When you start working with Google Cloud Platform (GCP), one of the first things to understand is how resources are organized. GCP uses a hierarchical structure to help you manage permissions, policies, and billing efficiently — especially for large organizations with multiple teams and projects.
Let’s break it down with two easy visuals 👇
🧩 1. Google Cloud Organization Structure
In GCP, everything starts with your Organization (like your company).
Here’s the breakdown from top to bottom:
🏢 Organization
- This is the root node for your company.
- All resources (projects, folders, VMs, etc.) live under this organization.
- Created automatically when your company uses Google Workspace or Cloud Identity.
📂 Folders
- Think of folders like departments or business units (e.g., Department A, Department B, Shared Infra).
- Folders can contain teams, products, or projects.
- They help apply policies and IAM roles at a broader level — for example, “Give all developers in Team A access to Dev projects.”
🧱 Projects
The main container for all resources (VMs, Cloud Storage, Databases, etc.).
Each project has:
- A unique Project ID
- Billing association
- IAM policies
You can have separate projects for Development, QA, and Production.
⚙️ Resources
These are the actual services you use:
- 🖥️ Compute Engine (VMs)
- ☁️ Cloud Run (Serverless apps)
- 📦 Cloud Storage (File storage)
These exist inside projects.
👉 This layered approach helps keep your infrastructure organized, secure, and scalable.
🏗️ 2. Google Cloud Resource Hierarchy (with Billing)
💳 Payments Profile
- Represents your payment method — similar to adding a credit card.
- Connected to a Billing Account.
🧾 Billing Account
- Pays for all the projects linked to it.
- One billing account can cover multiple projects across folders or even organizations.
🏢 Organization → Folders → Projects → Resources
The same structure continues:
- Organization manages overall access.
- Folders group related projects.
- Projects contain actual cloud resources like VM, DB, and storage.
IAM (Identity and Access Management) policies flow downward — meaning if someone has access at the Organization level, they can access everything below (unless restricted).
🪄 Example — A Real-World Analogy
Imagine your company is “TechCorp”:
- Organization: TechCorp (root)
- Folders:
- Dept A (Engineering)
- Dept B (Marketing)
- Projects under Dept A:
- Development Project
- QA Project
- Production Project
- Resources:
- Compute Engine (VMs) for app servers
- Cloud Storage for static files
- Cloud Run for backend APIs
So — all access, billing, and policies are managed from the top-down structure.
💡 Key Takeaways
- GCP resources are hierarchical for better control and governance.
- Every resource has one parent, except the Organization (which is the root).
- Projects are the building blocks of all workloads.
- Folders are optional but powerful for large organizations.
- IAM and billing flow from top to bottom.
🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.
— Latchu | Senior DevOps & Cloud Engineer
☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions
Top comments (2)
amazing blog✨👏🏻
Thanks much @yaldakhoshpey