Scenario 01: Microservices Migration
The Client: A financial institution is migrating a monolithic Python application to Google Cloud. The workload has highly variable traffic, scaling from 10 requests per minute to 10,000 requests per minute unpredictably. They require zero maintenance overhead and pay-per-use billing.
Architectural Decision:
Option A: Google Kubernetes Engine (GKE)
Containerize the Python app and deploy across a regional GKE cluster with Horizontal Pod Autoscaling.
Option B: Google Cloud Run
Containerize the Python app and deploy to Cloud Run, allowing GCP to manage all underlying infrastructure.
Scenario 02: IAM & Security
The Threat: Your Python application needs to read sensitive customer data from a Cloud Storage bucket. How do you authorize the application without exposing credentials?
[X] Create a Service Account Key (.json file) and hardcode it into the Python script.
[X] Grant 'Storage Admin' to the default Compute Engine service account.
[✓] Assign a custom Service Account to the Cloud Run instance with ONLY the `roles/storage.objectViewer` IAM role applied specifically to that single bucket.