Learn the most scalable way to automatically check for missing labels on Google Compute Engine VMs and assign them to ensure compliance, using Cloud Audit Logs and Cloud Functions.
Table of Contents
Question
Your infrastructure team is responsible for creating and managing Compute Engine VMs. Your team uses the Google Cloud console and gcloud CLI to provision resources for the development environment. You need to ensure that all Compute Engine VMs are labeled correctly for compliance reasons. In case of missing labels, you need to implement corrective actions so the labels are configured accordingly without changing the current deployment process. You want to use the most scalable approach. What should you do?
A. Use a Cloud Audit Logs trigger to invoke a Cloud Function when a Compute Engine VM is created. Check for missing labels and assign them if necessary.
B. Deploy resources with Terraform. Use the gcloud terraform vet command with a policy to ensure that every Compute Engine VM that is provisioned by Terraform has labels set.
C. Write a script to check all Compute Engine VMs for missing labels regularly by using Cloud Scheduler. Use the script to assign the labels.
D. Check all Compute Engine VMs for missing labels regularly. Use the console to assign the labels.
Answer
A. Use a Cloud Audit Logs trigger to invoke a Cloud Function when a Compute Engine VM is created. Check for missing labels and assign them if necessary.
Explanation
The most scalable approach to ensure all Compute Engine VMs are labeled correctly for compliance reasons is:
A. Use a Cloud Audit Logs trigger to invoke a Cloud Function when a Compute Engine VM is created. Check for missing labels and assign them if necessary.
Explanation:
This serverless solution will automatically trigger whenever a new Compute Engine VM is provisioned, regardless of how it is created (gcloud CLI, Google Cloud Console, APIs, etc).
The Cloud Audit Logs trigger will invoke a Cloud Function to inspect the newly created VM. The function’s code will check if the required compliance labels are present. If any mandatory labels are missing, the Cloud Function will use Google Cloud APIs to assign the appropriate labels to the VM.
This approach is the most scalable because:
- It leverages event-driven serverless compute (Cloud Functions) that scales automatically
- It triggers automatically on VM creation via Cloud Audit Logs – no manual intervention needed
- It works seamlessly with the existing deployment processes (gcloud and console) without requiring changes
- There are no servers or scheduled jobs to manage
The other options are not ideal because:
- Option B only works for Terraform deployments, not gcloud or console
- Options C and D rely on scheduled scripts that are less scalable and robust than event-driven functions
In summary, using a Cloud Audit Logs trigger and Cloud Function to automatically detect and fix missing compliance labels is the most scalable, seamless solution for ensuring proper labeling of Compute Engine VMs.
Google Professional Cloud Developer certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Google Professional Cloud Developer exam and earn Google Professional Cloud Developer certification.