Getting Started with Infrastructure as Code
Securing IaC Deployments on GCP
Deploying Infrastructure as Code on GCP
The course is part of this learning path
Learn how to simplify all of your application infrastructure into just a few configuration files then deploy your code on Google Cloud Platform with this course. We will start by learning the core concepts behind Infrastructure as Code, discussing security best practices when working with IaC, and comparing some popular orchestration and configuration management tools.
After that, we’ll implement version control for our IaC configurations, and learn how we can automate deployment updates using Cloud Build Triggers. Next, we’ll learn how to integrate Google Secret Manager to protect any sensitive data in our source code. Then to tie it all together, we’ll walk through Google Identity and Access Management and learn how to monitor our users and resources on GCP.
After learning the basics, we’ll build our own immutable server images with Google Cloud Build using both Docker and Packer. We’ll then explore a practical usage scenario and build a WordPress deployment with Google Deployment Manager. We’ll also deploy a similar WordPress configuration using Terraform to compare the two methods.
I will be working in Visual Studio Code during the demos for this course, but you are also free to use any other IDE you are comfortable with instead. A demo repository is provided along with this course, and while we will be working with some Python and PHP in our examples, you should still be able to follow along with the demos without any background in either of these languages.
- Build server images from a configuration file using Docker and Packer.
- Learn to use Google Cloud Build with third-party build steps.
- Deploy application infrastructure from code using Google Deployment Manager and Terraform.
- Understand templating systems for Infrastructure as Code.
- Implement version control for Infrastructure as Code.
- Learn to protect secret data in IaC configurations using Google IAM role management and Google Secret Manager.
This course is intended for programmers interested in expanding their knowledge about modern cloud-based DevOps workflows. Learning to manage Infrastructure as Code is beneficial to solo developers who need to focus as much of their time as possible on their application code and not on managing infrastructure. Development teams will also benefit from this course, because implementing IaC provides consistent performance across deployments in multiple environments, which greatly simplifies project collaboration. This course will also help prepare the viewer for the Google Professional Cloud DevOps Engineer certification.
- You should already have a Google Cloud Platform account.
- You should have Google Cloud SDK already installed and initialized.
- You should already have Git installed, and be familiar with its use.
- Demos will be shown in Visual Studio Code, but you're free to use any IDE they are familiar with.
- Demos will utilize some Python and PHP, but you're not required to be fluent in either of these languages to follow along with the examples.
Congratulations, and thanks for making it all the way through this course with me. You should now possess a solid foundation to start your own Infrastructure as Code projects on Google Cloud Platform with a good understanding of how to secure and monitor activity across your application.
One important takeaway from this course is that Infrastructure as Code is a very broad term such that the same application can be deployed with basically the same end result using any number of different configuration methods. For this reason, I have included quite a few reference links in the course resources to help you further explore whichever method suits your needs best.
You should also have a clearer picture of Google Cloud Platform as a collection of service APIs, and a better understanding of the different ways you can interact with these APIs. We can use the Cloud Console for a web interface or the G-Cloud SDK for command line access. We can format the same commands in cloudbuild.yaml files, and use Google Deployment Manager to automate interactions with Google API services. Or we can include the Google Cloud Client Library in our application to allow our app to interact with Google service APIs directly.
For this course, I tried to highlight practical real world examples in the demo repository by creating WordPress deployments from IaC configurations on GCP. WordPress is quite commonly used to run websites, and just as commonly targeted by hackers. We were able to demonstrate how to harden a WordPress site by building our server as an immutable container, and hiding sensitive data in our wpconfig file using Google Secret Manager.
In addition to improved security, the Deployment Manager example also highlights how we can improve the scalability of a WordPress site. By deploying WordPress to a resizable cluster of servers on Google Kubernetes Engine while serving our website data from a GCE persistent disk and using Google Cloud SQL for database storage, we are on our way to turning WordPress into an enterprise grade website solution.
If you'd like to get more advanced with Infrastructure as Code on Google Cloud Platform, I recommend taking an in-depth look at Google Kubernetes Engine next and learning more about container orchestration.
Perhaps you are ready to fully embrace cloud native operations on Google Cloud Platform, in which case I suggest learning more about working with Google App Engine, Cloud Run, and Cloud Functions next. Thanks again for taking my course! Please consider taking a moment to leave a review of your experience, and I hope you continue learning something new every day here on Cloud Academy.
Arthur spent seven years managing the IT infrastructure for a large entertainment complex in Arizona where he oversaw all network and server equipment and updated many on-premise systems to cloud-based solutions with Google Cloud Platform. Arthur is also a PHP and Python developer who specializes in database and API integrations. He has written several WordPress plugins, created an SDK for the Infusionsoft API, and built a custom digital signage management system powered by Raspberry Pis. Most recently, Arthur has been building Discord bots and attempting to teach a Python AI program how to compose music.