GCP projects

Give learners access to GCP projects.

Cloud account usage can lead to abuse without the appropriate security policies in place. Always be sure to implement the appropriate policies and restrictions before exposing tracks with cloud accounts to the public.

Costs associated with cloud accounts are in addition to your standard Instruqt billing. Therefore, you should take extra precautions when allowing users to access tracks that have cloud accounts.

This guide explains how to access a Google Cloud Platform (GCP) project from Instruqt.

A GCP project is a set of configuration settings that define how your app interacts with Google services and what resources it uses.
— Google Cloud Platform project documentation

Before you begin

You must have already created a track or sandbox preset to which you can add access to a GCP project.

Access GCP projects

It is best to add the Instruqt Cloud Client container to your sandbox to give a learner access to a GCP project. Because the Instruqt Cloud Client container:

Exposes links to GCP Cloud Consoles for the resources configured in the config.yml file, with the credentials required to log in.
Includes the gcloud CLI, pre-configured with the required credentials.

The GCP Cloud Console and the gcloud CLI make it easy for content developers and learners to access Google Cloud resources from the sandbox.

It takes the following steps to give learners access to a GCP project:

Add an Instruqt Cloud Client container to your sandbox
Add a GCP project to your sandbox.
Add tabs to your challenges where you want to expose the GCP console or gcloud CLI.

Additionally, you can use:

A set of environment variables that are available in the gcloud CLI.
Google Cloud APIs that you set through IAM permissions.

Step 1: Add an Instruqt Cloud Client container to your sandbox

More information can be found in the cloud client section.

Step 2: Review the security best practices

Make sure to configure the permissions for the GCP project to control unauthorized behavior within the environment. You can find more information on how to do this in GCP IAM Permissions.

You have control over which services and regions learners can access. We highly recommend you only provide access to what is strictly needed to complete the track. See Securing your cloud accounts for more detail.

Only enabled services and regions configured by the team administrator at a global level can be selected and/or specified. See more details in Global Sandbox Settings Cloud Services and Regions

Step 3: Add a GCP project to your sandbox

Click + Add a cloud account on the Sandbox page. ↳ The Add cloud account pop-up opens.
Select the Google provider.
In the Name field, enter example-project.
In the Services field, select the services that are going to be enabled.
In the Regions field, select the regions that are going to be enabled.
In the User Roles field, enter the desired roles for the end user.
In the Admin Roles field, enter the desired roles for the admin user.
Click Save to add the GCP project.
Click Back to track to return to the Track dashboard page.

Copy and paste the following code into config.yml:

gcp_projects:
- name: gcpproject
  services: []
  regions: []
  roles: []

↳ Your config.yml file should be similar to this now:

version: "3"
containers:
- name: cloud-client
  image: gcr.io/instruqt/cloud-client
  ports: [80]
  shell: /bin/bash
gcp_projects:
- name: gcpproject
  services: []
  regions: []
  roles: []

Step 4: Add tabs to expose the GCP console and `gcloud` CLI

In the Challenges section, click Add new, and select Assignment from the dropdown.
On the new challenge page, input these values:
Field
Value
Name
GCP project
URL
gcp-project
Description
Learn to work with a GCP project
Click Save.
Click Tabs followed by Add new tab.
Select the Your applications tab type.
Input these values to set the GCP console:
Field
Value
Tab name
CGP project console
Select your host
cloud-client
Path
/
Port
80
Click Save to add the tab.
Click Add new tab again.
Select the Terminal tab type.
Input these values to set the gcloud CLI:
Field
Value
Tab name
gcloud CLI
Host
cloud-client
Click Save to add the tab.
Click Back to track.
Click Play track and test your GCP project track.

Open a terminal and change to your track directory.
Enter the following command to create a new challenge:
```
instruqt challenge create --title "GCPproject"
```
Open the assignment.md file in your code editor.

Copy and paste the following code into assignment.md to set the GCP console and gcloud CLI:

---
slug: gcp-challenge
type: challenge
title: GCP project
teaser: Learn to work with a GCP project
tabs:
- title: GCP Console
  type: service
  hostname: cloud-client
  path: /
  port: 80
- title: gcloud CLI
  type: terminal
  hostname: cloud-client
difficulty: basic
timelimit: 600
---

Example assignment!

Save file assignment.md.
Push the track to the Instruqt platform:
```
instruqt track push
```
Play and test the track:
```
instruqt track open
```
↳ Your browser opens, showing the Track overview page, select Play.

Nice job! Your learners can now access GCP projects. But there is more. You can also give them access to:

PreviousAzure Resource Providers NextGCP Environment Variables

Last updated 2 months ago

Was this helpful?

Before you begin

Access GCP projects

Step 1: Add an Instruqt Cloud Client container to your sandbox

Step 2: Review the security best practices

Step 3: Add a GCP project to your sandbox

Step 4: Add tabs to expose the GCP console and gcloud CLI

Step 4: Add tabs to expose the GCP console and `gcloud` CLI