Joshua's Docs - Google Cloud Platform (GCP) - Misc notes

Quick Links

Phantom Usage

You might see usage in your GCP console that seems like "ghost" or "phantom" usage, that you have no idea where it is coming from or how it could be generated based on your actual resources.

Usually this usage is actually coming from GCP itself; for example, if you are using the web console features a lot, it is making API calls to your GCP account to do things like list the resources you are using. And in general, GCP needs to make various "admin" API calls to keep tabs on everything.

For example, I started seeing a bunch of compute.v1.InstancesService.List calls as I started to use my dashboard more.

Relevant S/O: here

Cloud Firestore

  • How do you scope permissions for it? Auth?
    • You can use security roles to setup roles for access within a collection
    • Connection is established with an API key
      • If you use Firestore via a front-end API (e.g. in the browser itself, with JS), then that API key is exposed by default to all users
      • If you only use the API via a backend (Node, C#, etc), then you could wrap your calls to Firestore with your own auth checks to scope access
Markdown Source Last Updated:
Mon Jan 06 2020 20:35:34 GMT+0000 (Coordinated Universal Time)
Markdown Source Created:
Mon Jan 06 2020 20:35:34 GMT+0000 (Coordinated Universal Time)
© 2024 Joshua Tzucker, Built with Gatsby