Function as a Service, or FaaS, has been a cornerstone in app development. Popularized by AWS Lambda service, all the major Cloud Providers offer their version, with different features. And they also extend this principle to containers, with Cloud Run on Google Cloud for example.

On Google Cloud, Cloud Functions is the FaaS service and, to use it, you have to enforce a predefined code structure. In Python, to handle HTTP requests, the function signature is the following

def my_function(request):
return "response", 200 #http code

FaaS common issues

When you deploy a function, it’s “only one function”, to achieve only one task…

The cloud cost is one of the most scary aspect: you pay for what you use! To prevent any overcost, one of best practices is to estimate roughly the cost of a project and to set a budget alert on it.

On Google Cloud, you can achieve that on the billing page, in the Budget & Alerts section.

You need to have the Billing Admin role to access it. In an organization, there are different user profiles and all can’t be Billing Admin:

  • The cloud billing can be a sensitive information and the Billing Admin role allows a full view…

The secrets are the ultimate piece to protect: password, API Keys, private keys, root certificates,… There are several types of secrets but all needs to be kept safe and private. On Google Cloud, Secret Manager service helps to achieve this by keeping the secrets encrypted and protected by IAM.

IAM secret protection

Out of the box, Secret Manager offers a fine grained policy to grant access on individual secrets to enforce the least privilege principle. Like this, only the accounts (user account, or service account) that need to access to some secrets are allowed to reach them, but they can’t access the other…

The cloud has many benefits and one of them is the innovation speed with the motto “Fail fast, iterate faster”. Indeed, the cloud providers propose tons of services to easily test and experiment, when the same would be expensive, or impossible, on premise environment.

  • Create a cluster with Hadoop or Kubernetes
  • Use graphic accelerator for AI training
  • Deploy a global application,…

The cloud platforms are wonderful sandboxes where you can spend hours to experiment and try out. However, resources aren’t free!

There is periodic bad news on specialized websites about bad uses (or misuse) that led to huge bills.


I tried in Node (and I'm bad in Node) and I can propose you this piece of working code

const {WorkflowsClient} = require('@google-cloud/workflows');
const client = new WorkflowsClient();
const [workflows] = await client.listWorkflows({
parent: client.locationPath("<PROJECT_ID>", "us-central1"),
for (const workflow of workflows) {`name: ${}`);
const {ExecutionsClient} = require('@google-cloud/workflows');
const execclient = new ExecutionsClient();
const [resp] = await execclient.createExecution({
parent: client.workflowPath("<PROJECT_ID>", "us-central1", "run-long-process"),
execution: {
argument: '{"wait":5}'
});`name: ${}`);

Cloud components are useful and powerful. However, they are all disconnected from the others and when you want to deploy a full pipeline, you need to glue them. You can achieve this with PubSub and Cloud Functions.
However, it quickly becomes a spaghetti design with a lot of topics and functions. Having a centralized place to see, manage and configure your pipeline workflow could be great!

Google Workflows

Google Workflows takes place here. It has been announced since summer 2020 at Cloud Next on Air and is now generally available (GA) since January 2021. It’s a fully managed solution with a pay-as-you-use…

Security on Google Cloud is paramount but it’s strangely an unpopular topic. Actually, the security is often a boring topic! To fill the gap, I wrote articles about the 2 limits of IAM services and about workarounds and new use cases offer by Service Account Credential API. In both cases, my main concern was still the same: to avoid the users to download service account key files to improve the security.

However, the latest blog post on accessing Drive API of Gabe Weiss uses service account key files. That’s why I reached him out and the discussion was very interesting.

Gabe use case

With a difficult year 2020, companies are more focused on what they spend, and, because the cloud becomes bigger and bigger every year in companies, the cloud billing is getting a lot of interest.
For all the companies, the ideal model is to pay only what they use; and not more. The serverless products perfectly fit this expectation.

However, some services can’t adopt this model, especially for technical reason. Relational databases for example are liked for their low latency achieved thank to, at least, 2 factors

  • Instances are always running to avoid cold start
  • Indexes are kept in memory, and…

Routing and load balancing are the pillars of the Internet and its scalability. On Google Cloud, these aspects are great due to a global networks and anycast IP deployed on Global HTTPS load balancers.
Like the other cloud services, serverless compute products (App Engine, Cloud Functions and Cloud Run) have been getting the load balancing capacity few month ago.

One of the most interesting load balancing feature is the capacity to route the traffic from the Load Balancer to the deployed services the closest to the user location. And thus to have the best latency, wherever the users are.

Serverless NEG for serverless load balancing


The data are the new goldmine of all companies, and this treasure must be kept secure and protected. That’s why, for many years, a common good practice of any database administrator is to remove all public access to the database, especially the public IP, and to grant only access from the private IP.
This “golden” rule is enforced by all security teams and they requires the same pattern for any cloud deployment.

Cloud SQL service, the managed database service on Google Cloud, allows you to:

guillaume blaquiere

GDE Google Cloud Platform, scrum master, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store