Google Exam Professional-Cloud-Architect Topic 10 Question 79 Discussion

This option can help create an organization structure that allows developers to create projects, but prevents them from modifying production projects. Folders are containers for projects and other folders within Google Cloud organizations. Folders allow resources to be structured hierarchically and inherit policies from their parent resources. By creating folders under the organization resource named ''Development'' and ''Production'', you can organize your projects by environment and apply different policies to them. By granting all developers the Project Creator IAM role on the ''Development'' folder, you can allow them to create projects under that folder, but not under the ''Production'' folder. By moving the developer projects into the ''Development'' folder, you can ensure that they are subject to the policies set on that folder. By setting the policies for all projects on the organization, you can manage policies centrally and efficiently. By additionally setting the production policies on the ''Production'' folder, you can enforce more restrictive policies for production projects and prevent developers from modifying them. The other options are not optimal for this scenario, because they either create a second Google Workspace account and organization, which increases complexity and cost (A), or do not use folders to organize projects by environment, which makes it harder to manage policies and permissions (B, D). Reference:

https://cloud.google.com/resource-manager/docs/creating-managing-folders

https://cloud.google.com/architecture/framework/system-design