If your organization is moving from AWS to Google Cloud Platform, or you simply want to learn how to use an alternate cloud provider, GCP is pretty similar to AWS, and easy to pick up. We’ll discuss the differences and similarities.
Permissions Work Differently
The most major change is how the permissions work, and how you manage access for other users in your organization. Both GCP and AWS call this feature Identity and Access Management, or IAM, but GCP takes a different approach.
On AWS, “IAM users” are used for employee accounts and service users, and can be given any number of permissions, grouped together into a policy. It’s commonplace for this policy to have restrictions on which specific resources the user can access, usually restricting by Amazon Resource Name, to prevent giving out service-wide access. This means you’ll usually need to make a lot of your own IAM policies.
On GCP, everything, not just permissions, is split up into separate “projects.” Much like AWS Organizations, the resources in these two projects are largely separate. This makes managing permissions between projects a lot easier.
General users and service accounts are also separate. Users are full Google users that have been given access to the project. Service accounts function similarly, but are created manually for the project.
Permissions are managed with “Roles,” which don’t serve the same purpose as AWS’s IAM Roles (which are filled by service users). Roles are just a group of permissions, much like an AWS policy.
A role can be assigned to a user directly to give them project wide permissions. However, if you want to give out permissions to a particular resource, you don’t have to go creating a whole new IAM policy. You simply add the user to that resource, and give them a role with enough permissions to do their job.
What you end up with is a system where you can just add members to the resources that they need to access, and not have to bother with creating, upkeeping, and auditing tons of IAM policies. In GCP, you’ll very rarely have to make your own IAM roles.
Pricing Is Largely The Same
Google Cloud Platform, being a direct competitor to AWS, naturally offers very similar and competitive pricing.
Much like AWS, pricing for just about everything is pay-as-you-go, with metered pricing depending on usage. Like AWS, you’re charged for data egressing from anywhere in GCP’s network. There’s also a very generous free tier, with a 12 month free trial with $300 in credit.
Some services will directly mirror AWS’s pricing model. For Cloud Storage, GCP’s replacement for S3, the same four pricing tiers are available—Standard, Infrequent Access, Glacier, and Glacier Deep Archive, albeit under different names. But, they’re all competitively priced per GB compared to AWS’s pricing.
You can view pricing details for each service from GCP’s website.
Google Cloud Platform offers many services that are intended to directly replace the function of many AWS services. A full list of their products is available on their website, but we’ll discuss the most commonly used ones.
For Compute, Compute Engine is GCP’s version of EC2, allowing you to host virtual private servers. Google takes a more lax approach and simply allows you to select the number of vcores and amount of memory you wish to provision, as well as the processor generation, rather than having a thousand different SKUs for different types of instances. For running containers, Cloud Run replaces ECS for simple deployments, and Kubernetes Engine replaces EKS (after all, Google did invent it).
For storage, Cloud Storage is a direct replacement to S3, and offers many different tiers, like Glacier and Infrequent Access. The disks that Compute Engine instances run on (EBS volumes) are handled in Compute Engine, and called Local SSD or Persistent Disk.
For databases, Google has a few offerings. Cloud SQL replaces RDS for MySQL, PostgreSQL, and SQL server databases. For NoSQL databases, Google doesn’t have managed MongoDB yet, but there is the Firebase Realtime Database and Firestore, as well as Cloud Bigtable for wide-column databases.
For networking, Google also has a CDN service like AWS’s CloudFront, called Cloud CDN. Unlike CloudFront, on Google’s premium network service tier, Cloud CDN can do global load-balancing from a single anycast IP, due to most of the traffic going down Google’s own network. For DNS, there’s Cloud DNS, and for Load Balancers, there’s Cloud Load Balancing.
If you’re used to AWS’s API Gateway, Google’s Apigee API management platform should be a good replacement.