While preparing for the GCP Professional Cloud Architect (PCA) exam, many candidates struggle with data immutability and retention policies in Cloud Storage. In practice, this decision is about balancing regulatory compliance, operational simplicity, and secure cost-effective data governance. Let’s drill into a simulated scenario.
The Scenario #
Bluefin Financial Services is a global fintech startup specializing in mortgage lending. As part of strict regulatory compliance, the company must store loan approval documents in Cloud Storage. Crucially, once an approval document is uploaded, it must remain immutable—no deletions or overwrites allowed—for a minimum of 5 years to comply with auditing requirements. Any updates to approvals must be uploaded as separate new files rather than altering existing ones.
Requirements #
Design a GCP Cloud Storage solution that guarantees no approval file can be deleted or overwritten for 5 years, while allowing new approval files to be uploaded continuously. The solution must minimize operational overhead and meet security best practices.
The Options #
- A) Create a retention policy on the Cloud Storage bucket for 5 years and lock the retention policy to prevent changes.
- B) Create the bucket with uniform bucket-level access, grant a service account the roles/storage.objectCreator role, and use it to upload new files.
- C) Encrypt the bucket with a customer-managed encryption key (CMEK) and rotate the key after 5 years.
- D) Create the bucket with fine-grained access control, grant a service account the roles/storage.objectCreator role, and use it to upload new files.
Correct Answer #
A.
The Architect’s Analysis #
Correct Answer #
Option A
Step-by-Step Winning Logic #
Setting a retention policy on the bucket enforces a legal hold on all objects, preventing any object deletion or modification within the retention period. When the retention policy is locked, it cannot be disabled or shortened accidentally, providing guarantee of immutability. This fully meets the compliance requirement that files remain unchanged and undeletable for 5 years.
The solution aligns perfectly with Google’s SRE principle of managing risk via immutable infrastructure/configuration, and reduces operational toil by relying on managed enforcement rather than custom controls.
The Traps (Distractor Analysis) #
-
Why not B or D?
Both options focus on setting object creation permissions to allow uploads only. While Object Creator roles prevent overwriting existing objects, without a retention policy, users with deletion privileges or bucket owners could still delete objects. Moreover, fine-grained or uniform access control alone does not guarantee immutability for compliance retention requirements. -
Why not C?
Encrypting with CMEK and rotating keys controls data security but does not prevent deletion or overwrites. CMEK is about data protection in transit and at rest, not immutability enforcement.
The Architect Blueprint #
Mermaid Diagram illustrating the bucket retention enforcement flow.
Diagram Note: New files are uploaded by authorized users to a bucket with a locked retention policy preventing any changes or deletions for 5 years.
The Decision Matrix (Mandatory for Professional Level) #
| Option | Est. Complexity | Est. Monthly Cost | Pros | Cons |
|---|---|---|---|---|
| A | Low | Low (Standard Storage cost) | Guarantees immutability, managed by GCP, minimal ops toil | Locked retention is irreversible, inflexible once set |
| B | Low | Low | Simple permission model, minimal cost | Does not prevent deletions, weaker immutability enforcement |
| C | Medium | Medium (KMS + rotation cost) | Data encryption and control | Does not enforce immutability, operational overhead for key management |
| D | Medium | Low | Fine-grained access controls | Complexity in permission management, no deletion protection |
Real-World Practitioner Insight #
Exam Rule #
“For the exam, always choose retention policies with locks for legal hold or compliance related immutability requirements on object data in Cloud Storage.”
Real World #
In production, many enterprises depend on retention policies combined with audit logs for regulatory compliance. Permission-only solutions often fail audits due to potential operator error or forgotten privileges.