototyper (with code), cloud engineer, cloud security, and cloud ops, all in one, while making sure developers don't screw up on deployment and architecture. I guess that sounds about right when you are an in-house solutions architect? You can't cook up new scenarios and requirements every month when you are in-house. I guess the main job is to make cloud happen for the organization successfully, which includes trying to make devs more cloud native and cloud proficient. We shall see how it goes :) 

Happy reading!
- Jonathan Lin

Google Cloud Security Showcase shows the way

As a cloud professional, when someone asks me about cloud security and how it could be ensured, in my mind I just think about not doing stupid stuff. Getting into the specifics is more challenging, and tends to be an afterthought. It's good that Google Cloud is helping out people like me with specifics step-by-step videos on how to address the most common security issues with the Google Cloud Security Showcase.

"The Google Cloud Security Showcase is a video resource that’s focused on solving security problems and helping you create a safer cloud deployment. The showcase currently has almost 50 step-by-step videos on specific security challenges or use cases—complete with actionable information to help you solve that specific issue—so there’s sure to be something for every security professional." Check out the blog post.

Containerizing Java applications with Jib

Ignoring the fact that the name of this tool rhymes with the name of the notorious (and ousted) ex-Prime Minister of Malaysia, Jib helps you containerize your Java applications without Docker, and without a Dockerfile.

"When it comes to building Docker images for Java applications, Jib has become a developer favorite; even if you’re brand new to Docker, Jib can turn any Java app into a space-efficient, optimized container image. Jib builds container images reproducibly in a declarative manner, delivers an impressively short edit-compile-test development cycle, transparently applies container best practices, and doesn’t require you to install Docker or write a script-like Dockerfiles." More in the blog post.

Better BigQuery pricing flexibility with 100 slots

The data warehouse wars are raging, and BigQuery needs to be more competitive. And now they have responded in the pricing section. Using slots, you can avoid paying BigQuery based on the on-demand price per TB of data processed. In other words, using slots is like purchasing dedicated vCPUs for your own use, and since they are like VMs, they are fixed price to you for that duration of time. Purchasing too few slots will result in slower queries, because the slots are limited and any excess work is queued up to be handled once the existing slots are freed up.

"Starting now, you no longer need to purchase a minimum of 500 slots to take advantage of the slots billing model... Purchase as few as 100 slots at a time, Purchase in increments of 100 slots.". To give an idea, 100 slots on an annual contract cost $1,700 per month, and 100 slots on a monthly commitment type cost $2,000 per month. You can even try out "flex slots" that are short-term commitments of 60 seconds, at an hourly cost of $4.00 per hour for 100 slots. See the blog post.

Firestore solutions guide

There is now a guide to help you build scalable applications with Firestore in Google Cloud's Solutions pages. More in the blog post.

Google Cloud security best practices center

"This week we launched our Google Cloud security best practices center, a new web destination that delivers world-class security expertise from Google and our partners. This expertise, in the form of security blueprints, guides, whitepapers, and more, can help you accelerate your move to cloud while prioritizing security and compliance. And with downloadable, deployable templates and code, it can help you automate more secure deployment of services and resources." More in the blog post.

Cloud Run adds support for gradual rollouts and rollbacks

"Cloud Run, our fully managed container compute platform, now allows you to have more control over the rollout of your changes. As always, any change to the configuration of a Cloud Run service creates a new revision, and by default, Cloud Run automatically rolls 100% to newly created revisions. But now you can also decide to manually split traffic between revisions, allowing you to gradually roll out revisions or roll back to an older revision." See the blog post.

Cloud Armor gets more armor

For the uninitiated, Cloud Armor helps protect your applications and websites against denial of service and web attacks. With it, you can mitigate OWASP Top 10 risks and help protect workloads on-premises or in the cloud.
  1. Beta release of Cloud Armor Managed Protection Plus, a bundle of products and services that helps protect your internet-facing applications for a predictable monthly subscription fee. 
  2. Google-curated Named IP Lists is now available as a beta.
  3. GCP continues to expand their set of pre-configured WAF rules by launching beta rules for Remote File Inclusion (RFI), Local File Inclusion (LFI), and Remote Code Execution (RCE).
More in the blog post.

Private Service Connect simplifies secure access to services

In alpha, Private Service Connect "allows you to connect and consume first- and third-party as well as customer-owned services easily and privately. It creates service endpoints in consumer VPCs that provide private connectivity and policy enforcement, allowing you to easily connect services across different networks and organizations."

My translation: Seems to be like this is a service mesh for things that aren't colocated in a Kubernetes cluster or hosted in Google Cloud. This seems like it overlaps with Traffic Director, but for 3rd party services as well. Enhancement to Cloud Endpoints, but cheaper option to Apigee? It does feel like clouds like Google use such products to bring you to cloud faster at the cost of incurring more technical debt. Clean it up later, of course, and later again. 

More in the blog post

Cloud-based maps styling now available for the Maps Static API

"Cloud-based maps styling" allows you to customize, style, manage, and deploy changes to your maps from the Google Maps Platform tab in the Google Cloud console. Now, this feature is also available in the Maps Static API. See blog post

Beta? GA?

The list below is best-effort and not meant to be exhaustive.

Entered GA Entered Beta This list is shorter than what it seems because it's summer now in the US, and also my usual source has gone on summer break ;)

For more product updates, visit Google Cloud release notes


  • Next OnAir (Weekly for 9 weeks, starting July 14)


I can keep copying and pasting links from the Google Cloud blog, or you can head on there and look around! A lot more interesting stuff!!!

See you next time!

Send me GCP Digest

One newsletter, every two weeks.

We care about the protection of your data. Read our Privacy Policy.