Get started with Application Design Center (ADC) and Firebase

Firebase integrates with the Application Design Center ( ADC ) from Google Cloud to let enterprise customers meet standardization and governance needs while also empowering their app developers to ship with velocity. Using ADC ensures that infrastructure adheres to organizational standards and best practices through predefined templates which define guardrails for provisioning resources, granting IAM permissions, etc.

On this page, learn about the following:

• Overview of ADC and Firebase , including supported Firebase products
• Key personas and the required IAM roles to control access
• General workflow

Overview of ADC and Firebase

We recommend reviewing the Google Cloud documentation for an overview of ADC . The Google Cloud documentation also provides several in-depth guides for ADC , including key concepts and an initial setup guide .

When using ADC , an "app" is defined as a logical grouping of resources and services that together deliver a business function. For Firebase developers, you can think of an ADC "app" as equivalent to a Firebase project, where your registered iOS, Android, and web apps all share and have access to all the same resources and services for the project.

For getting started, we recommend working with ADC using their GUI experience called the design canvas that's available in the Google Cloud console. The design canvas lets you visualize and create architecture diagrams of the infrastructure you want available to your apps.

Note that ADC is backed by Terraform, so you'll always have access to the code definition of infrastructure that's defined using ADC .

Supported Firebase products

Here is the initial set of supported Firebase products that can be used with ADC :

• Firebase AI Logic
• Firebase Authentication
• Firebase App Check
• Cloud Firestore
• Firebase Security Rules

Key personas for using ADC

A common way to understand and use ADC is to break down ADC -related tasks based on two personas:

• Platform Engineer : This persona designs, verifies, and publishes reusable, policy-enforced ADC templates to an ADC catalog.

• Application Developer : This persona uses published ADC templates (like from the team's ADC catalog) to configure and deploy infrastructure. They also develop the app's actual codebase and features.

Required IAM roles to control access

By assigning IAM roles, you can control which project members (or principals ) can perform specific tasks.

For example, you might assign the Application Design Center Admin role ( roles/designcenter.admin ) to the Platform Engineer who needs to create and assign spaces, manage catalogs, and design templates. However, you'd likely only assign the Application Editor role ( roles/designcenter.applicationEditor ) to an Application Developer so that they can use templates, but not create templates.

The following table describes ADC -related tasks, their intended persona, and their required roles:

^{1 Several of these roles need to be set on the management project , which is a top-level resource within the Google Cloud hierarchy.}

General workflow

This section describes a general workflow for creating and using an ADC template. The steps are tagged with the persona who would usually perform the step.

1. Step 1: Set up ADC (Platform Engineer)
2. Step 2: Create a template (Platform Engineer)
3. Step 3: Use a template (Application Developer)
4. Step 4: Develop your actual app (Application Developer)

Step 1: Set up ADC (Platform Engineer)

The Platform Engineer persona (or higher) completes these tasks to set up ADC . These tasks usually only need to be completed once to have everything set up to use ADC .

1. Initial ADC setup.

   Follow the steps and guidance in the initial setup guide for ADC in the Google Cloud documentation. Note that this guide assumes that you'll set up folder-level boundaries .

   After you complete this setup, you should have a space , which is a dedicated area for a team to collaborate, create templates, and deploy applications. Make sure this space (and the folder and catalog) is shared with everyone you want to work with ADC .

2. Set up access and users for the space.

   Follow the steps in Manage space users for ADC in the Google Cloud documentation. Use the guidance described earlier on this page about Required IAM roles to control access .

3. Pre-provision projects.

   Create one or more new Google Cloud projects in the folder. Make sure that you link a Cloud Billing account to these projects. These projects will be used by your Application Developer when they deploy the infrastructure defined in the template.

4. Configure a deployment service account.

   ADC manages the automated provisioning of resources using a tightly scoped service account. This prevents the Application Developer from using their own account to deploy infrastructure.

   ADC can automatically create a tightly scoped service account on your behalf as you test the deployment of the templates you create. You also have the option to bring your own service account that has the permissions you deem to be appropriate for Application Developers.

Step 2: Create a template (Platform Engineer)

The Platform Engineer persona uses the design canvas or even Gemini Cloud Assist to create a new ADC template.

1. Define resources.

   Using the design canvas, drag-and-drop components onto the canvas and create connections between them. These components are how you define which Firebase (and Google Cloud ) services you want Application Developers to use.

   For example, the template could define resources like the following:

   • Application Developers can develop iOS, Android, and web apps that all use the resources.
   • Application Developers can use Firebase AI Logic , Firebase Authentication , Cloud Firestore , and Firebase Security Rules in their app (see a list of all supported Firebase products for ADC ).
   • Firebase Security Rules are initially set to deny all access requests by default. Then, when the Application Developer uses this template for their own deployment, they'll be able to change these Security Rules to align with their required access model.

2. Define policies.

   If you want to define policies, such as IAM roles for the deployed infrastructure or allowed regions for resources, then you need to set those in the respective interfaces for those policies. ADC does not currently support defining policies at the template-level.

   You can assign specific Firebase IAM roles to project members depending on what you want them to do. For example, if they only need to view resources in the Firebase console, then assign them the Firebase Viewer role ( roles/firebase.viewer ).

   You can set region limitations for resources at the folder or org level.

3. Add the template to a catalog.

   After you've tested your template, add it to your team's ADC catalog. This catalog must be shared with the appropriate people, in particular the Application Developers so that they can use the templates (see Step 1: Set up ADC above).

Step 3: Use a template (Application Developer)

The Application Developer persona selects a predefined template, configures it for their specific use case, and then deploys the infrastructure.

1. Select a template and configure it.

   From the ADC catalog, select a template and configure it to create an application draft . The available configurations — like possible regions for resources — are limited to those set by the Platform Engineer when they created the template.

2. Deploy the infrastructure.

   After the application draft is created, deploy the ADC app to one of the pre-provisioned projects created for infrastructure deployment (see Step 1: Set up ADC above)

   You can visit the Firebase console and view the provisioned resources and enabled services for your project.

Step 4: Develop your actual app (Application Developer)

ADC helps to set up Firebase and Google Cloud infrastructure (like provisioning resources and enabling APIs). However, it does not do the coding of the actual app that uses those resources and APIs.

Here are some important things that the Application Developer persona needs to do:

1. Connect your app's codebase to Firebase.

   Obtain and then add the Firebase configuration to each app's codebase.

   For example, if the template allows an Android app, then you must add the google-services.json file to the appropriate directory within your Android project.

2. Keep code and resources aligned.

   (if using Cloud Firestore ) Make sure to update and publish Firebase Security Rules to align with the Cloud Firestore data model for the app.

What else can you do?

• Monitor deployed ADC "apps" , which are automatically registered in App Hub. This enables consolidated monitoring, cost observation, and troubleshooting for the Firebase resources within the context of broader Google Cloud deployments.