gcloud CLI Cheatsheet

The gcloud command-line interface is the primary CLI tool to create and manage Google Cloud resources.

Core Concepts

• Command Structure: gcloud [GROUP] [SUBGROUP] [COMMAND] [ENTITY] [FLAGS/ARGS]
  • Example: gcloud compute instances create my-instance --zone=us-central1-a
• Configuration: gcloud uses named configurations (default is default). Settings include account, project, region, zone.
• Flags: Modify command behavior (e.g., --project, --zone, --format, --quiet).
• Positional Arguments: Usually identify the specific resource (e.g., instance name, bucket name).
• Help: Use gcloud help or gcloud [COMMAND] --help for detailed information.

Installation & Initialization

• Install: Follow official instructions: https://cloud.google.com/sdk/docs/install
• Initialize/Setup: Run this first after installation. Logs you in, sets up a default project, region, and zone.

  gcloud init
  

• Re-initialize specific steps:

  gcloud init --console-only # Non-interactive
  gcloud init --skip-diagnostics
  

Authentication & Authorization

• Login with User Account: Opens a browser window for authentication.

  gcloud auth login
  

• Login with Service Account: Use a key file.

  gcloud auth activate-service-account --key-file=/path/to/key.json
  

• List Authenticated Accounts:

  gcloud auth list
  

• Set Active Account:

  gcloud config set account ACCOUNT_EMAIL
  

• Revoke Credentials:

  gcloud auth revoke ACCOUNT_EMAIL
  

• Print Access Token:

  gcloud auth print-access-token
  

• Print Identity Token:

  gcloud auth print-identity-token
  

Configuration Management

• List Configurations:

  gcloud config configurations list
  

• Create a New Configuration:

  gcloud config configurations create my-config-name
  

• Activate a Configuration:

  gcloud config configurations activate my-config-name
  

• Describe a Configuration:

  gcloud config configurations describe my-config-name
  

• List Current Configuration Settings:

  gcloud config list
  

• Set a Property (Project, Region, Zone):

  gcloud config set project [PROJECT_ID]
  gcloud config set compute/region [REGION] # e.g., us-central1
  gcloud config set compute/zone [ZONE]     # e.g., us-central1-a
  

• Unset a Property:

  gcloud config unset compute/zone
  

• Get a Specific Property Value:

  gcloud config get-value project
  

What's my current Project?

To check the current project:

gcloud config get-value project

# or find the project in the full config
gcloud config list

To set project:

gcloud config set project

To list the projects you have access to:

gcloud projects list

What's my current Organization?

gcloud doesn't have a direct configuration setting for a "current organization" in the same way it has for a "current project".

To get the associated org of the current project:

gcloud projects get-ancestors $(gcloud config get-value project)

To list the organizations you have access to:

gcloud organizations list

Common Global Flags

• --project=[PROJECT_ID]: Specify the project for this command only.
• --quiet or -q: Disable interactive prompts (useful for scripts).
• --format=[FORMAT]: Specify output format (json, yaml, text, table, csv, value(.), list).
• --filter=[EXPRESSION]: Filter results based on resource attributes (e.g., --filter="status=RUNNING AND zone:us-central1").
• --sort-by=[FIELD]: Sort results (e.g., --sort-by=~name for descending name).
• --limit=[NUMBER]: Limit the number of results.
• --page-size=[NUMBER]: Set the number of results per page.
• --verbosity=[LEVEL]: Set log level (debug, info, warning, error, critical, none).
• --impersonate-service-account=[SA_EMAIL]: Run command as a service account.

Common Service Commands

(Replace [PLACEHOLDERS] with your values)

Compute Engine (GCE)

• List instances:

  gcloud compute instances list
  

• Describe instance:

  gcloud compute instances describe [INSTANCE_NAME] --zone=[ZONE]
  

• Create instance:

  gcloud compute instances create [INSTANCE_NAME] --zone=[ZONE] --machine-type=e2-medium --image-project=debian-cloud --image-family=debian-11
  

• Stop instance:

  gcloud compute instances stop [INSTANCE_NAME] --zone=[ZONE]
  

• Start instance:

  gcloud compute instances start [INSTANCE_NAME] --zone=[ZONE]
  

• Delete instance:

  gcloud compute instances delete [INSTANCE_NAME] --zone=[ZONE]
  

• SSH into instance:

  gcloud compute ssh [INSTANCE_NAME] --zone=[ZONE]
  

• Copy files (SCP):
  • Local to Remote:

    gcloud compute scp /local/path [INSTANCE_NAME]:/remote/path --zone=[ZONE]
    

  • Remote to Local:

    gcloud compute scp [INSTANCE_NAME]:/remote/path /local/path --zone=[ZONE]
    

Kubernetes Engine (GKE)

• List clusters:

  gcloud container clusters list
  

• Describe cluster:

  gcloud container clusters describe [CLUSTER_NAME] --region=[REGION]
  

  (or --zone)
• Create cluster:

  gcloud container clusters create [CLUSTER_NAME] --region=[REGION] --num-nodes=1
  

• Get credentials (configures kubectl):

  gcloud container clusters get-credentials [CLUSTER_NAME] --region=[REGION]
  

• Delete cluster:

  gcloud container clusters delete [CLUSTER_NAME] --region=[REGION]
  

Cloud Storage (GCS)

gcloud storage is preferred over legacy gsutil.

• List buckets:

  gcloud storage buckets list
  

• List objects in bucket:

  gcloud storage ls gs://[BUCKET_NAME]
  

• Create bucket:

  gcloud storage buckets create gs://[BUCKET_NAME] --location=[LOCATION]
  

  (e.g., US-CENTRAL1)
• Copy file/object:
  • Local to Bucket:

    gcloud storage cp /local/file gs://[BUCKET_NAME]/
    

  • Bucket to Local:

    gcloud storage cp gs://[BUCKET_NAME]/object /local/dir/
    

  • Bucket to Bucket:

    gcloud storage cp gs://[BUCKET1]/obj1 gs://[BUCKET2]/obj2
    

• Move/Rename object:

  gcloud storage mv gs://[BUCKET]/old_name gs://[BUCKET]/new_name
  

• Remove object:

  gcloud storage rm gs://[BUCKET_NAME]/object_name
  

• Remove bucket (must be empty):

  gcloud storage rm --recursive gs://[BUCKET_NAME]
  

  (Use buckets delete for non-empty)
• Delete bucket:

  gcloud storage buckets delete gs://[BUCKET_NAME]
  

Cloud SQL

• List instances:

  gcloud sql instances list
  

• Describe instance:

  gcloud sql instances describe [INSTANCE_NAME]
  

• Connect (starts proxy):

  gcloud sql connect [INSTANCE_NAME] --user=[DB_USER]
  

• Create user:

  gcloud sql users create [DB_USER] --instance=[INSTANCE_NAME] --password=[PASSWORD]
  

  (or prompt)
• Export data:

  gcloud sql export sql [INSTANCE_NAME] gs://[BUCKET_NAME]/dump.sql.gz --database=[DATABASE_NAME]
  

• Import data:

  gcloud sql import sql [INSTANCE_NAME] gs://[BUCKET_NAME]/dump.sql.gz --database=[DATABASE_NAME]
  

IAM (Identity and Access Management)

• Get project IAM policy:

  gcloud projects get-iam-policy [PROJECT_ID]
  

• Add IAM policy binding:

  gcloud projects add-iam-policy-binding [PROJECT_ID] --member=[MEMBER] --role=[ROLE]
  

  • [MEMBER]: user:email, serviceAccount:email, group:email, domain:domain
  • [ROLE]: e.g., roles/viewer, roles/storage.objectAdmin
• Remove IAM policy binding:

  gcloud projects remove-iam-policy-binding [PROJECT_ID] --member=[MEMBER] --role=[ROLE]
  

Cloud Run

• Deploy service: (example)

  gcloud run deploy [SERVICE_NAME] --image=gcr.io/[PROJECT_ID]/[IMAGE_NAME] --platform=managed --region=[REGION] --allow-unauthenticated
  

• List services:

  gcloud run services list --platform=managed --region=[REGION]
  

• Describe service:

  gcloud run services describe [SERVICE_NAME] --platform=managed --region=[REGION]
  

• Delete service:

  gcloud run services delete [SERVICE_NAME] --platform=managed --region=[REGION]
  

Cloud Logging

• Read log entries:

  gcloud logging read "[FILTER]" --limit=10
  

  • Example Filter: resource.type="gce_instance" AND severity>=ERROR
  • Example Filter: resource.type="cloud_function" AND resource.labels.function_name="my-function"

Pub/Sub

• List topics:

  gcloud pubsub topics list
  

• Create topic:

  gcloud pubsub topics create [TOPIC_NAME]
  

• Publish message:

  gcloud pubsub topics publish [TOPIC_NAME] --message "Hello World"
  

• List subscriptions:

  gcloud pubsub subscriptions list
  

• Create subscription:

  gcloud pubsub subscriptions create [SUB_NAME] --topic [TOPIC_NAME]
  

• Pull messages:

  gcloud pubsub subscriptions pull [SUB_NAME] --auto-ack --limit=10
  

Output Formatting

• Get JSON output:

  gcloud compute instances list --format=json
  

• Get specific value (e.g., first instance's name):

  gcloud compute instances list --format="value(name)" --limit=1
  

• Get specific values from list into table:

  gcloud compute instances list --format="table(name, zone, status)"
  

• Complex projection (machine type of instances named 'test'):

  gcloud compute instances list --filter="name~'^test'" --format='value(machineType)'
  

Scripting Tips

• Always use --quiet (-q) to avoid interactive prompts.
• Use --format=json or --format=yaml for parsing output in scripts.
• Use --format='value(field.subfield)' to extract single values directly.
• Use --filter to narrow down results server-side before processing.
• Check command exit codes ($? in bash) for success (0) or failure (non-zero).

Getting Help

• General help: gcloud help
• Help for a specific command group (e.g., compute): gcloud compute help
• Help for a specific command (e.g., compute instances create): gcloud compute instances create --help