Skip to Content

Google Associate Cloud Engineer: Restricting Google Cloud Resource Creation to US Locations for Dev Teams

By: Author Alex Lim

Posted on

Categories Exam

Learn how to effectively limit dev teams’ ability to create Google Cloud resources only in US locations using organization policies and folders.

Table of Contents

Question

All development (dev) teams in your organization are located in the United States. Each dev team has its own Google Cloud project. You want to restrict access so that each dev team can only create cloud resources in the United States (US). What should you do?

A. Create a folder to contain all the dev projects. Create an organization policy to limit resources in US locations.
B. Create an organization to contain all the dev projects. Create an Identity and Access Management (IAM) policy to limit the resources in US regions.
C. Create an Identity and Access Management (IAM) policy to restrict the resources locations in the US. Apply the policy to all dev projects.
D. Create an Identity and Access Management (IAM) policy to restrict the resources locations in all dev projects. Apply the policy to all dev roles.

Answer

A. Create a folder to contain all the dev projects. Create an organization policy to limit resources in US locations.

Explanation

The correct approach to restrict access so that each dev team can only create cloud resources in the United States is:

A. Create a folder to contain all the dev projects. Create an organization policy to limit resources in US locations.

Here’s why:

  1. Folders allow you to group related projects together and apply policies consistently across them.
  2. Organization policies provide a centralized way to enforce restrictions on resource locations at the folder level.
  3. By creating a folder for all dev projects and applying an organization policy to limit resources to US locations, you ensure that the restriction applies to all projects within the folder.
  4. IAM policies (options B, C, and D) are not the appropriate mechanism for restricting resource locations. They are used to control access to resources based on roles and permissions.

To implement this solution:

  1. Create a folder in the Google Cloud Console or using the Cloud SDK.
  2. Move all dev projects into the newly created folder.
  3. Define an organization policy at the folder level to restrict resource locations to US.
  4. The policy will propagate to all projects within the folder, ensuring that dev teams can only create resources in US locations.

By following this approach, you can effectively limit the dev teams’ ability to create resources outside of the United States, maintaining control over resource locations across all dev projects.

Google Associate Cloud Engineer certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Google Associate Cloud Engineer exam and earn Google Associate Cloud Engineer certification.