Neon Law Foundation | Network, SQL, and three buckets

Network, SQL, and three buckets

With the APIs on, the CLI provisions the data plane over REST:

A custom-mode VPC — no auto-created subnets, regional routing.
A Cloud SQL for Postgres instance running Postgres 15, with a navigator database and a web user.
Three Cloud Storage buckets, all uniform bucket-level access: -assets (public), -documents (private client documents), -logs (Nearline audit logs).

Presenter notes

The Cloud SQL for Postgres docs cover the instance; the web user's password is generated for you and printed to stderr exactly once — copy it then, because it is never stored or echoed again. (In --dry-run no password is generated or printed.) The three buckets are: your-project-id-assets — public marketing photography, the only bucket that ever gets a public binding; your-project-id-documents — private client documents, where web writes content-addressed blobs, kept separate from assets so confidential data is never co-mingled with anything public; and your-project-id-logs — long-lived audit and access logs, on the Nearline class because they are written far more than read. Every create call treats an HTTP 409 Conflict as success — that is Google's "already exists" response — which is exactly what makes re-running setup safe rather than destructive.

View all slides