GCP Setup and First Steps

Introduction

Google Cloud Platform (GCP) is Google’s suite of cloud services running on its global infrastructure.
It includes hundreds of components such as Compute Engine, Cloud Storage, VPC, IAM, Cloud DNS, App Engine, BigQuery, and Kubernetes Engine.

This guide is designed for system administrators and DevOps engineers who are starting with GCP for the first time.
We’ll go through:

• Creating your GCP account and project
• Configuring IAM roles and service accounts
• Launching a Compute Engine virtual machine
• Setting up VPC and firewall rules
• Uploading files to Cloud Storage

Prerequisites

• An active Google Account (gmail.com or workspace)
• Web browser: Chrome / Firefox / Edge
• Google Cloud Free Tier (comes with 300 USD credit)
• Basic Linux command-line knowledge
• (Optional) gcloud CLI or Cloud SDK installed locally

Note: The Free Tier includes one f1-micro VM, 5 GB of Cloud Storage, and 1 GB of outbound traffic per month for 12 months.

1️⃣ GCP Account and Billing Setup

1.1 Create a Google Cloud account

1. Visit https://cloud.google.com
2. Click “Get started for free”
3. Sign in with your Google account
4. Enter credit card details (verification only)
5. Your free credit will be automatically applied

1.2 Exploring the Console

• Main console: https://console.cloud.google.com
• Use the Project Selector at the top to create or switch projects.
• Left menu includes Compute, Storage, IAM, Networking, Monitoring, etc.

2️⃣ Creating a New Project

1. At the top bar, select Project Selector → New Project
2. Enter a name:

   hmyn-test-project

3. Choose Organization (or leave as “No organization” for personal use).
4. Region: europe-west3 (Frankfurt) is recommended.
5. Click Create.

Each project acts as a logical container for your resources (VMs, networks, IAM).
Projects can have independent billing and IAM policies.

3️⃣ IAM (Identity and Access Management)

3.1 IAM Roles

Access in GCP is managed via roles and policies:

3.2 Add a user

1. Navigate to IAM & Admin → IAM
2. Click Grant Access
3. Enter email: devops@hmyn.net
4. Role: Compute Admin
5. Click Save

3.3 Create a Service Account

For machine-level access:

gcloud iam service-accounts create vm-svc-account   --description="Compute Engine default service account"   --display-name="VM Service Account"

Assign a role:

gcloud projects add-iam-policy-binding hmyn-test-project   --member="serviceAccount:vm-svc-account@hmyn-test-project.iam.gserviceaccount.com"   --role="roles/compute.admin"

4️⃣ Cloud Shell and gcloud CLI

4.1 Start Cloud Shell

Click the “>_” (Activate Cloud Shell) icon in the top right of the console.
This opens a pre-authenticated Linux terminal with 5 GB persistent storage.

4.2 Check CLI version

gcloud version

4.3 Set default project

gcloud config set project hmyn-test-project

4.4 Verify authentication

gcloud auth list

Cloud Shell comes with authentication pre-configured.
To use locally, install Cloud SDK: https://cloud.google.com/sdk/docs/install

5️⃣ Compute Engine: Launching a Virtual Machine

5.1 Using the Console

1. Go to Compute Engine → VM instances → Create Instance
2. Name: demo-vm
3. Region: europe-west3
4. Machine type: e2-micro (Free Tier eligible)
5. Boot disk: Ubuntu 22.04 LTS
6. Enable HTTP and HTTPS traffic
7. Click Create

5.2 Using the CLI

gcloud compute instances create demo-vm   --project=hmyn-test-project   --zone=europe-west3-c   --machine-type=e2-micro   --image-family=ubuntu-2204-lts   --image-project=ubuntu-os-cloud   --tags=http-server,https-server

SSH into the VM:

gcloud compute ssh demo-vm --zone=europe-west3-c

6️⃣ VPC and Firewall Configuration

6.1 Create a custom VPC

gcloud compute networks create hmyn-vpc   --subnet-mode=custom

Add a subnet:

gcloud compute networks subnets create hmyn-subnet-eu   --network=hmyn-vpc   --region=europe-west3   --range=10.10.0.0/24

6.2 Create a firewall rule

gcloud compute firewall-rules create allow-web-traffic   --network=hmyn-vpc   --allow=tcp:80,tcp:443   --source-ranges=0.0.0.0/0   --target-tags=http-server

Tip: Create separate VPCs for prod, dev, and test environments instead of using the default network.

7️⃣ Cloud Storage

7.1 Create a bucket

gsutil mb -p hmyn-test-project -l europe-west3 gs://hmyn-storage-demo/

7.2 Upload a file

echo "GCP test file" > readme.txt
gsutil cp readme.txt gs://hmyn-storage-demo/

7.3 Set permissions

gsutil iam ch allUsers:objectViewer gs://hmyn-storage-demo

URL format:

https://storage.googleapis.com/hmyn-storage-demo/readme.txt

8️⃣ Cloud DNS (Optional)

gcloud dns managed-zones create hmyn-zone   --dns-name="hmyn.net."   --description="Hmyn public DNS zone"

Add a record:

gcloud dns record-sets transaction start --zone=hmyn-zone
gcloud dns record-sets transaction add 52.255.207.28   --name="demo.hmyn.net." --ttl=300 --type=A --zone=hmyn-zone
gcloud dns record-sets transaction execute --zone=hmyn-zone

9️⃣ Cleaning Up Resources

To avoid being charged after your trial:

gcloud compute instances delete demo-vm --zone=europe-west3-c
gcloud compute firewall-rules delete allow-web-traffic
gcloud compute networks delete hmyn-vpc
gsutil rm -r gs://hmyn-storage-demo

🔟 Best Practices

• Follow the principle of least privilege for IAM roles.
• Add labels to all projects: env=dev, owner=itops.
• Set up Billing alerts:

  Billing → Budgets & alerts → Create Budget → Email notifications

• Use Cloud Monitoring for CPU/RAM/disk metrics.
• Rotate SSH keys regularly or enable OS Login.
• Plan backups and snapshots weekly.

Conclusion

With these steps, you have:

✅ Set up your GCP account
✅ Configured IAM and service accounts
✅ Created your first VM
✅ Set up VPC and firewall rules
✅ Uploaded files to Cloud Storage