🥇 SERVICE SELECTION GOLDEN RULE
Google always wants the MOST managed service possible.
App Engine
→ Cloud Run
→ GKE
→ Compute Engine (last option)If two answers work → pick the less operational overhead one.
1️⃣ COMPUTE & DEPLOYMENT
🟢 App Engine
Use when:
- HTTP-based apps
- Stateless
- Fast deployment
- Auto scaling
- No infrastructure management
Keywords:PaaS, auto-scale, minimal ops, versions, traffic split
❌ Not for:
- Long-running background jobs
- Custom OS
🟢 Cloud Run
Use when:
- Container already exists
- Event-driven
- Scale to zero
- Pay per request
Keywords:containerized, serverless, scale to zero
🟢 GKE
Use ONLY when needed
- Microservices
- Kubernetes features
- Custom networking
- Stateful workloads
Keywords:pods, services, helm, sidecar
🚨 Trap: Don’t choose GKE unless required.
🔴 Compute Engine
LAST OPTION
Use when:
- Legacy app
- Full OS control
- Custom kernel
- Manual setup required
🚨 If question says “minimal management” → ❌ Compute Engine
2️⃣ STORAGE & DATABASES
🟢 Cloud SQL
Use when:
- MySQL / PostgreSQL
- Existing relational schema
- ACID transactions
Keywords:joins, transactions, migrate DB
🟡 Cloud Spanner
Use ONLY when:
- Global users
- Horizontal scaling
- Strong consistency
🚨 Trap: Overkill for most apps.
🟣 Firestore
Use when:
- NoSQL
- Mobile/web apps
- User profiles
- Auto-scale
Keywords:document, JSON, serverless
🟢 Cloud Storage (GCS)
Use when:
- Files
- Images
- Videos
- Backups
Keywords:object storage, durable, cheap
🟢 BigQuery
Use when:
- Analytics
- SQL queries
- Large datasets
Rule:
SELECT / GROUP BY → BigQuery
Store files → GCS
3️⃣ MESSAGING & EVENTS
🟢 Pub/Sub
Use when:
- Event-driven systems
- Decoupling services
- Streaming ingestion
Keywords:async, event, fan-out
4️⃣ NETWORKING & SECURITY
🟢 Load Balancer
Use when:
- Traffic distribution
- Multi-region apps
🟢 Cloud Armor
Use when:
- DDoS protection
- WAF
- IP blocking
🟢 IAP
Use when:
- Authentication for internal apps
- No app-level auth
🟢 Firewall Rules
Remember:
- Applied at VPC level
- Default deny ingress
5️⃣ OBSERVABILITY (EASY MARKS)
🟢 Cloud Logging
Use when:
- Debugging
- Viewing logs
- Log-based metrics
🟢 Cloud Monitoring
Use when:
- Alerts
- Dashboards
- SLIs / SLOs
🟢 Cloud Trace
Use when:
- Latency issues
- Request tracing
🟢 Profiler
Use when:
- CPU or memory optimization
6️⃣ CI/CD & DEVOPS
🟢 Cloud Build
Use when:
- Build containers
- CI pipelines
🟢 Artifact Registry
Use when:
- Store Docker images
- Store build artifacts
🟢 Deployment Manager
Use when:
- Infrastructure as code (YAML)
7️⃣ IDENTITY & ACCESS
🟢 IAM
Golden rule:
Least privilege ALWAYS
Exam traps:
- Don’t use
Owner - Prefer predefined roles
🟢 Service Accounts
Use when:
- App → GCP service communication
🚨 Never use user credentials in production.
8️⃣ COST & PERFORMANCE OPTIMIZATION
Cost-saving rules:
- Scale to zero → Cloud Run
- Long-running predictable workloads → Committed Use Discounts
- Analytics → BigQuery (not SQL)
9️⃣ COMMON EXAM TRAPS 🚨
| Trap | Correct Thinking |
|---|---|
| Compute Engine | Prefer managed |
| Spanner | Only for global |
| GKE | Only if Kubernetes needed |
| Firestore | No joins |
| Cloud SQL | Not global |
🔟 FINAL EXAM CHECKLIST (MEMORIZE)
✔ Choose serverless first
✔ Minimal ops > flexibility
✔ Keywords decide services
✔ Don’t over-engineer
✔ Logging & Monitoring = free marks