Skip to content Skip to site navigation

Guide to Stanford GCP Setup

Learn how to set up and manage your GCP project

Before you set up a GCP Project

Review these considerations before you set up a GCP project:

  • Learn about GCP costs. Costs can accrue quickly in a GCP project. If you are new to the GCP platform, you may want to use the GCP Pricing Calculator to learn about cost before you submit your request and start to use your new project.
  • Decide how to manage your GCP project. You can choose to manage the GCP project yourself or, if you have a support agreement with another group, you can have that group manage the project in GCP. Choose the appropriate options on the request form for either scenario.
  • Learn how GCP projects are named. A naming convention is followed for GCP project names. The request form will automatically present a prefix for your project and you can choose the remainder of the project name.
  • Plan for GCP compliance requirements. Compliance requirements vary based on the types of data you will be using or storing in your GCP project. GCP is authorized for use with High Risk Data and Protected Health Information (PHI) ONLY when the GCP project  is in compliance with the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions and the Administrative Guide Section 6.3.1: Information Security as well as other regulatory requirements. If you are using High Risk Data or PHI, you must complete a Data Risk Assessment.

How your new GCP project is configured

The Identity and Access Management (IAM) roles of Project Editor and IAM Admin are granted to the individuals identified on the request form as Primary and Alternate Technical Contacts. Both these IAM roles allow the Primary and Alternate Technical Contacts to create resources in the GCP project and grant IAM permissions to others.

GCP IAM Role GCP IAM Role Description Contacts identified on the GCP Request form
    Requester Project Owner Primary Technical Contact Alternate Technical Contact Primary Billing Contact
Project Editor Create and update access for all resources within your project.      
IAM Admin Grant IAM roles to others within your project.      

To grant or revoke the Project Editor and IAM admin roles to someone else, submit a Help ticket for GCP and list the member(s) you want to add or remove.

If you are using PHI, most (but not all) GCP service offerings are available for PHI under the Stanford Business Associate Agreement (BAA).

How to secure data in your GCP Project

You must adhere to the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions and the Administrative Guide Section 6.3.1: Information Security for all data used or stored in your GCP project.

GCP is suitable for Low, Moderate and High Risk Data and all GCP service offerings are available for use.

GCP is authorized for use with High Risk Data and PHI ONLY when the GCP project is in compliance with the Minimum Security Standards and any other regulatory requirements and a Data Risk Assessment is completed.

How to access your GCP project

Once your GCP project is created, you will receive a confirmation email. The email also provides you with a login link that takes you to your new GCP project using Single Sign-On (SSO).

How GCP projects are billed

Before you place your request for a new GCP project, you MUST obtain authorization from a valid approver for each Stanford Project-Task-Award (PTA) you plan to use.

While we will not hold the provisioning of the project for PTA approval, the approver you select will be required to confirm their approval once the request is submitted.The PTA approver(s) must agree to accept all charges incurred until such time as the PTA approver terminates approval, the service has been cancelled, or the PTA has been removed from the service.

Check valid approvers for a PTA you are planning to use prior to submitting your request.

Once your GCP project is created and in use, you can view usage information on the Google Console in the Billing area (see below).

GCP console

If you want to view billing information for past months that have already been charged to PTA(s), you can use the UIT Billing Dashboard. You can find information in this quick guide about how to navigate this tool. If you need help you can reach out to the UIT Revenue Operations team.

How to learn more about GCP projects

UIT Technology Training offers multiple online training solutions to learn about specific cloud computing environments, such as Cloud Academy and LinkedIn Learning. Cloud Academy requires the purchase of a monthly or annual license, and LinkedIn Learning is free for anyone with a full-service SUNet ID.

GCP also offers training, both free and for a fee, and provides onboarding information for first time users.