If your organization is moving from AWS to Google Cloud Platform, or if you just want to learn how to use an alternative cloud provider, GCP is quite similar to AWS and easy to pick up. We discuss differences and similarities.
Permissions work differently
The biggest change is how permissions work and how you manage access for other users in your organization. Both GCP and AWS call this feature Identity and Access Management, or IAM, but GCP takes a different approach.
At AWS, “IAM users”; are used for employee accounts and service users and can be given any number of permissions, grouped in a policy. It is common for this policy to have restrictions on which specific resources the user can access, usually restricted by Amazon Resource Name, to prevent access to the entire service. This means that you usually have to make a lot of your own IAM policies.
At GCP, everything, not just permissions, is divided into separate “projects”. Like AWS organizations, the resources in these two projects are largely separate. This makes the management of permissions between projects much easier.
Public users and service accounts are also separate. Users are full Google users who have accessed the project. Service accounts work in the same way but are created manually for the project.
Permissions are handled with “Roles”, which do not serve the same purpose as AWS IAM roles (which are filled by service users). Roles are just a group of permissions, much like an AWS policy.
A role can be assigned to a user directly to give them project-wide permissions. However, if you want to grant permissions to a particular resource, you do not need to create a completely new IAM policy. You just add the user to that resource and give them a role with sufficient privileges to do their job.
What you end up with is a system where you can only add members to the resources they need to access, and not have to worry about creating, maintaining and reviewing lots of IAM policies. In GCP, you very rarely need to create your own IAM roles.
Pricing is pretty much the same
Of course, the Google Cloud Platform, which is a direct competitor to AWS, offers very similar and competitive prices.
Just like AWS, pricing is for almost everything pay-as-you-go, with measured prices depending on usage. Like AWS, you are charged for data output from anywhere in GCP’s network. There is also a very generous free level, with a 12-month free trial with $ 300 in credit.
Some services directly reflect the AWS pricing model. For Cloud Storage, GCP’s replacement for S3, there are the same four pricing levels – Standard, Rare Access, Glacier and Glacier Deep Archive, albeit under different names. But they are all competitive prices per GB compared to AWS pricing.
You can see price information for each service from GCP’s website.
The Google Cloud Platform offers many services that are designed to directly replace the functionality of many AWS services. A complete list of their products can be found on their website, but we discuss the most used ones.
For Calculate, Compute Engine is GCP’s version of EC2, so you can host virtual private servers. Google takes a more relaxed approach and lets you simply choose the number of vcores and the amount of memory you want to provide, as well as processor generation, rather than having a thousand different SKUs for different types of instances. For running container, Cloud Run replaces ECS for simple distributions, and Kubernetes Engine replaces EKS (after all, Google invented it).
For serverless, Cloud Functions replaces Lambda, and App Engine will run full apps on a serverless platform.
For storage, Cloud Storage is a direct replacement for S3 and offers many different levels, such as Glacier and Infrequent Access. The disks on which Compute Engine instances run (EBS volumes) are handled in Compute Engine and are called Local SSD or Persistent Disk.
For databases, Google has some offers. Cloud SQL replaces RDS for MySQL, PostgreSQL and SQL server databases. For NoSQL databases, Google has not yet handled MongoDB, but there is Firebase Realtime Database and Firestore, as well as Cloud Bigtable for broad-based databases.
For network, Google also has a CDN service like AWS CloudFront, called Cloud CDN. Unlike CloudFront, at Google’s premium service level, Cloud CDN can do global load balancing from a single anycast IP, due to the fact that most of the traffic goes down on Google’s own network. For DNS there is Cloud Cloud and for Load Balancers there is Cloud Load Balancing.
If you are used to AWS API gatewayGoogle’s Apigee API management platform should be a good replacement.