Learn the best practices for setting up user authentication and deploying a scalable web application on Google Cloud using Identity Aware Proxy and Cloud Run. Minimize infrastructure management effort with these cloud-native solutions.
Table of Contents
Question
You are developing a scalable web application for internal users. Your organization uses Google Workspace. You need to set up authentication to the application for the users, and then deploy the application on Google Cloud. You plan to use cloud-native features, and you want to minimize infrastructure management effort. What should you do? (Choose two.)
A. Create a Compute Engine VM, configure a web server, and deploy the application in a VPC.
B. Containerize the application, and deploy it as a Cloud Run service.
C. Configure Cloud SQL database with a table containing the users and password hashes. Add an authentication screen to ensure that only internal users can access the application.
D. Configure Identity Aware Proxy, and grant the roles/iap.httpsResourceAccessor IAM role to the users that need to access the application.
E. Configure Identity Aware Proxy, and grant the roles/iap.tunnelResourceAccessor IAM role to the users that need to access the application.
Answer
B. Containerize the application, and deploy it as a Cloud Run service.
D. Configure Identity Aware Proxy, and grant the roles/iap.httpsResourceAccessor IAM role to the users that need to access the application.
Explanation
To set up authentication for internal users and deploy a scalable web application on Google Cloud with minimal infrastructure management, you should:
- Containerize the application and deploy it as a Cloud Run service (Option B). Cloud Run is a fully managed serverless platform that automatically scales your stateless containers based on demand. It abstracts away infrastructure management, allowing you to focus on building your application. By containerizing your application, you can package your code and dependencies into a portable and reproducible unit that can be easily deployed on Cloud Run.
- Configure Identity Aware Proxy (IAP) and grant the roles/iap.httpsResourceAccessor IAM role to the users that need to access the application (Option D). IAP is a security service that lets you establish a central authorization layer for applications accessed by HTTPS. It uses Google’s identity and access management (IAM) to authenticate and authorize users. By granting the roles/iap.httpsResourceAccessor role, you allow specific users to access the IAP-secured HTTP resources, ensuring that only authorized internal users can access your application.
Using Cloud Run and IAP together provides a secure and scalable solution for deploying your web application and authenticating internal users. It leverages Google’s managed services and integrates with Google Workspace for user authentication, minimizing the effort required to manage infrastructure and user access.
Options A and C are not recommended because they involve manual infrastructure management and less secure authentication methods. Option E is incorrect because the roles/iap.tunnelResourceAccessor role is used for accessing TCP forwarding resources, not HTTP resources.
Google Professional Cloud Developer certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Google Professional Cloud Developer exam and earn Google Professional Cloud Developer certification.