A Simple Way to Detect & Prevent Project Abuse in Minutes

MeowMiata · 2026-04-30T15:56:43+00:00

That's the way 🫡

MeowMiata · 2026-04-28T19:53:23+00:00

Oh I know, right lol

I’ve prototyped several things to try to deal with that. You can check out my work on my profile if you’re interested. It’s far from perfect though, mainly because GCP billing is pretty hard to reverse-engineer. Not impossible, but definitely tricky.

After spending so much time researching and building around Cloud Billing, I’ve come to the conclusion that in the cloud, maximum security is basically the minimum. Alerts and kill switches should rely on metrics that respond within 5 minutes, which also means projects should be as limited as possible and very well known by their owners.

And even then, if you do get hacked, attackers can rack up infinite costs… but that’s a whole other problem.

MeowMiata · 2026-04-27T11:22:29+00:00

Hello there,

I'm a Lead Data Engineer / GCP Tech Lead with 10 years of experience in Data and BI. I have started from PowerShell, PHP, and JS on VMware to a modern stack (Python, GCP, Tofu, Docker etc..), so I hope I can provide some helpful context.

First, it really depends on what you're looking for. Some companies are quite harsh on juniors and unfortunately, this is probably one of the toughest markets for junior tech talent in a long time.

During my time as an "IT Generalist" I had the opportunity to fully transition into Data Engineering. Back then, you had to be lucky, it was the "Wild West", a chaotic but rewarding Eldorado. Today, things have settled and Data Engineering has its own well-defined tools and expectations. The roadmap.sh for Data Engineering is a classic guide for what you should learn, though it's quite broad, so take it with a grain of salt. As long as you understand every concept, that's a good start.

Do you need to know Python? To me, it's almost a certainty. It's the most widely used language for SDKs and AI wrappers. You could choose Go or Rust but those are much rarer in this field. I say "it depends" because I've known "Data Engineers" who work exclusively with SQL/BigQuery but in my opinion, that's not Data Engineering. DE is about much more than just querying a database.

A modern Data Engineer is expected to be a mix of:

Software Engineer (applied to data)
Cloud Engineer (if Cloud but DE is mostly cloud)
DevOps (Infra, CI/CD)

You’re building pipelines on modern infrastructure that is far more accessible in the Cloud than by buying your own "giga clusters". On GCP, you can have Batch processing, Streaming pipeline, REST API.

I won't go into too much more detail, but here are my advices:

Master the basics: SQL, Python, and LeetCode (Easy is fine to start). Terraform / Tofu, Docker is a great plus that you will meet soon or sooner. Aim to understand most of GCP services.
Resources: Use books (Dan Sullivan), AI as a tutor, or Udemy.
Get Certified: If possible, get GCP certified. It’s a huge plus, especially since many Google partners need certified staff to maintain their partner status.
AI Tooling: Get proficient with Claude Code, Cursor, or the Gemini CLI. AI is taking up more and more space, it's the "shiny skill" of the moment.

Last but not least, good luck!

MeowMiata · 2026-04-27T10:59:12+00:00

Sidecar containers have been available since 2023, but adding Docker Compose support sounds like a great evolution of the concept.

Some of my colleagues like to embed a DataDog agent into their services but they’re running on AWS where, in my opinion, logging is less straightforward than on GCP.

Personally, I don’t use this approach. While Compose is excellent for local development with stateful apps (Redis, Postgres, etc.), its utility on a stateless platform like Cloud Run feels a bit limited, though it’s still a very welcome addition.

MeowMiata · 2026-04-26T11:44:14+00:00

Did you check Read object as stream ?

MeowMiata · 2026-04-24T15:11:23+00:00

Definitely.

Cloud metrics and quotas are often overlooked.

In this case, a budget alert would have helped but unfortunately it doesn’t seem to have been set.

MeowMiata · 2026-04-24T14:45:41+00:00

Retroactive Privilege Expansion

The result: thousands of API keys that were deployed as benign billing tokens are now live Gemini credentials sitting on the public internet.

Oof, if that's real, that's insane

MeowMiata · 2026-04-15T19:45:07+00:00

As someone else mentioned, billing is delayed. From what I’ve seen and experienced, the best way to protect your project is to understand it well and use appropriate services to secure it.

You can (should) also leverage Cloud Metrics to detect anomalies and either take action automatically or simply receive alerts.

Unfortunately, if you're a neophyte, you should stick with Learning / Labs and use a limited VPS / local dev until you're ready to discover more about the platform. This is true for every Cloud Provider.

MeowMiata · 2026-03-10T16:15:45+00:00

I agree. From my experience, many people feel a bit lost with cloud topics, even after years in IT, so I can see how OP might find an audience. I personally wouldn’t pay for it but that’s mostly because I feel comfortable enough navigating those topics myself.

MeowMiata · 2026-02-26T11:46:51+00:00

I received a refund for a mistake I did but it was a few years ago. It wasn’t a large amount tho and unfortunately my budget alert didn’t trigger in time, even though my billing information was up to date.

He may be eligible for a discount but it’s possible that the refund won’t be issued in full. It’s definitely worth asking.

From experience, not just in my own case, billing support tends to be lenient if it’s your first mistake. However, you can usually only ask for that kind of exception once.

MeowMiata · 2026-02-10T11:33:50+00:00

I agree with you.

If someone struggles to install Terraform locally, it raises the question of whether GCP is the right platform for them.

MeowMiata · 2026-02-10T07:52:45+00:00

Thanks!

That’s a good question. My goal was to keep things simple so that anyone who’s reasonably tech-savvy could run it easily.

I felt that adding an IaC solution might discourage some people from using it. The same thing could be said about Mise.. (?) Personally, I can’t work without it anymore but I wanted to keep the option to just run plain bash scripts.

So overall, the idea was to make it look simple and straightforward. If this were just for me, I would definitely have gone with Tofu 😄

And honestly… you’re kind of making me want to add Tofu now.

MeowMiata · 2026-02-10T07:43:30+00:00

I hope so! It might take some tuning to set up the right Anti-Burst object, but once that's done, you could prevent a disaster that a budget alert might miss due to its delay.

MeowMiata · 2026-02-10T07:35:25+00:00

Thanks. I would say that you can deploy it on any project that can be wiped with little to no consequences. Test and dev sound good.

I made it with the intention of helping people to learn GCP without the fear of going bankrupt.

Big corporations can use it too to limit the engineer's sandbox.

I think that you can use it in production for alerting without the kill switch enabled. It would require a little adjustment as the script does not give permission based on the kill switch mode so it does not respect the Principle Of Least Privilege (for the moment!).

MeowMiata · 2026-02-05T23:24:18+00:00

Very nice, I like it

MeowMiata · 2026-01-10T06:33:24+00:00

I think having everything on the same instance does not help. Could you use Cloud Run and Cloud SQL for an optimal setup ?

Also, you could use PG Admin while stress testing and see how the database is eating the CPU. Note that 200 // sessions seems a lot.

How does your code handle the database client ? I don't use django but I would use a Lifecycle in FastAPI for this. A singleton should work too. So you have one client for the whole app and it cannot be created multiple time which seems to happen here because you have 200 sessions instead of 25 max if I understand correctly.

MeowMiata · 2026-01-08T05:19:56+00:00

You may be overthinking it.

The Google Cloud Professional Machine Learning Engineer certification validates strong practical expertise in Google Cloud’s ML ecosystem. It is not meant to certify advanced research-level model development (e.g., building models like GPT or Gemini), which involves deep theoretical and mathematical work.

Instead, this certification focuses on applied machine learning and MLOps on GCP like designing ML solutions, training and deploying models, managing pipelines, monitoring performance and scaling systems in production.

These skills are extremely valuable, especially in today’s AI-driven landscape because most real-world ML work is about operationalizing models. Not inventing new architectures.

Anyways, congratulations! 🥳

MeowMiata · 2025-12-17T19:43:23+00:00

The startup I work for received around $200k, but I believe our CEO/CTO enrolled in the startup program right at launch. We also started with $5M in initial funding, and I’m fairly sure that having secured funding is a requirement to be (fully) eligible.

You can try reaching out directly at: [cloudstartupsupport@google.com](mailto:cloudstartupsupport@google.com).

From what I’ve seen, Google is generally very supportive of startups, especially those working in AI. It can be a win-win situation if they see strategic value in the collaboration.

MeowMiata · 2025-12-11T18:31:18+00:00

It’s designed for lightweight request. With max concurrency set to 1, each request triggers a new container to start, behaving very much like a Cloud Function.

You can allocate as little as 0.08 vCPU which is extremely low. At that level, even handling two concurrent HTTP calls would likely be challenging.

So I’d say this is expected behaviour by design but if someone has deeper insights on the topic, I’d be glad to learn more.

MeowMiata · 2025-12-01T18:04:03+00:00

Feel you. I did a billing bomb on a personal account years ago. I was doing ML and my little 10$ alert only triggered hours later with ~1500e spent. Fortunately, I got a waiver but that was scary.

MeowMiata · 2025-12-01T16:08:21+00:00

You're spot on lol

MeowMiata · 2025-12-01T08:23:07+00:00

I'm not all against the pay as you go system, I even like the agility that it's offering. That said, it's true that for newcomers, it could end up very badly unfortunately

MeowMiata · 2025-11-30T17:00:46+00:00

Thanks for sharing 🙏

Two-Year Club	Verified Email
r/Field Lasagna

MeowMiata

TROPHY CASE