When migrating to GCP from AWS some features are front-and-center – like projects & folders. The IAM design differences are a bit less obvious until they bite you. In order to practice POLP (Principle of Least Privilege) on GCP , the hiearchy of IAM permissions will need to be transformed. Whereas AWS IAM focuses on configuration mapping principles to resources & roles, GCP offers a more prominent inheritance model of Org → Folders → Projects → Resources. Moreover, many resources like...| Tony Metzidis
Identity threat detection and response startup Permiso Security Inc. today launched a new open-source tool aimed at simplifying one of the biggest pain points in cloud defense: inconsistent logging across platforms. Called P0LR Espresso, the first part short for P0 Labs Live Response, the framework normalizes cloud runtime logs to give security teams faster, clearer insights when […] The post Permiso launches open-source P0LR Espresso to normalize cloud logs for faster threat response app...| SiliconANGLE
GCP Introduces PREPRUFE SCS Plus: Enhanced Blindside Waterproofing for Shotcrete Applications| gb&d magazine
Introduction: What is Workload Identity Federation? Workload Identity Federation (WIF) allows workloads running in Google Cloud (e.g., GKE pods) to securely access AWS resources (like S3) without storing static AWS credentials. Instead of using long-lived access keys, GCP workloads exchange Google identity tokens for temporary AWS credentials via AWS STS (Security Token Service) Use Case […]| ITGix
At PrestoCon Day 2025, Uber presented their innovative solution for optimizing petabyte-scale data analytics by deploying a distributed cache using Alluxio for Presto. Their journey was driven by significant challenges during a massive cloud migration, including read slowness and overwhelming HDFS clusters on-premises, and later high GCS egress costs and file access charges in the... The post Unlocking Petabyte-Scale Performance: Uber’s Journey with Alluxio Distributed Cache appeared firs...| PrestoDB
At PeerDB, we are building a fast and a cost-effective way to replicate data from Postgres to Data Warehouses such as Snowflake, BigQuery, ClickHouse, Postgres and so on. All our customers run Postgres at the heart of the data stack, running fully ma...| PeerDB Blog
Lately, I've been interested in how third party vendors can best authenticateinto their customers' cloud accounts. The status quo in AWS is usually role assumptionfrom the vendor's account to the customers', but what about GCP and Azure? CanOIDC be used to authenticate into all three clouds in approximately the same way?I think the answer is yes, and this blog post aims to show how to do so.| Aidan Steele's blog (usually about AWS)
Running a full-blown 24/7 running service is sometimes not a good fit for a feature. Serverless functions (also known as Lambdas or Cloud functions) is an alternative for those single-purpose kind of features. The major cloud providers have their own flavors of Serverless, and Cloud Functions is the one on Google Cloud Platform (GCP).| Agile & Coding
When you're running 1000+ microservices across Southeast Asia's most complex transport and delivery platform, 'good enough' stops being good enough. Discover how Grab tackled the challenge of migrating from Consul to Istio across a hybrid infrastructure spanning AWS and GCP, separate AWS organizations, and diverse deployment models. This isn't your typical service mesh migration story. We share the real challenges of designing resilient architecture for massive scale, the unconventional decis...| Grab Tech
Hello, we're Daniel and Bruno from Slauth.io, and we're thrilled to introduce an awesome solution that automates the generation of secure IAM policies by scanning your code. Development teams rely on us to automate IAM Policy creation (Save about ~1 ...| Slauth.io - The IAM Copilot's blog
gcloud-sdk At the time of this writing, there is no official Google Cloud library for rust. Google started working on google-cloud-rust, but it’s still under development. The most popular alternative seems to be gcloud-sdk, so that’s what we’ll be using. This SDK uses tonic to build the gRPC clients, so a little familiarity with tonic, might be helpful. Since we are going to focus on the Storage API, we need to add this dependency to our Cargo.toml file: 1 gcloud-sdk = { version = "0.27...| ncona.com
Infrastructure as Code (IaC) has evolved beyond simple automation into a fundamental shift toward applying software engineering practices to infrastructure management. In 2025, leading organizations aren’t just provisioning infrastructure—they’re treating it as software, complete with testing, version control, code reviews, and continuous integration. As infrastructure complexity grows, teams increasingly seek approaches that provide the same developer productivity tools they use for ap...| Pulumi Blog
At work, we recently upgraded our multi-terabyte PostgreSQL database| ananthakumaran.in
ICH E6(R3) is here—are you ready? Learn how this major GCP update reshapes clinical trial oversight with risk-based proportionality, quality by design, and regulatory alignment. Discover key actions sponsors must take now.| Advarra - Advancing Better Research
Jenkinsfile-Runner-Google-Cloud-Run project is a Google Cloud Run (a container native, serverless platform) Docker image to run Jenkins pipelines. It will process a GitHub webhook, git clone the repository and execute the Jenkinsfile in that git repository. It allows high scalability and pay per use with zero cost if not used. Continue reading →| Carlos Sanchez's Weblog
To push to Google Container Registry (GCR) we need to login to Google Cloud and mount our local $HOME/.config/gcloud containing our credentials into the kaniko container so it can push to GCR. GCR does support caching and so it will push the … Continue reading →| Carlos Sanchez's Weblog
Here, you will learn how to deploy VM instances with Consoles, CLI and Terraform in Google Cloud in a detailed manner. Step in to get clarification on it.| Whizlabs Blog
本文将简单探索一下前段时间 GKE 官宣的名为 Workload Identity Federation for GKE 的特性。 功能介绍¶ Workload Identity Federation for GKE 是原有的 GKE Workload Identity 特性的改进版本, 核心的改进是减少了需要配置的信息,提升了用户体验。 使用方法¶ 可以通过下面几个步骤体验该特性: 创建一个启用 Workload Identity Federation for GKE 特性的 GKE 集群。具体启用位置是:创建集群 - 安全 - 启用 Wor...| mozillazg's Blog
In this article, we will briefly explore a feature called "Workload Identity Federation for GKE" that was recently announced by GKE in their official blog. Features Overview Workload Identity Federation for GKE is an improved version of the original GKE Workload Identity feature. The main improvement is that it needs less configuration and offers better user experience. How to Use Follow these steps to try this feature: Create a GKE cluster with Workload Identity Federation for GKE enabled. Y...| mozillazg's Blog
Many companies face the challenge of efficiently processing large datasets for analytics. Using an operational database for such purposes can lead to performance issues or, in extreme cases, system failures. This highlights the need to transfer data from operational databases to data warehouses. This approach allows heavy analytical queries without overburdening transactional systems and supports shorter retention periods in production databases.| blog.allegro.tech
If you need to “import a Terraform module”, it is critical to understand that importing a module state is not a single bundled operation. Instead, you must import each of the resources inside the module individually. It is unfortunate that you cannot simply supply the module identifier and its variable values to import all its ... Terraform: importing a module by its individual resources| Fabian Lee : Software Engineer
A lot of companies are trying to figure out how AI can be used to improve their business. Most of them are struggling to not just implement AI, but to even find use cases that aren’t contrived and actually add value to their customers. We recently discovered a compelling use case for AI integration in … Continue reading "Automating Infrastructure as Code with Vertex AI" --- Automating Infrastructure as Code with Vertex AI was first posted on November 5, 2024 at 3:23 pm. ©2018 "Brave New ...| Brave New Geek
Google is building a new datacenter in...well, I wouldn't have guessed this city.| LowEndBox
In my last post, I talked about the benefits of an opinionated platform. An opinionated platform allows your engineers to focus on things that matter to your business, such as shipping and improvin…| Brave New Geek
Ensure GCP compliance throughout your clinical research lifecycle with a comprehensive guide to GxP audits.| Advarra
When you talk to a doctor about a medical issue they will often present you with all of the options but shy away from providing an unambiguous recommendation. When you talk to a lawyer about a lega…| Brave New Geek
If you receive an error similar to below when calling the GCP API using ADC login credentials with either gcloud or terraform: Cannot add the project "myproj-i1wsbbn8pkfeq3jhkcg0z4" to ADC as the quota project because the account in ADC does not have the "serviceusage.services.use" permission on this project. You might receive a "quota_exceeded" or "API not ... GCP: quota project error when invoking GCP API using ADC application-default| Fabian Lee : Software Engineer
If you need to determine at the CLI whether a GKE cluster is managed using Standard or Autopilot mode, this is available by using gcloud to describe the cluster. # identify cluster and location gcloud container clusters list cluster_name=<clusterName> location_flag="--region=<region>" # OR --zone=<zone> # returns 'True' if GKE AutoPilot cluster # returns empty if standard ... GCP: determining whether GKE cluster mode is Standard or Autopilot| Fabian Lee : Software Engineer
In a previous post, I explained the fundamental competing priorities that companies have when building software: security and governance, maintainability, and speed to production. These three conce…| Brave New Geek
Real Kinetic helps businesses transform how they build and deliver software in the cloud. This encompasses legacy migrations, app modernization, and greenfield development. We work with companies r…| Brave New Geek
$1 per TB per Month.| dpron
I think it’s safe to say Kubernetes has “won” the cloud mindshare game. If you look at the CNCF Cloud Native landscape (and manage to not go cross eyed), it seems like most of the projects are some…| Brave New Geek
This post analyses Google Cloud routing tiers and how they relate in the BGP world| Personal blog of Anurag Bhatia
VMware Cloud Automation Services went GA 2 days ago, on the 15/1/2019. There is already a ton of blogs, describing the solution. I thought that I would give my view on one of the things, that i find most cool about the solution. Note that i’m no expert, but I already love the solution, and i’m looking forward to learning more about what I, and the customers I talk to, can do with it.| Robert-Jensen.dk