The GCP bootstrap every other chapter assumes: the provider, the project as the unit of everything, the APIs you must enable first, and the keyless ways to authenticate as you and as your pipeline.
7 topics
You cannot apply anything on Google Cloud without three things the AWS world barely thinks about: a project to own the resources, the right APIs enabled inside it, and credentials the provider can find. This chapter is that bootstrap, and it is the most GCP-native chapter in the course — most of it has no clean AWS analog at all.
It opens with the google provider and its google-beta twin, then plants the project as the unit of billing, quota, and IAM. From there it covers enabling APIs and the propagation race that bites everyone, and the three keyless authentication layers — Application Default Credentials, service-account impersonation, and Workload Identity Federation — that keep static keys off your disk and out of CI. It closes with version constraints and the lock file, so two engineers run identical provider behavior. The running example is the Hatch org, hatch.io, beginning to take shape.