Organization, folders, and projects
Learning how GCP organization structure maps to the enterprise patterns that are easier to recognize in AWS.
Lab
Where new cloud ideas become hands-on practice.
The lab tracks the questions I am actively unpacking, especially in GCP: identity, hierarchy, BigLake governance, storage design, and how to recreate enterprise patterns without drifting into manual shortcuts.
Current focus
The GCP rebuild in practical terms.
Identity and safe platform access
Service accounts, Workload Identity Federation, remote Terraform state, and least-privilege bootstrap design.
Silver in object storage, Gold in BigQuery
Working through when to expose Silver externally and when to materialize data into the warehouse.
BigLake policies and hands-on learning
Using the project to understand how governed external access really works in practice.
Questions driving the work
The lab is trying to answer these properly.
How should enterprise GCP environments be separated cleanly?
One project per environment, reusable logic, and no hidden hardcoded drift across dev, staging, and prod.
How should a local machine connect safely to cloud systems?
Not only browser login, but also CLI auth, ADC, impersonation, and federated CI/CD access.
What should stay in storage and what should live in the warehouse?
Choosing between object-storage-served datasets and native warehouse tables based on cost, governance, and consumer needs.
Lab discipline
Experiments should still feel enterprise-grade.
No manual shortcuts where IaC belongs
If the setup belongs in Terraform, the lab should treat it that way.
Keep the reasoning visible
Every meaningful decision should leave behind a clear explanation, not only a working state.
Build once for multiple environments
The same logic should be deployable across environments with controlled configuration and no amateur hardcoding.
Keep the learner view without lowering the standard
The writing should stay simple enough to teach clearly while still staying true to enterprise practice.