☁️ Google Cloud Professional Cloud Architect

Professional Cloud
Architect Path

Master cloud architecture on Google Cloud — from solution design and infrastructure provisioning to security, compliance, and operational excellence. 6 deep-dive study guides mapped to all 6 exam sections.

Begin with Section 01 →
6
Study Guides
6
Exam Sections
6
Notebooks
🌐
Open Source
All Study Guides
Each guide covers key concepts with hands-on examples.
Section 1 · Designing and Planning a Cloud Solution Architecture (~25%)
GUIDE 01 · SECTION 1
Designing and Planning a Cloud Solution Architecture
Business/technical requirements, Well-Architected Framework, network/storage/compute design, migration planning, and AI/ML solutions with Gemini and Agent Builder.
Well-ArchitectedMigrationComputeGemini
Section 2 · Managing and Provisioning Cloud Infrastructure (~17.5%)
GUIDE 02 · SECTION 2
Managing and Provisioning Cloud Infrastructure
Network topologies, storage systems, compute platforms, Vertex AI ML workflows, and prebuilt AI solutions and APIs.
VPCGKECloud StorageVertex AI
Section 3 · Designing for Security and Compliance (~17.5%)
GUIDE 03 · SECTION 3
Designing for Security and Compliance
IAM, resource hierarchy, encryption, Cloud KMS, VPC Service Controls, Model Armor, Identity-Aware Proxy, HIPAA, SOC 2, and data sovereignty.
IAMCloud KMSVPC-SCCompliance
Section 4 · Analyzing and Optimizing Processes (~15%)
GUIDE 04 · SECTION 4
Analyzing and Optimizing Processes
SDLC best practices, CI/CD pipelines, disaster recovery planning, stakeholder management, and cost optimization strategies.
CI/CDDR PlanningCost OptimizationSDLC
Section 5 · Managing Implementation (~12.5%)
GUIDE 05 · SECTION 5
Managing Implementation
Deployment strategies, API management with Apigee, testing frameworks, Gemini Cloud Assist, Cloud SDKs, and IaC with Terraform.
TerraformApigeeCloud DeployIaC
Section 6 · Ensuring Solution and Operations Excellence (~12.5%)
GUIDE 06 · SECTION 6
Ensuring Solution and Operations Excellence
Well-Architected Framework operational excellence, observability, monitoring, logging, deployment management, reliability, chaos engineering, and load testing.
ObservabilitySREChaos EngineeringReliability
Glossary
VPC (Virtual Private Cloud)
A logically isolated network within Google Cloud. Supports subnets, firewall rules, routes, Private Google Access, and VPC peering for cross-project connectivity.
GKE (Google Kubernetes Engine)
Managed Kubernetes service for deploying, managing, and scaling containerized applications. Supports Autopilot (fully managed) and Standard (configurable) modes.
Cloud Run
Fully managed serverless platform for running stateless containers. Scales to zero, supports HTTP and gRPC, with pay-per-request pricing.
IAM (Identity and Access Management)
Google Cloud's access control system. Follows the principle of least privilege with roles (basic, predefined, custom) bound to members at organization, folder, project, or resource level.
Cloud KMS
Key Management Service for creating and managing encryption keys. Supports symmetric/asymmetric keys, key rotation, and integration with CMEK for customer-managed encryption.
Terraform
HashiCorp's Infrastructure as Code tool. Declarative HCL configuration files define desired state of cloud resources. Google provider supports all GCP services.
Well-Architected Framework
Google Cloud's framework for building reliable, secure, cost-effective, and performant systems. Pillars: Operational Excellence, Security/Privacy/Compliance, Reliability, Cost Optimization, Performance Optimization.
Cloud Spanner
Globally distributed, strongly consistent relational database. Combines SQL semantics with horizontal scalability. Ideal for financial and inventory systems requiring global consistency.
Cloud SQL
Fully managed relational database service for MySQL, PostgreSQL, and SQL Server. Supports high availability with regional instances, automated backups, and read replicas.
BigQuery
Serverless, multi-cloud data warehouse for analytics at petabyte scale. Supports SQL queries, ML (BQML), BI Engine, streaming inserts, and federated queries across data sources.
Apigee
Full-lifecycle API management platform. Provides API proxies, rate limiting, analytics, developer portals, and monetization for internal and external API programs.
Cloud Armor
DDoS protection and web application firewall (WAF) service. Integrates with external HTTP(S) load balancers for IP allowlisting, geo-blocking, and OWASP Top 10 rule sets.
VPC Service Controls
Security perimeters around GCP resources to prevent data exfiltration. Defines service perimeters that restrict API access to authorized VPC networks and projects.
Identity-Aware Proxy (IAP)
Zero-trust access control for applications. Verifies user identity and context before granting access, without requiring a VPN. Integrates with Cloud IAM policies.
Cloud CDN
Content Delivery Network that caches HTTP(S) load-balanced content at Google's edge. Reduces latency and origin server load for static and dynamic content.
Cloud Interconnect
Dedicated or partner interconnect for private, high-bandwidth connectivity between on-premises and Google Cloud. Lower latency and more consistent throughput than VPN.
Cloud Build
Serverless CI/CD platform that executes builds on Google Cloud. Supports Docker, custom builders, triggers from source repos, and deployment to GKE, Cloud Run, and App Engine.
Cloud Deploy
Managed continuous delivery service for GKE and Cloud Run. Provides delivery pipelines with promotion, approval gates, rollback, and canary deployment strategies.
Gemini
Google's frontier multimodal AI model family. Available via Vertex AI for text, image, video, and audio understanding. Powers Gemini Cloud Assist for cloud operations.
Agent Builder
Vertex AI feature for building conversational AI agents and search applications. Supports grounding with enterprise data, RAG patterns, and multi-turn conversations.
Model Garden
Vertex AI's catalog of foundation models -- Google (Gemini, Imagen), open-source (Llama, Mistral), and partner models. Supports one-click deployment and fine-tuning.
Cloud Monitoring
Observability service for metrics, dashboards, and alerting. Collects metrics from GCP services, custom metrics via OpenTelemetry, and uptime checks for availability monitoring.
Cloud Logging
Centralized log management for storing, searching, analyzing, and exporting logs. Supports log-based metrics, log sinks to BigQuery/GCS/Pub/Sub, and audit logging.
SLO / SLI / SLA
Service Level Objective (target), Indicator (metric), and Agreement (contract). Core SRE concepts for defining and measuring service reliability targets.
Shared VPC
Allows a host project to share its VPC network with service projects. Centralizes network administration while allowing workload deployment across multiple projects.
Cloud Storage
Object storage with multiple classes: Standard, Nearline (30-day), Coldline (90-day), Archive (365-day). Supports lifecycle policies, versioning, retention locks, and signed URLs.
Filestore
Managed NFS file storage for applications that require a file system interface. Supports Basic and Enterprise tiers with different performance and availability characteristics.
Pub/Sub
Fully managed, real-time messaging service for event-driven architectures. Supports at-least-once delivery, ordering, dead-letter topics, and push/pull subscriptions.
Dataflow
Fully managed stream and batch data processing service based on Apache Beam. Used for ETL pipelines, real-time analytics, and data transformation at scale.
Model Armor
Security service for protecting AI/ML models from adversarial attacks, prompt injection, and data poisoning. Provides input validation and output filtering for generative AI workloads.