Foundations & Operations
1) Landing Zone & IAM
- Org/folder/project hierarchy; least-privilege IAM; centralized billing.
- Policy guardrails (org policies, CMEK/KMS, VPC-SC when needed).
2) Networking & Security
- Shared VPC, private connectivity, Cloud NAT; firewall hygiene.
- Edge protection (Cloud Armor/WAF); SSL/TLS everywhere.
3) GKE & App Platform
- Workload Identity, autoscaling, multi-zone pools; Gateway/Istio.
- Observability: Google Managed Prometheus, logs/traces, SLOs.
4) Data & AI
- Dataflow pipelines, BigQuery datasets (partition/cluster); DLP where needed.
- Model lifecycle with Vertex AI; governance & lineage.
5) Cost & Reliability
- Budgets + alerts, committed use discounts, autoscaling.
- Backups, DR runbooks, regional storage/PDs for critical paths.