
Before you begin
- Labs create a Google Cloud project and resources for a fixed time
- Labs have a time limit and no pause feature. If you restart it, you'll have to start from the beginning.
- On the top left of your screen, click Start lab to begin
Create a service account using gcloud
/ 20
Grant IAM permissions to service account using gcloud
/ 20
Create a compute instance with service account attached using gcloud
/ 20
Create a custom role using a YAML file
/ 20
Use the client libraries to access BigQuery from a service account
/ 20
In a challenge lab you’re given a scenario and a set of tasks. Instead of following step-by-step instructions, you will use the skills learned from the labs in the course to figure out how to complete the tasks on your own! An automated scoring system (shown on this page) will provide feedback on whether you have completed your tasks correctly.
When you take a challenge lab, you will not be taught new Google Cloud concepts. You are expected to extend your learned skills, like changing default values and reading and researching error messages to fix your own mistakes.
To score 100% you must successfully complete all tasks within the time period!
In this challenge lab, you will be taking help of Gemini to complete the given tasks.
Gemini for Google Cloud is an always-on AI collaborator that provides help to users of all skill levels where they need it. In this lab, you use Gemini to get information you need to create resourses in the tasks.
Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.
This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.
To complete this lab, you need:
You are starting your career as a junior cloud architect. In this role, you have been assigned to work on a team project that requires you to use service accounts, configure IAM permission using the gcloud command line interface (CLI), add custom roles, and use the client libraries to access BigQuery from a service account.
You are expected to have the skills and knowledge to complete the tasks that follow. Also, you can take help from Gemini to identify CLI commands or steps to complete the tasks.
For this challenge, you are asked to create a service account, assign required roles, configure IAM permissions using the gcloud CLI, create a custom role using a YAML file, and use the client libraries to access BigQuery from a service account.
You are asked to:
For this challenge lab, a virtual machine (VM) instance named
Create all the resources in
Each task is described in detail below, good luck!
Task 2
.
Since you are going to use Gemini, let's quickly enable and explore the Gemini.
In this task, you use the Gemini pane to enter prompts and view the responses from Gemini. Prompts are questions or statements that describe the help that you need. Prompts can include context from existing code that Google Cloud analyzes to provide more useful or complete responses. For more information on writing prompts to generate good responses, see Write better prompts for Gemini
To prompt Gemini about Google Cloud services, perform these steps:
Sign in to the Google Cloud Console.
Click on the Gemini icon () in the top-right corner of the Google Cloud console toolbar.
Enter the following prompt:
For this task, a VM named lab-vm
has already been configured for you to use as you perform the tasks that follow. You will create a service account by taking the help of the Gemini.
SSH into the lab-vm
VM and configure the gcloud environment for a user, then switch your gcloud configuration to the default.
Create a service account named devops
inside the SSH.
Click here for hint!
and use the prompt in the Gemini to fetch the commands to create the resource.
Click Check my progress to verify the objective.
For this task, you need to assign the required roles to a service account using the gcloud CLI.
SA
.lab-vm
VM, and give the service account the role of iam.serviceAccountUser
with the permissions compute.instanceAdmin
.Click here for hint!
and use the prompt in the Gemini to fetch the commands to create the resource.
Click Check my progress to verify the objective.
For this task, a VM named lab-vm
has already been configured for you. SSH into the lab-vm
VM to start.
Create a compute instance named vm-2
with the devops service account attached that you created in Task 2.
SSH into the vm-2
VM instance. Try to create and list an instance from vm-2
to verify you have the necessary permissions via the service account.
Click here for hint!
and use the prompt in the Gemini to fetch the commands to create the resource.
Click Check my progress to verify the objective.
role-definition.yaml
that has a custom role definition with the permissions cloudsql.instances.connect
and cloudsql.instances.get
using Gemini.Click here for hint!
and use the prompt in the Gemini to fetch the commands to create the resource.
Click Check my progress to verify the objective.
For this task, you will query the BigQuery public datasets from an instance with the help of a service account which has the necessary roles configured. Login to the Google Cloud console using the username and password provided.
bigquery-qwiklab
and assign it the role of BigQuery Data Viewer
as BigQuery User
.bigquery-instance
using a service account bigquery-qwiklab
.bigquery-instance
and install the dependencies.Replace the PROJECT_ID
and SERVICE_ACCOUNT
variables with your credentials and run the file using a Python3 command.
Excute the python file that is created in the above step
Click here for hint!
and use the prompt in the Gemini to fetch the commands to create the resource.
Click Check my progress to verify the objective.
Congratulations! You have successfully created Google Cloud service accounts, assigned roles to service accounts, configured IAM permissions using the gcloud CLI, and created a custom role by taking the help of the Gemini Prompt.
...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.
Manual Last Updated July 17, 2024
Lab Last Tested July 17, 2024
Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.
This content is not currently available
We will notify you via email when it becomes available
Great!
We will contact you via email if it becomes available
One lab at a time
Confirm to end all existing labs and start this one