DEV Community: Boris Teplitsky

How to Start Your Google Cloud from the Right Foot

Boris Teplitsky — Wed, 29 Apr 2026 05:51:58 +0000

Setting up a GCP landing zone from scratch — a step-by-step approach for DevOps engineers new to GCP.

Let's consider a familiar situation: a company has decided to move part of its IT to Google Cloud. They assigned the job to a DevOps engineer — not a GCP expert, but someone with enough knowledge and experience to set up and deploy services on GCP. Sound familiar? Thousands of companies have been exactly in this position — and thousands more will be.

Here we describe an approach to setting up Google Cloud for a small company — a startup, for example — or for a single system within a large company, using Merlin Studio (https://site.merlin-studio.cloud). We assume the company has no strict regulatory requirements (such as HIPAA or GDPR), but the company does care about following best practices and leaving room for seamless extension in the future.

The setup process with Merlin Studio consists of three stages:

Discovery — defining business requirements and conditions
Configuration — setting parameters for each GCP section
Generation — producing a package of Terraform tfvars files, schemas, documentation, and guides

Discovery

At this stage you tell Merlin what you want it to build: what your company does, how big it is, how experienced your cloud team is, whether you have any regulatory requirements, whether you need connectivity to an on-prem datacenter or another cloud, and so on.

Merlin has no access to your environment and does not validate the accuracy of your answers — but it stores all your information encrypted, separately for each customer. So if you provide accurate data about your company, it will save you the effort of manual edits before deployment.

As shown in the screenshots, our example covers a small company — a startup — with no specific requirements.

Among the technical requirements, pay attention to Terraform Output Format — either "Generic Terraform tfvars" or "FAST (Cloud Foundation Fabric)." FAST is a solid Terraform framework, but it requires effort to set up and maintain. For this reason, we chose tfvars — simpler and more suitable for small companies or projects.

Merlin is able to produce scripts for landing zones that meet the requirements of a set of EU and US compliance frameworks. In our example we assume the company has no specific regulatory requirements, but we still recommend aligning the GCP setup to Google best practices — specifically, CIS Benchmarks. The CIS (Center for Internet Security) Benchmarks are a set of globally recognized configuration guidelines designed to reduce the attack surface of cloud environments. They are vendor-neutral, widely adopted, and free to use. The CIS recommendations are labeled on the configuration screens, but you are not required to accept all of them.

Based on the information provided during Discovery, Merlin sets the default configuration parameters, determines the profile complexity, identifies which configuration sections are required, and recommends a configuration mode: Express (accept best-practice defaults), Guided (review recommendations, customize as needed), or Expert (full control over all options). You can change the configuration mode at any time, but to change the profile you must return to the Discovery stage.

In our example, Merlin recommends the Simple profile and activates 12 configuration sections. To illustrate the key architectural decisions, we selected Guided mode.

Configuration

Configuration is organized into sections, each covering a specific GCP domain — IAM, Networking, Security, and others. For our startup example, Merlin activated 12 sections. A sidebar lets you navigate between sections in any order — completed sections are marked, so you always know where you stand. You can focus on the sections relevant to your setup and leave the rest at their default values.

Setting up a GCP environment requires tens, sometimes hundreds of parameters. Merlin makes this as straightforward as possible:

Most fields have default values, set based on data collected during Discovery.
Almost every field has a help panel with a short explanation, a link to the relevant Google documentation, and an optional LLM prompt.
Fields required by compliance frameworks (CIS Benchmark in our case) are marked with a badge — red for mandatory, orange for recommended.
Merlin validates field values in real time and warns about errors and invalid inputs.

Once you finish all configuration steps, click Generate Spec to produce a JSON document summarizing all configuration parameters. This step also performs cross-section validation, surfacing any errors and unmet requirements. If you are satisfied with the configuration, proceed to the next stage.

Generation

In the final stage, Merlin produces the artifacts for setting up your GCP environment. Clicking the Generate Artifacts button starts the process. In our case, the output includes documentation, security scorecards, architecture diagrams, and 14 Terraform-related files (12 .tfvars and 2 JSON metadata files) used to provision the GCP environment.

In our example, we showed how a DevOps engineer without deep GCP expertise can set up a landing zone from scratch in a single interactive session. Starting from business questions and simple configuration choices, you end up with 14 tfvars files, architecture and security scorecards, Mermaid diagrams, and a step-by-step DEPLOYMENT_GUIDE.md aligned with CIS Benchmarks.

Merlin does not replace learning GCP. You still need to understand what you deploy, review the generated code, and adapt it to your environment. But instead of starting from an empty folder, you start with a working foundation that follows best practices. Your time goes into understanding the decisions, not rediscovering them.

A complete set of files — including Terraform configurations, documentation, scorecards, and architecture diagrams — can be found at github.com/Merlin-Studio/Startup-Example.

Merlin is now open and free to try. No signup, no email — guest mode lets you start designing instantly: https://app.merlin-studio.cloud/

This is the second article in our GCP Landing Zone series. The first article — Setting Up a GCP Landing Zone for Organizations with Strict Regulatory Requirements — covers the same approach for healthcare and other regulated industries.

Setting Up a GCP Landing Zone for Organizations with Strict Regulatory Requirements

Boris Teplitsky — Mon, 20 Apr 2026 07:46:06 +0000

Setting up a GCP Landing Zone for organizations with strict compliance requirements is not a trivial task. Cloud Foundation Fabric with a suitable template can significantly simplify the work — but what if no appropriate template exists, or your specific requirements go beyond what the templates cover? In this article, we explain how a tool we built, Merlin Studio, can help set up a landing zone under complex compliance requirements. We use a US healthcare provider as an example, walking through a landing zone aligned with the HIPAA compliance framework. The same approach applies to other regulations in the US and EU.

The setup process with Merlin Studio consists of three parts:
Discovery — defining business requirements and conditions
Configuration — setting parameters for all landing zone sections
Generation — producing a package of Cloud Foundation Fabric YAML files, scorecards, documentation, and guides.

If you want to try Merlin on your own landing zone, drop us an email at intentarcha@gmail.com and we’ll set up your access — it’s free.

Discovery

The goal of this stage is to determine who and what we are setting up. During Discovery, the user fills out 7 forms describing the company and project's business environment. The forms cover general information about the organization and specific GCP implementation conditions: deployment strategy (GCP-only, hybrid with on-premises, or multi-cloud), workload types, company size, timeline, and budget expectations. A critical section is compliance — which regulatory frameworks must be implemented.
In our example, we use a US healthcare provider that needs to connect GCP to an on-premises data center via Partner Interconnect. The required compliance frameworks are HIPAA, SOC 2, and CIS Benchmarks. Infrastructure requirements include multi-region deployment (us-east1 as primary, us-west1 as secondary) with warm standby disaster recovery.

Based on the information provided during Discovery, Merlin sets the default landing zone configuration parameters, determines the profile complexity, identifies which configuration sections are required, and recommends a configuration mode: Express (accept best-practice defaults), Guided (review recommendations, customize as needed), or Expert (full control over all options). The user can change the configuration mode at any time, but to change the profile, they must return to the Discovery stage.
In our example, Merlin recommends the Standard profile and activates 17 configuration sections. The user selects Guided mode.

Configuration

Configuration is organized into sections, each covering a specific domain — IAM, Networking, Security, and others. In our example, Merlin recommended 17 sections. A sidebar allows free navigation between sections in any order — completed sections are marked, so the user always knows where they are. This allows focusing on specific sections and leaving others at their default values.

In order to set up a landing zone, it is necessary to define hundreds of parameters. Merlin makes this task as straightforward as possible:

Most fields have default values, set based on data collected during Discovery and the selected compliance framework requirements.
Almost every field has a help panel with a short explanation, a link to the relevant Google documentation, and an optional LLM prompt.
Fields required by compliance frameworks are marked with a badge — red for mandatory, orange for recommended.
Merlin validates field values in real time and warns about errors and invalid inputs.

The final step of the Configuration stage is generating a specification. Clicking the "Generate Spec" button triggers cross-section validation and produces a structured JSON document summarizing all configuration parameters. The results screen shows two things: any unmet compliance requirements with direct links to the relevant configuration sections, and the full specification in a readable format.
The compliance posture summary is particularly useful — it shows exactly how many requirements are met per framework (in our example: SOC 2 12/13, HIPAA 28/29, CIS Benchmarks 16/17), lists each unmet requirement with the specific control reference, and provides a direct link to the configuration section where it can be fixed. No cross-referencing external documentation — everything needed to reach full compliance is on one screen.
If the user is satisfied with the configuration, they proceed to the next stage.

Generation

In the final stage, Merlin produces artifacts for setting up the landing zone with minimal effort compared to starting from scratch. All generated artifacts are divided into four categories:

Scorecards — Merlin evaluates the configuration from architecture and security perspectives and provides a score with an explanation of any issues found. In our example, the security scan scored 100/100 (Checkov) and the architecture scorecard 98/100 — Overall Grade A. This is shift-left in practice: issues are caught at design time, before deployment, without waiting for findings from Security Command Center or Wiz.
Terraform — Merlin generated 61 YAML files ready to use with Cloud Foundation Fabric. The files cover all five FAST stages: bootstrap (org setup, IAM, org policies), networking (VPC, subnets, firewall, DNS), security (KMS, SCC), project factory (workload projects), and VPC Service Controls (service perimeters). Dependencies between stages are handled automatically via FAST's $-interpolation tokens — no manual ID copying between stages.
Documentation — A landing zone description and a step-by-step deployment guide explaining how to use the generated YAML files with Cloud Foundation Fabric.
Diagrams — A set of diagrams describing the landing zone structure. Merlin produces Mermaid (.mmd) files rather than static images. Diagrams can be rendered at https://mermaid.live or converted to any graphics format. The complete set of generated files and other Merlin examples are available at https://github.com/Merlin-Studio. Merlin Studio is currently free — registration only at https://site.merlin-studio.cloud.

In our example we showed how weeks of work can be reduced to a single interactive session. Starting from business requirements and technical conditions, and with guidance from the tool throughout, the user ends up with 61 ready-to-use Cloud Foundation Fabric files, architecture and security scorecards, a deployment guide, and Mermaid diagrams — all aligned with HIPAA, SOC 2, and CIS Benchmarks.

Despite providing a rich set of deployment-ready files, Merlin does not replace the cloud architect. Design review, stakeholder discussions, and alignment with networking and security teams remain an essential part of any landing zone project. What Merlin does is take the tedious part off the table.

Interested in trying it? Email intentarcha@gmail.com — we’ll get you set up within 24 hours.

GCP Landing Zone Setup Automation

Boris Teplitsky — Mon, 16 Mar 2026 10:30:04 +0000

The Problem

Every GCP engagement starts the same way. Discovery call, spreadsheet
of requirements, weeks of manual Terraform, IAM wiring, VPC design,
org policies, budget alerts. Then a review cycle to catch what was
missed. Then another.

For a process that happens at the start of every cloud project,
it's remarkably unautomated.

What a Landing Zone Actually Requires

A production-ready GCP landing zone typically includes:

Organization hierarchy and folder structure
VPC and shared networking
IAM roles and service accounts
Org policies and constraints
Budget alerts and billing controls
Security baselines
FAST-compatible configuration

Getting all of this right manually takes 2-3 weeks minimum.

A New Approach: Merlin

Merlin is a GCP landing zone generator. Answer an architecture
questionnaire — org structure, environments, compliance, networking
— and it outputs a complete production-ready landing zone.

What comes out:

FAST-compatible Terraform files
Architecture and security scorecards
Mermaid diagrams
Validation warnings

See the Real Output

Published openly on GitHub — no signup required:

👉 github.com/Merlin-Studio

Includes Simple, Standard, and Advanced profile examples.

Worth Knowing About

👉 site.merlin-studio.cloud