Google Cloud Architecture - Project setup for multiple regions
Question
I am trying to startup a team which requires resources to be deployed in 3 cloud regions which are to be isolated from each other. Currently we have 2 environments - dev & prod, so the plan is to have 2 GCP projects - 1 for dev and 1 for prod(Each containing the 3 regions).
From what I understand in GCP, you can have all 3 regions in the same project and VPC(as VPCs are global) and therefore just have this one 1 VPC in each project. The current plan for the architecture is to just deploy the serverless applications to their specific regions. However when I looked into it more, it seems that having all 3 regions resources in the same project and VPC would make it less isolated than the other proposed solution of having 3 dev project, and 3 prod projects(ie 1 region per project per environment).
I couldn't find anything detailing what the best practises were for this kind of scenario so any help would be appreciated!
1 answers
solution1
1 2022-10-03 12:03:34
All depends on what do you want to isolate. Serverless services are isolated by default (it's container with independent identity and access management).
In term of VPC, you can keep 1 project but create 3 VPC in the same project, 1 per region. You will be isolated at.network level.
But, even if your VPCs are isolated, the accounts (users or service) can access to all the VPCs of the project (if you are a compute Admin user, you can create a VM, whatever the VPC). If you need more isolation, you have to create different project to give permissions only to the correct region to the accounts.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.