The Google Cloud CLI is a set of tools used to create and manage Google Cloud resources. It includes a number of tools like gcloud, gsutil and bq and is very easy to setup: grab the package corresponding to the CPU architecture and run “./google-cloud-sdk/install.sh”.
Table of contents
Initialize gcloud CLI
george@ukconsult.cloud-MacBook-Pro google-cloud-sdk % gcloud init
Welcome! This command will take you through the configuration of gcloud.
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
You must log in to continue. Would you like to log in (Y/n)? y
You are logged in as: [info@ukconsult.cloud].
Pick cloud project to use:
[1] radiant-saga-347720
[2] Enter a project ID
[3] Create a new project
Please enter numeric choice or text value (must exactly match list item): 1
Your current project has been set to: [radiant-saga-347720].Richness in functionality
In contrast to other public cloud providers, Google Cloud CLI is very powerful and contains a suite of tools that can be installed as needed.
george@ukconsult.cloud-MacBook-Pro google-cloud-sdk % gcloud components list
Your current Google Cloud CLI version is: 382.0.0
The latest available version is: 382.0.0
To install or remove components at your current SDK version [382.0.0], run:
$ gcloud components install COMPONENT_ID
$ gcloud components remove COMPONENT_ID
To update your SDK installation to the latest version [382.0.0], run:
$ gcloud components update
george@ukconsult.cloud-MacBook-Pro google-cloud-sdk %Command Structure and Help
There is no need to remember complex commands and if you remember these two, it would be relatively easy to discover how to do anything. The following two commands can be used to discover command syntax or full help. For example for brief syntax add “-h” at the end of command whereas for full help add “–help”:
george@ukconsult.cloud-MacBook-Pro google-cloud-sdk % gcloud -h
Usage: gcloud [optional flags] <group | command>
group may be access-approval | access-context-manager |
active-directory | ai | ai-platform | anthos |
api-gateway | apigee | app | artifacts | asset |
assured | auth | bigtable | billing | bms | builds |
cloud-shell | components | composer | compute |
config | container | data-catalog |
database-migration | dataflow | dataplex | dataproc |
datastore | datastream | debug | deploy |
deployment-manager | dns | domains | edge-cloud |
emulators | endpoints | essential-contacts | eventarc |
filestore | firebase | firestore | functions | game |
healthcare | iam | iap | identity | ids | iot | kms |
logging | memcache | metastore | ml | ml-engine |
monitoring | network-connectivity |
network-management | network-security |
network-services | notebooks | org-policies |
organizations | policy-intelligence |
policy-troubleshoot | privateca | projects | pubsub |
recaptcha | recommender | redis | resource-manager |
resource-settings | run | scc | scheduler | secrets |
service-directory | services | source | spanner | sql |
tasks | topic | transcoder | transfer | workflows |
workspace-add-ons
command may be cheat-sheet | docker | feedback | help | info | init |
survey | version
For detailed information on this command and its flags, run:
gcloud --help
george@ukconsult.cloud-MacBook-Pro google-cloud-sdk %george@ukconsult.cloud-MacBook-Pro google-cloud-sdk % gcloud -h
Usage: gcloud [optional flags] <group | command>
group may be access-approval | access-context-manager |
active-directory | ai | ai-platform | anthos |
api-gateway | apigee | app | artifacts | asset |
assured | auth | bigtable | billing | bms | builds |
cloud-shell | components | composer | compute |
config | container | data-catalog |
database-migration | dataflow | dataplex | dataproc |
datastore | datastream | debug | deploy |
deployment-manager | dns | domains | edge-cloud |
emulators | endpoints | essential-contacts | eventarc |
filestore | firebase | firestore | functions | game |
NAME
gcloud - manage Google Cloud resources and developer workflow
SYNOPSIS
gcloud GROUP | COMMAND [--account=ACCOUNT]
[--billing-project=BILLING_PROJECT] [--configuration=CONFIGURATION]
[--flags-file=YAML_FILE] [--flatten=[KEY,...]] [--format=FORMAT]
[--help] [--project=PROJECT_ID] [--quiet, -q]
[--verbosity=VERBOSITY; default="warning"] [--version, -v] [-h]
[--access-token-file=ACCESS_TOKEN_FILE]
[--impersonate-service-account=SERVICE_ACCOUNT_EMAILS] [--log-http]
[--trace-token=TRACE_TOKEN] [--no-user-output-enabled]
DESCRIPTION
The gcloud CLI manages authentication, local configuration, developer
workflow, and interactions with the Google Cloud APIs.
For a quick introduction to the gcloud CLI, a list of commonly used
commands, and a look at how these commands are structured, run gcloud
cheat-sheet or refer to the `gcloud` CLI cheat sheet
(https://cloud.google.com/sdk/docs/cheatsheet)
GLOBAL FLAGS
--account=ACCOUNT
Google Cloud user account to use for invocation. Overrides the default
core/account property value for this command invocation.
--billing-project=BILLING_PROJECT
The Google Cloud project that will be charged quota for operations
performed in gcloud. If you need to operate on one project, but need
quota against a different project, you can use this flag to specify the
billing project. If both billing/quota_project and --billing-project
are specified, --billing-project takes precedence. Run $ gcloud config
set --help to see more information about billing/quota_project.
--configuration=CONFIGURATION
The configuration to use for this command invocation. For more
information on how to use configurations, run: gcloud topic
configurations. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME
environment variable to set the equivalent of this flag for a terminal
session.
--flags-file=YAML_FILE
A YAML or JSON file that specifies a --flag:value dictionary. Useful
for specifying complex flag values with special characters that work
with any command interpreter. Additionally, each --flags-file arg is
replaced by its constituent flags. See $ gcloud topic flags-file for
more information.
--flatten=[KEY,...]
Flatten name[] output resource slices in KEY into separate records for
each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for --format and --filter. For example,
--flatten=abc.def flattens abc.def[].ghi references to abc.def.ghi. A
resource record containing abc.def[] with N elements will expand to N
records in the flattened output. This allows us to specify what
resource-key the filter will operate on. This flag interacts with other
flags that are applied in this order: --flatten, --sort-by, --filter,
--limit.
--format=FORMAT
Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: config, csv, default, diff, disable, flattened, get, json, list,
multi, none, object, table, text, value, yaml. For more details run $
gcloud topic formats.
--help
Display detailed help.
--project=PROJECT_ID
The Google Cloud project ID to use for this invocation. If omitted,
then the current project is assumed; the current project can be listed
using gcloud config list --format='text(core.project)' and can be set
using gcloud config set project PROJECTID.
--project and its fallback core/project property play two roles in the
invocation. It specifies the project of the resource to operate on. It
also specifies the project for API enablement check, quota, and
billing. To specify a different project for quota and billing, use
--billing-project or billing/quota_project property.
--quiet, -q
Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable CLOUDSDK_CORE_DISABLE_PROMPTS to 1.
--verbosity=VERBOSITY; default="warning"
Override the default verbosity for this command. Overrides the default
core/verbosity property value for this command invocation. VERBOSITY
must be one of: debug, info, warning, error, critical, none.
--version, -v
Print version information and exit. This flag is only available at the
global level.
-h
Print a summary help and exit.
OTHER FLAGS
--access-token-file=ACCESS_TOKEN_FILE
A file path to read the access token. Use this flag to authenticate
gcloud with an access token. The credentials of the active account (if
exists) will be ignored. The file should only contain an access token
with no other information. Overrides the default auth/access_token_file
property value for this command invocation.
--impersonate-service-account=SERVICE_ACCOUNT_EMAILS
For this gcloud invocation, all API requests will be made as the given
service account or target service account in an impersonation
delegation chain instead of the currently selected account. You can
specify either a single service account as the impersonator, or a
comma-separated list of service accounts to create an impersonation
delegation chain. The impersonation is done without needing to create,
download, and activate a key for the service account or accounts.
In order to make API requests as a service account, your currently
selected account must have an IAM role that includes the
iam.serviceAccounts.getAccessToken permission for the service account
or accounts.
The roles/iam.serviceAccountTokenCreator role has the
iam.serviceAccounts.getAccessToken permission. You can also create a
custom role.
You can specify a list of service accounts, separated with commas. This
creates an impersonation delegation chain in which each service account
delegates its permissions to the next service account in the chain.
Each service account in the list must have the
roles/iam.serviceAccountTokenCreator role on the next service account
in the list. For example, when --impersonate-service-account=
SERVICE_ACCOUNT_1,SERVICE_ACCOUNT_2, the active account must have the
roles/iam.serviceAccountTokenCreator role on SERVICE_ACCOUNT_1, which
must have the roles/iam.serviceAccountTokenCreator role on
SERVICE_ACCOUNT_2. SERVICE_ACCOUNT_1 is the impersonated service
account and SERVICE_ACCOUNT_2 is the delegate.
Overrides the default auth/impersonate_service_account property value
for this command invocation.
--log-http
Log all HTTP server requests and responses to stderr. Overrides the
default core/log_http property value for this command invocation.
--trace-token=TRACE_TOKEN
Token used to route traces of service requests for investigation of
issues. Overrides the default core/trace_token property value for this
command invocation.
--user-output-enabled
Print user intended output to the console. Overrides the default
core/user_output_enabled property value for this command invocation.
Use --no-user-output-enabled to disable.
GROUPS
GROUP is one of the following:
access-approval
Manage Access Approval requests and settings.
access-context-manager
Manage Access Context Manager resources.
active-directory
Manage Managed Microsoft AD resources.
ai
Manage entities in Vertex AI.
ai-platform
Manage AI Platform jobs and models.
anthos
Anthos command Group.
api-gateway
Manage Cloud API Gateway resources.
apigee
Manage Apigee resources.
app
Manage your App Engine deployments.
artifacts
Manage Artifact Registry resources.
asset
Manage the Cloud Asset Inventory.
assured
Read and manipulate Assured Workloads data controls.
auth
Manage oauth2 credentials for the Google Cloud CLI.
bigtable
Manage your Cloud Bigtable storage.
billing
Manage billing accounts and associate them with projects.
bms
Manage Bare Metal Solution resources.
builds
Create and manage builds for Google Cloud Build.
cloud-shell
Manage Google Cloud Shell.
components
List, install, update, or remove Google Cloud CLI components.
composer
Create and manage Cloud Composer Environments.
compute
Create and manipulate Compute Engine resources.
config
View and edit Google Cloud CLI properties.
container
Deploy and manage clusters of machines for running containers.
data-catalog
Manage Data Catalog resources.
database-migration
Manage Database Migration Service resources.
dataflow
Manage Google Cloud Dataflow resources.
dataplex
Manage Dataplex resources.
dataproc
Create and manage Google Cloud Dataproc clusters and jobs.
datastore
Manage your Cloud Datastore resources.
datastream
Manage Cloud Datastream resources.
debug
Commands for interacting with the Cloud Debugger.
deploy
Create and manage Google Cloud Deploy resources.
deployment-manager
Manage deployments of cloud resources.
dns
Manage your Cloud DNS managed-zones and record-sets.
domains
Manage domains for your Google Cloud projects.
edge-cloud
Manage edge-cloud resources.
emulators
Set up your local development environment using emulators.
endpoints
Create, enable and manage API services.
essential-contacts
Manage Essential Contacts.
eventarc
Manage Eventarc resources.
filestore
Create and manipulate Filestore resources.
firebase
Work with Google Firebase.
firestore
Manage your Cloud Firestore resources.
functions
Manage Google Cloud Functions.
game
Managed Cloud Game Services.
healthcare
Manage Cloud Healthcare resources.
iam
Manage IAM service accounts and keys.
iap
Manage IAP policies.
identity
Manage Cloud Identity Groups and Memberships resources.
ids
Manage Cloud IDS.
iot
Manage Cloud IoT resources.
kms
Manage cryptographic keys in the cloud.
logging
Manage Cloud Logging.
memcache
Manage Cloud Memorystore Memcached resources.
metastore
Manage Dataproc Metastore resources.
ml
Use Google Cloud machine learning capabilities.
ml-engine
Manage AI Platform jobs and models.
monitoring
Manage Cloud Monitoring dashboards.
network-connectivity
Manage Network Connectivity Center resources.
network-management
Manage Network Management resources.
network-security
Manage Network Security resources.
network-services
Manage Network Services resources.
notebooks
Notebooks Command Group.
org-policies
Create and manage Organization Policies.
organizations
Create and manage Google Cloud Platform Organizations.
policy-intelligence
A platform to help better understand, use and manage policies at scale.
policy-troubleshoot
Troubleshoot Google Cloud Platform policies.
privateca
Manage private Certificate Authorities on Google Cloud.
projects
Create and manage project access policies.
pubsub
Manage Cloud Pub/Sub topics, subscriptions, and snapshots.
recaptcha
Manage reCAPTCHA Enterprise Keys.
recommender
Manage Cloud recommendations and recommendation rules.
redis
Manage Cloud Memorystore Redis resources.
resource-manager
Manage Cloud Resources.
resource-settings
Create and manage Resource Settings.
run
Manage your Cloud Run applications.
scc
Manage Cloud SCC resources.
scheduler
Manage Cloud Scheduler jobs and schedules.
secrets
Manage secrets on Google Cloud.
service-directory
Command groups for Service Directory.
services
List, enable and disable APIs and services.
source
Cloud git repository commands.
Cloud git repository commands.
Manage Cloud Memorystore Redis resources.
resource-manager
Manage Cloud Resources.
resource-settings
Create and manage Resource Settings.
run
Manage your Cloud Run applications.
scc
Manage Cloud SCC resources.
scheduler
Manage Cloud Scheduler jobs and schedules.
secrets
Manage secrets on Google Cloud.
service-directory
Command groups for Service Directory.
services
List, enable and disable APIs and services.
source
Cloud git repository commands.
spanner
Command groups for Cloud Spanner.
sql
Create and manage Google Cloud SQL databases.
tasks
Manage Cloud Tasks queues and tasks.
topic
gcloud supplementary help.
transcoder
Manage Transcoder jobs and job templates.
transfer
Manage Transfer Service jobs, operations, and agents.
workflows
Manage your Cloud Workflows resources.
workspace-add-ons
Manage Google Workspace Add-ons resources.Google Cloud CLI Installation instructions