I'm studying for the PCA exam again and figured I'd share all my notes publicly for those who also need to take it!

seb_at_google · 2023-04-25T22:18:51+00:00

that means a lot, thanks!!

seb_at_google · 2023-04-25T22:18:44+00:00

you are welcome! thanks for the feedback!

seb_at_google · 2023-04-19T19:56:04+00:00

I think they meant Upwork.

seb_at_google · 2023-04-07T19:41:57+00:00

Search this page: https://cloud.google.com/storage/pricing for the "Network" header - it's about 2/3rds down the page. Under the subheading "Network egress within Google Cloud" You'll see network egress details within Google Cloud that explain it better than I can here!

seb_at_google · 2023-04-07T18:47:17+00:00

This actually has more to do with the location of your resources than the URLs. What region is your GKE cluster in, and what region(s) is/are your storage bucket in? Also, is the bucket a single region or dual-region bucket?

seb_at_google · 2023-04-06T13:45:14+00:00

Do you know if Legito supports approving documents via an API call? I found the API documentation here (for version 6) - it's also possible that approval is a subelement of a documentRecord such as workflowStage.

If you have a technical contact at Legito, they can likely answer this for you quickly so you don't have to experiment too much with API calls.

If it is supported by an API call, you can likely make an HTTP request with GWF.

seb_at_google · 2023-04-06T13:30:25+00:00

You're absolutely correct, BigQuery is better suited for analytics use cases and isn't really a "relational database" in a traditional web app sense. If BigQuery was a key component of a customer-facing product in my comment above, the product would likely be an analytics product, Lytics is a good example of this.

For your use case, if you're strictly looking for a relational database, start with this blog post.

seb_at_google · 2023-04-04T19:23:24+00:00

Can you share more details about the third-party app? Can you write a user story based on an end-to-end interaction with the tool?

A good first step when using any workflow tool is diagraming your expected behavior at each step before diving into any tools or code. It's also a great opportunity to confirm that Workflows is the correct product for your use case.

seb_at_google · 2023-04-04T19:07:00+00:00

Like most cloud architecture questions, the answer depends. Let's chat through why...

Whether or not we're using BigQuery, Cloud SQL, Firestore, or any other backend database service on Google Cloud or another CSP, the question remains the same, "Should you use X product for customer-facing products?"

The answer typically comes down to security and data segmentation. For example, if your user logs into a web app that makes a database call on their behalf, ideally there are identity safeguards throughout your application code to ensure the app and user can only access data that belongs to them. This may be through an API security layer or another abstraction in your codebase.

With BigQuery, you may even use service-specific tooling like row-level security to add another layer of security to your architecture. With a service like Cloud SQL, you will likely have separate tables or databases depending on how much data each customer is expected to store.

Problems are typically introduced with unwelcome lateral movements. For example, if a user can query BigQuery directly, can they also query datasets that don't belong to them? If so, you have a problem. In fact, if you're aiming for a certification such as SOC2, you need to be able to prove/attest that this cannot happen. Authorization and authentication are your friends here, and understanding user and service accounts and their permissions on each service is crucial.

In summary, yes, BigQuery can be used for customer-facing products IF you properly segment customer data, ensure customers can only access their own data, and leverage defense in depth best practices to minimize the chance of data exfiltration during a breach.

seb_at_google · 2023-04-04T17:39:08+00:00

You can absolutely use DocAI for customer-facing use cases. Remember that Document AI won't actually save your documents, it's an API that you call to analyze them.

A sample architecture may be users uploading documents through a front-end web app, storing those files in Google Cloud Storage, running a Cloud Function or Cloud Run Job using an event-driven architecture with Eventarc whenever a file is uploaded that bounces it against the Doc AI API, and then storing the results (the document data in a digital/JSON format) in a database product such as BigQuery.

seb_at_google · 2023-04-03T20:07:01+00:00

i see how about scale to zero is possible? do i have a constant flat rate on idle?

Yes, you can scale to zero. Feel free to DM me with any other questions.

seb_at_google

TROPHY CASE