This section's focused on creating GCP projects, folders, and resources, and how we can use them for resource organization. You'll need to understand these constructs before moving on, and how their groupings can affect your development environment. To start, a project is at the lower level, and it's a logical group that bundles resources together. Any resources you create in Google Cloud Platform, whether they're Compute instances, Cloud Storage buckets, or Cloud SQL databases, have to be nested under a project. Projects then can be nested under folders, which are just groupings of projects. Folders can't have individual resources in them, only projects that contain resources or other folders. Folders can also be nested under an Organization, which sits at the top level of the hierarchy. This structure is important when it comes to assigning permissions because permissions can be assigned at any of the levels and will apply to any resources that are below that.

So here's an example. Let's say I have an Organization called contoso.com. Under that Organization is a folder called App1, and under that folder are three projects: Dev, Test, and Production. These should all have the same resources in them just with different scopes of access. So let's say I assign the Compute Editor permissions to someone at the App1 level, at the folder level. These permissions would allow that person to modify any running Compute instances, or create new ones, so in Dev, Test, or Product. That's not necessarily a best practice. So imagine then that I assigned it to them at the Dev level instead. Now they would only have the ability to do that at the Dev level; they wouldn't be able to touch Test or Production.

You can assign different permissions to them at the App1 folder level, like viewer, so they can see the other resources but they only have access to edit the ones in Dev. This is also considered a best practice for billing because Google Cloud Platform allows you to track what is spent by project, folder, and Organization level. That's a little out of scope for the course, but it's always good to know how to track spending in the cloud.

Now that you have a better understanding of how resources are organized with GCP, let's take a look at how we can create and manage them in the Console. All right, so here I am in my Google Cloud Console, and the first thing I need to do is create a project. And there are two ways to do this which will go. The first is, I'm gonna go up here to the top and I have the option to do a new project. And let's call this one Cloud Academy. Now you'll see it gives us the option to add a parent organization or folder here, because I am not on a G Suite account or an Enterprise account, I'm not gonna have that option. But, if you were on such an account, that's where it would be.

So let's go ahead and cancel out of this because I actually wanna show the other way to do this first, and that is through the CLIs. We're gonna activate Cloud Shell. Now, Cloud Shell is essentially a terminal with the Google Cloud SDK already built onto there. So we're gonna wait a couple of seconds for this to provision, and then we will have a full terminal in browser that we can use.

All right, great, our Cloud Shell has spun up. Now we can go ahead and create our project. And to do that I'm gonna run gcloud projects create, and then this will be our project ID, so I'll go ahead and call this cloudacademy. And if we had an organization or a folder here, we would be able to add the folder or organization as parameters to this. Since we don't, we'll just go ahead and run this. And it says that this project's already in use. So I will go ahead and call this cloudacademy-gcp. These do have to be globally unique. All right, great, that is all set. Now I'm gonna go ahead and switch to it with gcloud config set project and we'll make this the project we just created. All right, and we can see in my prompt my project has changed and we're ready to proceed.