GCP Basics
gcloud CLI & Setup
# Install Google Cloud SDK
# For Ubuntu/Debian:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt-get install apt-transport-https ca-certificates gnupg
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install google-cloud-sdk
# Initialize gcloud
gcloud init
gcloud auth login
gcloud config set project PROJECT_ID
gcloud config set compute/zone us-central1-a
# Basic gcloud commands
gcloud info
gcloud version
gcloud components update
gcloud config list
gcloud projects list
gcloud auth list
# Service account management
gcloud iam service-accounts list
gcloud iam service-accounts create SA_NAME
gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SA_NAME@PROJECT_ID.iam.gserviceaccount.com" --role="roles/editor"
# For Ubuntu/Debian:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt-get install apt-transport-https ca-certificates gnupg
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install google-cloud-sdk
# Initialize gcloud
gcloud init
gcloud auth login
gcloud config set project PROJECT_ID
gcloud config set compute/zone us-central1-a
# Basic gcloud commands
gcloud info
gcloud version
gcloud components update
gcloud config list
gcloud projects list
gcloud auth list
# Service account management
gcloud iam service-accounts list
gcloud iam service-accounts create SA_NAME
gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SA_NAME@PROJECT_ID.iam.gserviceaccount.com" --role="roles/editor"
Project & Billing
# Project management
gcloud projects create PROJECT_ID --name="Project Name"
gcloud projects describe PROJECT_ID
gcloud projects list
gcloud projects delete PROJECT_ID
# Billing management
gcloud billing accounts list
gcloud beta billing projects link PROJECT_ID --billing-account=BILLING_ACCOUNT_ID
# Enable APIs
gcloud services list --available
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable storage-component.googleapis.com
# IAM & Permissions
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud projects get-iam-policy PROJECT_ID
gcloud projects add-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
# Quota management
gcloud compute project-info describe --project PROJECT_ID
gcloud compute regions describe us-central1
gcloud projects create PROJECT_ID --name="Project Name"
gcloud projects describe PROJECT_ID
gcloud projects list
gcloud projects delete PROJECT_ID
# Billing management
gcloud billing accounts list
gcloud beta billing projects link PROJECT_ID --billing-account=BILLING_ACCOUNT_ID
# Enable APIs
gcloud services list --available
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable storage-component.googleapis.com
# IAM & Permissions
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud projects get-iam-policy PROJECT_ID
gcloud projects add-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
# Quota management
gcloud compute project-info describe --project PROJECT_ID
gcloud compute regions describe us-central1
Compute Services
Compute Engine
# VM instance management
gcloud compute instances list
gcloud compute instances create instance-1 --machine-type=n1-standard-1 --image-family=debian-10 --image-project=debian-cloud
gcloud compute instances create instance-2 --preemptible --maintenance-policy=TERMINATE
gcloud compute instances describe instance-1
gcloud compute instances stop instance-1
gcloud compute instances start instance-1
gcloud compute instances delete instance-1
# SSH into instances
gcloud compute ssh instance-1 --zone=us-central1-a
gcloud compute scp local-file.txt instance-1:remote-file.txt
# Disk management
gcloud compute disks create disk-1 --size=100GB --type=pd-ssd
gcloud compute disks snapshot disk-1 --snapshot-names=snapshot-1
gcloud compute disks list
# Instance groups
gcloud compute instance-templates create template-1 --machine-type=n1-standard-1 --image=debian-9-stretch-v20200805
gcloud compute instance-groups managed create group-1 --base-instance-name=instance-group-1 --template=template-1 --size=3
gcloud compute instance-groups managed set-autoscaling group-1 --max-num-replicas=10 --min-num-replicas=3 --target-cpu-utilization=0.8
# Firewall rules
gcloud compute firewall-rules create allow-http --allow=tcp:80 --target-tags=http-server
gcloud compute firewall-rules create allow-https --allow=tcp:443 --target-tags=https-server
gcloud compute firewall-rules list
gcloud compute instances list
gcloud compute instances create instance-1 --machine-type=n1-standard-1 --image-family=debian-10 --image-project=debian-cloud
gcloud compute instances create instance-2 --preemptible --maintenance-policy=TERMINATE
gcloud compute instances describe instance-1
gcloud compute instances stop instance-1
gcloud compute instances start instance-1
gcloud compute instances delete instance-1
# SSH into instances
gcloud compute ssh instance-1 --zone=us-central1-a
gcloud compute scp local-file.txt instance-1:remote-file.txt
# Disk management
gcloud compute disks create disk-1 --size=100GB --type=pd-ssd
gcloud compute disks snapshot disk-1 --snapshot-names=snapshot-1
gcloud compute disks list
# Instance groups
gcloud compute instance-templates create template-1 --machine-type=n1-standard-1 --image=debian-9-stretch-v20200805
gcloud compute instance-groups managed create group-1 --base-instance-name=instance-group-1 --template=template-1 --size=3
gcloud compute instance-groups managed set-autoscaling group-1 --max-num-replicas=10 --min-num-replicas=3 --target-cpu-utilization=0.8
# Firewall rules
gcloud compute firewall-rules create allow-http --allow=tcp:80 --target-tags=http-server
gcloud compute firewall-rules create allow-https --allow=tcp:443 --target-tags=https-server
gcloud compute firewall-rules list
Kubernetes Engine (GKE)
# Cluster management
gcloud container clusters list
gcloud container clusters create my-cluster --num-nodes=3 --machine-type=n1-standard-2
gcloud container clusters create my-cluster --enable-autoscaling --min-nodes=1 --max-nodes=5
gcloud container clusters get-credentials my-cluster
gcloud container clusters delete my-cluster
# Node pools
gcloud container node-pools list --cluster=my-cluster
gcloud container node-pools create pool-1 --cluster=my-cluster --num-nodes=2 --machine-type=n1-standard-2
gcloud container node-pools delete pool-1 --cluster=my-cluster
# GKE Autopilot
gcloud container clusters create-auto my-autopilot-cluster --region=us-central1
# Workload management
gcloud container images list
gcloud container images list-tags gcr.io/my-project/my-image
gcloud builds submit --tag gcr.io/my-project/my-image .
# Using kubectl with GKE
kubectl get nodes
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=LoadBalancer
kubectl get services
kubectl scale deployment nginx --replicas=3
# GKE features
gcloud container clusters update my-cluster --enable-network-policy
gcloud container clusters update my-cluster --enable-ip-alias
gcloud container clusters list
gcloud container clusters create my-cluster --num-nodes=3 --machine-type=n1-standard-2
gcloud container clusters create my-cluster --enable-autoscaling --min-nodes=1 --max-nodes=5
gcloud container clusters get-credentials my-cluster
gcloud container clusters delete my-cluster
# Node pools
gcloud container node-pools list --cluster=my-cluster
gcloud container node-pools create pool-1 --cluster=my-cluster --num-nodes=2 --machine-type=n1-standard-2
gcloud container node-pools delete pool-1 --cluster=my-cluster
# GKE Autopilot
gcloud container clusters create-auto my-autopilot-cluster --region=us-central1
# Workload management
gcloud container images list
gcloud container images list-tags gcr.io/my-project/my-image
gcloud builds submit --tag gcr.io/my-project/my-image .
# Using kubectl with GKE
kubectl get nodes
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=LoadBalancer
kubectl get services
kubectl scale deployment nginx --replicas=3
# GKE features
gcloud container clusters update my-cluster --enable-network-policy
gcloud container clusters update my-cluster --enable-ip-alias
App Engine & Cloud Functions
# App Engine
# app.yaml for Python
runtime: python39
entrypoint: gunicorn -b :$PORT main:app
env_variables:
MY_VAR: 'my_value'
# Deploy to App Engine
gcloud app deploy app.yaml --version=1 --promote
gcloud app browse
gcloud app logs tail -s default
gcloud app versions list
gcloud app versions delete 1
# Cloud Functions
# Deploy HTTP function
gcloud functions deploy my-function --runtime=python39 --trigger-http --allow-unauthenticated --entry-point=hello_http
# Deploy background function
gcloud functions deploy my-function --runtime=python39 --trigger-topic=my-topic --entry-point=hello_pubsub
# Manage functions
gcloud functions list
gcloud functions describe my-function
gcloud functions delete my-function
gcloud functions logs read my-function
# Cloud Run
gcloud run deploy my-service --image=gcr.io/my-project/my-image --platform=managed --region=us-central1 --allow-unauthenticated
gcloud run services list --platform=managed
gcloud run services describe my-service --platform=managed --region=us-central1
# app.yaml for Python
runtime: python39
entrypoint: gunicorn -b :$PORT main:app
env_variables:
MY_VAR: 'my_value'
# Deploy to App Engine
gcloud app deploy app.yaml --version=1 --promote
gcloud app browse
gcloud app logs tail -s default
gcloud app versions list
gcloud app versions delete 1
# Cloud Functions
# Deploy HTTP function
gcloud functions deploy my-function --runtime=python39 --trigger-http --allow-unauthenticated --entry-point=hello_http
# Deploy background function
gcloud functions deploy my-function --runtime=python39 --trigger-topic=my-topic --entry-point=hello_pubsub
# Manage functions
gcloud functions list
gcloud functions describe my-function
gcloud functions delete my-function
gcloud functions logs read my-function
# Cloud Run
gcloud run deploy my-service --image=gcr.io/my-project/my-image --platform=managed --region=us-central1 --allow-unauthenticated
gcloud run services list --platform=managed
gcloud run services describe my-service --platform=managed --region=us-central1
Cloud Storage
# Bucket management
gsutil mb gs://my-bucket
gsutil ls
gsutil du -h gs://my-bucket
gsutil rb gs://my-bucket
# File operations
gsutil cp file.txt gs://my-bucket/
gsutil cp gs://my-bucket/file.txt .
gsutil mv gs://my-bucket/file.txt gs://my-bucket/newfile.txt
gsutil rm gs://my-bucket/file.txt
gsutil rsync -r ./dir gs://my-bucket/dir
# Access control
gsutil iam ch user:email@gmail.com:objectViewer gs://my-bucket
gsutil iam get gs://my-bucket
gsutil defacl set public-read gs://my-bucket
gsutil acl set private gs://my-bucket
# Lifecycle management
# Create lifecycle.json
{
"rule": [
{
"action": {"type": "Delete"},
"condition": {"age": 365}
}
]
}
gsutil lifecycle set lifecycle.json gs://my-bucket
gsutil lifecycle get gs://my-bucket
# Versioning
gsutil versioning set on gs://my-bucket
gsutil ls -a gs://my-bucket
gsutil cp gs://my-bucket/file.txt#1234567890 .
# Transfer Service
gcloud transfer jobs create gs://source-bucket gs://dest-bucket
gcloud transfer jobs list
gcloud transfer operations list
gsutil mb gs://my-bucket
gsutil ls
gsutil du -h gs://my-bucket
gsutil rb gs://my-bucket
# File operations
gsutil cp file.txt gs://my-bucket/
gsutil cp gs://my-bucket/file.txt .
gsutil mv gs://my-bucket/file.txt gs://my-bucket/newfile.txt
gsutil rm gs://my-bucket/file.txt
gsutil rsync -r ./dir gs://my-bucket/dir
# Access control
gsutil iam ch user:email@gmail.com:objectViewer gs://my-bucket
gsutil iam get gs://my-bucket
gsutil defacl set public-read gs://my-bucket
gsutil acl set private gs://my-bucket
# Lifecycle management
# Create lifecycle.json
{
"rule": [
{
"action": {"type": "Delete"},
"condition": {"age": 365}
}
]
}
gsutil lifecycle set lifecycle.json gs://my-bucket
gsutil lifecycle get gs://my-bucket
# Versioning
gsutil versioning set on gs://my-bucket
gsutil ls -a gs://my-bucket
gsutil cp gs://my-bucket/file.txt#1234567890 .
# Transfer Service
gcloud transfer jobs create gs://source-bucket gs://dest-bucket
gcloud transfer jobs list
gcloud transfer operations list
Database Services
Cloud SQL
# Instance management
gcloud sql instances list
gcloud sql instances create my-instance --database-version=MYSQL_8_0 --cpu=2 --memory=4GB --root-password=my-password
gcloud sql instances describe my-instance
gcloud sql instances patch my-instance --memory=8GB
gcloud sql instances delete my-instance
# Database management
gcloud sql databases list --instance=my-instance
gcloud sql databases create my-database --instance=my-instance
gcloud sql databases delete my-database --instance=my-instance
# User management
gcloud sql users list --instance=my-instance
gcloud sql users create my-user --instance=my-instance --password=my-password
gcloud sql users set-password my-user --instance=my-instance --password=new-password
# Connect to instances
gcloud sql connect my-instance --user=root
mysql --host=IP --user=root --password
# Backups and exports
gcloud sql backups list --instance=my-instance
gcloud sql backups describe BACKUP_ID --instance=my-instance
gcloud sql export sql my-instance gs://my-bucket/export.sql --database=my-database
gcloud sql import sql my-instance gs://my-bucket/import.sql
# SSL certificates
gcloud sql ssl-certs list --instance=my-instance
gcloud sql ssl-certs create client-cert client-key.pem --instance=my-instance
gcloud sql ssl-certs describe client-cert --instance=my-instance
gcloud sql instances list
gcloud sql instances create my-instance --database-version=MYSQL_8_0 --cpu=2 --memory=4GB --root-password=my-password
gcloud sql instances describe my-instance
gcloud sql instances patch my-instance --memory=8GB
gcloud sql instances delete my-instance
# Database management
gcloud sql databases list --instance=my-instance
gcloud sql databases create my-database --instance=my-instance
gcloud sql databases delete my-database --instance=my-instance
# User management
gcloud sql users list --instance=my-instance
gcloud sql users create my-user --instance=my-instance --password=my-password
gcloud sql users set-password my-user --instance=my-instance --password=new-password
# Connect to instances
gcloud sql connect my-instance --user=root
mysql --host=IP --user=root --password
# Backups and exports
gcloud sql backups list --instance=my-instance
gcloud sql backups describe BACKUP_ID --instance=my-instance
gcloud sql export sql my-instance gs://my-bucket/export.sql --database=my-database
gcloud sql import sql my-instance gs://my-bucket/import.sql
# SSL certificates
gcloud sql ssl-certs list --instance=my-instance
gcloud sql ssl-certs create client-cert client-key.pem --instance=my-instance
gcloud sql ssl-certs describe client-cert --instance=my-instance
Firestore & Bigtable
# Firestore management
gcloud firestore indexes composite list
gcloud firestore import gs://my-bucket/namespace/
gcloud firestore export gs://my-bucket/namespace/
# Firestore database creation (only available via UI or API)
# Use the Firebase console or enable Firestore API
gcloud services enable firestore.googleapis.com
# Bigtable instance management
gcloud bigtable instances list
gcloud bigtable instances create my-bigtable-instance --display-name="My Bigtable" --cluster=my-cluster --cluster-zone=us-central1-a --cluster-num-nodes=3
gcloud bigtable instances update my-bigtable-instance --display-name="New Name"
gcloud bigtable instances delete my-bigtable-instance
# Bigtable cluster management
gcloud bigtable clusters list --instance=my-bigtable-instance
gcloud bigtable clusters update my-cluster --instance=my-bigtable-instance --num-nodes=5
gcloud bigtable clusters delete my-cluster --instance=my-bigtable-instance
# Bigtable tables
cbt -instance=my-bigtable-instance createtable my-table
cbt -instance=my-bigtable-instance ls
cbt -instance=my-bigtable-instance read my-table
cbt -instance=my-bigtable-instance deletetable my-table
# Bigtable column families
cbt -instance=my-bigtable-instance createfamily my-table cf1
cbt -instance=my-bigtable-instance ls my-table
cbt -instance=my-bigtable-instance deletefamily my-table cf1
# Spanner instances
gcloud spanner instances list
gcloud spanner instances create my-spanner-instance --config=regional-us-central1 --description="My Spanner" --nodes=1
gcloud spanner instances update my-spanner-instance --nodes=3
gcloud spanner instances delete my-spanner-instance
gcloud firestore indexes composite list
gcloud firestore import gs://my-bucket/namespace/
gcloud firestore export gs://my-bucket/namespace/
# Firestore database creation (only available via UI or API)
# Use the Firebase console or enable Firestore API
gcloud services enable firestore.googleapis.com
# Bigtable instance management
gcloud bigtable instances list
gcloud bigtable instances create my-bigtable-instance --display-name="My Bigtable" --cluster=my-cluster --cluster-zone=us-central1-a --cluster-num-nodes=3
gcloud bigtable instances update my-bigtable-instance --display-name="New Name"
gcloud bigtable instances delete my-bigtable-instance
# Bigtable cluster management
gcloud bigtable clusters list --instance=my-bigtable-instance
gcloud bigtable clusters update my-cluster --instance=my-bigtable-instance --num-nodes=5
gcloud bigtable clusters delete my-cluster --instance=my-bigtable-instance
# Bigtable tables
cbt -instance=my-bigtable-instance createtable my-table
cbt -instance=my-bigtable-instance ls
cbt -instance=my-bigtable-instance read my-table
cbt -instance=my-bigtable-instance deletetable my-table
# Bigtable column families
cbt -instance=my-bigtable-instance createfamily my-table cf1
cbt -instance=my-bigtable-instance ls my-table
cbt -instance=my-bigtable-instance deletefamily my-table cf1
# Spanner instances
gcloud spanner instances list
gcloud spanner instances create my-spanner-instance --config=regional-us-central1 --description="My Spanner" --nodes=1
gcloud spanner instances update my-spanner-instance --nodes=3
gcloud spanner instances delete my-spanner-instance
Big Data & AI
BigQuery
# Dataset management
bq ls
bq mk my_dataset
bq show my_dataset
bq rm -r -f my_dataset
# Table management
bq mk -t my_dataset.my_table name:STRING,age:INTEGER
bq show my_dataset.my_table
bq cp my_dataset.source_table my_dataset.target_table
bq rm -f my_dataset.my_table
# Query execution
bq query "SELECT COUNT(*) FROM my_dataset.my_table"
bq query --nouse_legacy_sql "SELECT * FROM my_dataset.my_table LIMIT 10"
bq query --destination_table=my_dataset.result_table "SELECT * FROM my_dataset.my_table"
# Data operations
bq load my_dataset.my_table gs://my-bucket/data.csv name:STRING,age:INTEGER
bq extract my_dataset.my_table gs://my-bucket/extract.csv
bq extract --compression GZIP my_dataset.my_table gs://my-bucket/extract*.csv
# View management
bq mk --view="SELECT name, age FROM my_dataset.my_table" my_dataset.my_view
bq update --view="SELECT * FROM my_dataset.my_table WHERE age > 18" my_dataset.my_view
# Job management
bq ls -j
bq show -j job_id
bq cancel job_id
# Monitoring and pricing
bq head -n 10 my_dataset.my_table
bq query --dry_run "SELECT * FROM my_dataset.my_table"
bq --format=prettyjson show --schema my_dataset.my_table
bq ls
bq mk my_dataset
bq show my_dataset
bq rm -r -f my_dataset
# Table management
bq mk -t my_dataset.my_table name:STRING,age:INTEGER
bq show my_dataset.my_table
bq cp my_dataset.source_table my_dataset.target_table
bq rm -f my_dataset.my_table
# Query execution
bq query "SELECT COUNT(*) FROM my_dataset.my_table"
bq query --nouse_legacy_sql "SELECT * FROM my_dataset.my_table LIMIT 10"
bq query --destination_table=my_dataset.result_table "SELECT * FROM my_dataset.my_table"
# Data operations
bq load my_dataset.my_table gs://my-bucket/data.csv name:STRING,age:INTEGER
bq extract my_dataset.my_table gs://my-bucket/extract.csv
bq extract --compression GZIP my_dataset.my_table gs://my-bucket/extract*.csv
# View management
bq mk --view="SELECT name, age FROM my_dataset.my_table" my_dataset.my_view
bq update --view="SELECT * FROM my_dataset.my_table WHERE age > 18" my_dataset.my_view
# Job management
bq ls -j
bq show -j job_id
bq cancel job_id
# Monitoring and pricing
bq head -n 10 my_dataset.my_table
bq query --dry_run "SELECT * FROM my_dataset.my_table"
bq --format=prettyjson show --schema my_dataset.my_table
AI & Machine Learning
# AI Platform
gcloud ai-platform jobs list
gcloud ai-platform jobs describe job_name
gcloud ai-platform jobs stream-logs job_name
# Model deployment
gcloud ai-platform models list
gcloud ai-platform models create model_name --regions=us-central1
gcloud ai-platform versions create version_name --model=model_name --origin=gs://my-bucket/model --runtime-version=2.1 --python-version=3.7
gcloud ai-platform versions delete version_name --model=model_name
gcloud ai-platform models delete model_name
# Prediction
gcloud ai-platform predict --model=model_name --version=version_name --json-instances=instances.json
gcloud ai-platform predict --model=model_name --version=version_name --text-instances=instances.txt
# Cloud Vision API
gcloud ml vision detect-text gs://my-bucket/image.jpg
gcloud ml vision detect-labels gs://my-bucket/image.jpg
gcloud ml vision detect-faces gs://my-bucket/image.jpg
# Cloud Natural Language API
gcloud ml language analyze-entities --content="Google Cloud Platform provides infrastructure services."
gcloud ml language analyze-sentiment --content="I love Google Cloud Platform!"
gcloud ml language analyze-syntax --content="Google Cloud Platform is awesome."
# Cloud Speech-to-Text
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US --enable-automatic-punctuation
# Cloud Text-to-Speech
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3 --voice-name=en-US-Wavenet-D
# Vertex AI
gcloud ai custom-jobs create --region=us-central1 --display-name=my-job --config=config.yaml
gcloud ai datasets create --display-name=my-dataset --metadata-file=schema.json --region=us-central1
gcloud ai models upload --region=us-central1 --display-name=my-model --container-image-uri=us-docker.pkg.dev/cloud-aiplatform/prediction/tf2-cpu.2-1:latest --artifact-uri=gs://my-bucket/model
gcloud ai-platform jobs list
gcloud ai-platform jobs describe job_name
gcloud ai-platform jobs stream-logs job_name
# Model deployment
gcloud ai-platform models list
gcloud ai-platform models create model_name --regions=us-central1
gcloud ai-platform versions create version_name --model=model_name --origin=gs://my-bucket/model --runtime-version=2.1 --python-version=3.7
gcloud ai-platform versions delete version_name --model=model_name
gcloud ai-platform models delete model_name
# Prediction
gcloud ai-platform predict --model=model_name --version=version_name --json-instances=instances.json
gcloud ai-platform predict --model=model_name --version=version_name --text-instances=instances.txt
# Cloud Vision API
gcloud ml vision detect-text gs://my-bucket/image.jpg
gcloud ml vision detect-labels gs://my-bucket/image.jpg
gcloud ml vision detect-faces gs://my-bucket/image.jpg
# Cloud Natural Language API
gcloud ml language analyze-entities --content="Google Cloud Platform provides infrastructure services."
gcloud ml language analyze-sentiment --content="I love Google Cloud Platform!"
gcloud ml language analyze-syntax --content="Google Cloud Platform is awesome."
# Cloud Speech-to-Text
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US --enable-automatic-punctuation
# Cloud Text-to-Speech
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3 --voice-name=en-US-Wavenet-D
# Vertex AI
gcloud ai custom-jobs create --region=us-central1 --display-name=my-job --config=config.yaml
gcloud ai datasets create --display-name=my-dataset --metadata-file=schema.json --region=us-central1
gcloud ai models upload --region=us-central1 --display-name=my-model --container-image-uri=us-docker.pkg.dev/cloud-aiplatform/prediction/tf2-cpu.2-1:latest --artifact-uri=gs://my-bucket/model
Networking & Security
VPC & Networking
# VPC management
gcloud compute networks list
gcloud compute networks create my-vpc --subnet-mode=custom
gcloud compute networks describe my-vpc
gcloud compute networks delete my-vpc
# Subnet management
gcloud compute networks subnets list
gcloud compute networks subnets create my-subnet --network=my-vpc --range=10.0.0.0/24 --region=us-central1
gcloud compute networks subnets update my-subnet --region=us-central1 --enable-private-ip-google-access
gcloud compute networks subnets delete my-subnet --region=us-central1
# Firewall rules
gcloud compute firewall-rules list
gcloud compute firewall-rules create allow-icmp --network=my-vpc --allow=icmp
gcloud compute firewall-rules create allow-ssh --network=my-vpc --allow=tcp:22 --source-ranges=0.0.0.0/0
gcloud compute firewall-rules create allow-internal --network=my-vpc --allow=tcp:0-65535,udp:0-65535,icmp --source-ranges=10.0.0.0/8
gcloud compute firewall-rules delete allow-ssh
# Cloud DNS
gcloud dns managed-zones list
gcloud dns managed-zones create my-zone --dns-name=example.com. --description="My DNS zone"
gcloud dns record-sets list --zone=my-zone
gcloud dns record-sets transaction start --zone=my-zone
gcloud dns record-sets transaction add 1.2.3.4 --name=www.example.com. --type=A --ttl=300 --zone=my-zone
gcloud dns record-sets transaction execute --zone=my-zone
# Cloud Load Balancing
gcloud compute addresses create lb-ip --global
gcloud compute addresses describe lb-ip --global
gcloud compute backend-services create web-backend --protocol=HTTP --port-name=http --global
gcloud compute url-maps create web-map --default-service=web-backend
gcloud compute target-http-proxies create http-lb-proxy --url-map=web-map
gcloud compute forwarding-rules create http-content-rule --address=lb-ip --global --target-http-proxy=http-lb-proxy --ports=80
gcloud compute networks list
gcloud compute networks create my-vpc --subnet-mode=custom
gcloud compute networks describe my-vpc
gcloud compute networks delete my-vpc
# Subnet management
gcloud compute networks subnets list
gcloud compute networks subnets create my-subnet --network=my-vpc --range=10.0.0.0/24 --region=us-central1
gcloud compute networks subnets update my-subnet --region=us-central1 --enable-private-ip-google-access
gcloud compute networks subnets delete my-subnet --region=us-central1
# Firewall rules
gcloud compute firewall-rules list
gcloud compute firewall-rules create allow-icmp --network=my-vpc --allow=icmp
gcloud compute firewall-rules create allow-ssh --network=my-vpc --allow=tcp:22 --source-ranges=0.0.0.0/0
gcloud compute firewall-rules create allow-internal --network=my-vpc --allow=tcp:0-65535,udp:0-65535,icmp --source-ranges=10.0.0.0/8
gcloud compute firewall-rules delete allow-ssh
# Cloud DNS
gcloud dns managed-zones list
gcloud dns managed-zones create my-zone --dns-name=example.com. --description="My DNS zone"
gcloud dns record-sets list --zone=my-zone
gcloud dns record-sets transaction start --zone=my-zone
gcloud dns record-sets transaction add 1.2.3.4 --name=www.example.com. --type=A --ttl=300 --zone=my-zone
gcloud dns record-sets transaction execute --zone=my-zone
# Cloud Load Balancing
gcloud compute addresses create lb-ip --global
gcloud compute addresses describe lb-ip --global
gcloud compute backend-services create web-backend --protocol=HTTP --port-name=http --global
gcloud compute url-maps create web-map --default-service=web-backend
gcloud compute target-http-proxies create http-lb-proxy --url-map=web-map
gcloud compute forwarding-rules create http-content-rule --address=lb-ip --global --target-http-proxy=http-lb-proxy --ports=80
Security & IAM
# IAM management
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud iam service-accounts list
gcloud iam service-accounts create my-sa --display-name="My Service Account"
gcloud iam service-accounts keys create key.json --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts keys list --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts delete my-sa@project-id.iam.gserviceaccount.com
# Policy binding
gcloud projects add-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects add-iam-policy-binding project-id --member=serviceAccount:my-sa@project-id.iam.gserviceaccount.com --role=roles/viewer
gcloud projects remove-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects get-iam-policy project-id
# Cloud KMS
gcloud kms keyrings list --location=global
gcloud kms keyrings create my-keyring --location=global
gcloud kms keys list --keyring=my-keyring --location=global
gcloud kms keys create my-key --keyring=my-keyring --location=global --purpose=encryption
gcloud kms encrypt --plaintext-file=secret.txt --ciphertext-file=secret.enc --key=my-key --keyring=my-keyring --location=global
gcloud kms decrypt --ciphertext-file=secret.enc --plaintext-file=secret.dec --key=my-key --keyring=my-keyring --location=global
# Cloud Security Scanner
gcloud beta security-scanner scans list
gcloud beta security-scanner scans create --scan-name=my-scan --starting-urls=http://example.com
gcloud beta security-scanner scans run --scan-name=my-scan
gcloud beta security-scanner scans list-findings --scan-name=my-scan
# Secret Manager
gcloud secrets list
gcloud secrets create my-secret --replication-policy="automatic"
echo "sensitive-data" | gcloud secrets versions add my-secret --data-file=-
gcloud secrets versions access latest --secret=my-secret
gcloud secrets add-iam-policy-binding my-secret --member=user:user@example.com --role=roles/secretmanager.secretAccessor
gcloud secrets delete my-secret
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud iam service-accounts list
gcloud iam service-accounts create my-sa --display-name="My Service Account"
gcloud iam service-accounts keys create key.json --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts keys list --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts delete my-sa@project-id.iam.gserviceaccount.com
# Policy binding
gcloud projects add-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects add-iam-policy-binding project-id --member=serviceAccount:my-sa@project-id.iam.gserviceaccount.com --role=roles/viewer
gcloud projects remove-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects get-iam-policy project-id
# Cloud KMS
gcloud kms keyrings list --location=global
gcloud kms keyrings create my-keyring --location=global
gcloud kms keys list --keyring=my-keyring --location=global
gcloud kms keys create my-key --keyring=my-keyring --location=global --purpose=encryption
gcloud kms encrypt --plaintext-file=secret.txt --ciphertext-file=secret.enc --key=my-key --keyring=my-keyring --location=global
gcloud kms decrypt --ciphertext-file=secret.enc --plaintext-file=secret.dec --key=my-key --keyring=my-keyring --location=global
# Cloud Security Scanner
gcloud beta security-scanner scans list
gcloud beta security-scanner scans create --scan-name=my-scan --starting-urls=http://example.com
gcloud beta security-scanner scans run --scan-name=my-scan
gcloud beta security-scanner scans list-findings --scan-name=my-scan
# Secret Manager
gcloud secrets list
gcloud secrets create my-secret --replication-policy="automatic"
echo "sensitive-data" | gcloud secrets versions add my-secret --data-file=-
gcloud secrets versions access latest --secret=my-secret
gcloud secrets add-iam-policy-binding my-secret --member=user:user@example.com --role=roles/secretmanager.secretAccessor
gcloud secrets delete my-secret
Operations
Monitoring & Logging
# Cloud Monitoring
gcloud monitoring dashboards list
gcloud monitoring dashboards create --config-from-file=dashboard.json
gcloud monitoring channels list
gcloud monitoring channels create --channel-content=channel.json
# Alert policies
gcloud alpha monitoring policies list
gcloud alpha monitoring policies create --policy-from-file=alert-policy.json
gcloud alpha monitoring policies update policy-id --policy-from-file=alert-policy.json
gcloud alpha monitoring policies delete policy-id
# Uptime checks
gcloud alpha monitoring uptime-check-configs list
gcloud alpha monitoring uptime-check-configs create --display-name="My Uptime Check" --http-check --request-method=GET --path="/health" --period="60s" --timeout="10s" --content-matcher="contains:healthy"
gcloud alpha monitoring uptime-check-configs delete config-id
# Cloud Logging
gcloud logging logs list
gcloud logging read "resource.type=gce_instance" --limit=10
gcloud logging sinks list
gcloud logging sinks create my-sink storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging sinks update my-sink --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging sinks delete my-sink
# Metrics
gcloud logging metrics list
gcloud logging metrics create my-metric --description="My metric" --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging metrics update my-metric --log-filter='resource.type=gce_instance AND severity>=WARNING'
gcloud logging metrics delete my-metric
# Export logs
gcloud logging export storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging copy bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='resource.type=gce_instance'
gcloud monitoring dashboards list
gcloud monitoring dashboards create --config-from-file=dashboard.json
gcloud monitoring channels list
gcloud monitoring channels create --channel-content=channel.json
# Alert policies
gcloud alpha monitoring policies list
gcloud alpha monitoring policies create --policy-from-file=alert-policy.json
gcloud alpha monitoring policies update policy-id --policy-from-file=alert-policy.json
gcloud alpha monitoring policies delete policy-id
# Uptime checks
gcloud alpha monitoring uptime-check-configs list
gcloud alpha monitoring uptime-check-configs create --display-name="My Uptime Check" --http-check --request-method=GET --path="/health" --period="60s" --timeout="10s" --content-matcher="contains:healthy"
gcloud alpha monitoring uptime-check-configs delete config-id
# Cloud Logging
gcloud logging logs list
gcloud logging read "resource.type=gce_instance" --limit=10
gcloud logging sinks list
gcloud logging sinks create my-sink storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging sinks update my-sink --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging sinks delete my-sink
# Metrics
gcloud logging metrics list
gcloud logging metrics create my-metric --description="My metric" --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging metrics update my-metric --log-filter='resource.type=gce_instance AND severity>=WARNING'
gcloud logging metrics delete my-metric
# Export logs
gcloud logging export storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging copy bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='resource.type=gce_instance'
Deployment Manager & Terraform
# Deployment Manager
gcloud deployment-manager deployments list
gcloud deployment-manager deployments create my-deployment --config=config.yaml
gcloud deployment-manager deployments describe my-deployment
gcloud deployment-manager deployments update my-deployment --config=config.yaml
gcloud deployment-manager deployments delete my-deployment
# Deployment Manager templates
# config.yaml
resources:
- name: my-vm
type: compute.v1.instance
properties:
zone: us-central1-a
machineType: zones/us-central1-a/machineTypes/n1-standard-1
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
sourceImage: projects/debian-cloud/global/images/family/debian-10
networkInterfaces:
- network: global/networks/default
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
# Terraform with GCP
# main.tf
provider "google" {
project = "my-project"
region = "us-central1"
zone = "us-central1-a"
}
resource "google_compute_instance" "default" {
name = "terraform-instance"
machine_type = "n1-standard-1"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}
network_interface {
network = "default"
access_config {
}
}
}
# Terraform commands
terraform init
terraform plan
terraform apply
terraform destroy
# Import existing resources
terraform import google_compute_instance.default projects/my-project/zones/us-central1-a/instances/existing-instance
gcloud deployment-manager deployments list
gcloud deployment-manager deployments create my-deployment --config=config.yaml
gcloud deployment-manager deployments describe my-deployment
gcloud deployment-manager deployments update my-deployment --config=config.yaml
gcloud deployment-manager deployments delete my-deployment
# Deployment Manager templates
# config.yaml
resources:
- name: my-vm
type: compute.v1.instance
properties:
zone: us-central1-a
machineType: zones/us-central1-a/machineTypes/n1-standard-1
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
sourceImage: projects/debian-cloud/global/images/family/debian-10
networkInterfaces:
- network: global/networks/default
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
# Terraform with GCP
# main.tf
provider "google" {
project = "my-project"
region = "us-central1"
zone = "us-central1-a"
}
resource "google_compute_instance" "default" {
name = "terraform-instance"
machine_type = "n1-standard-1"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}
network_interface {
network = "default"
access_config {
}
}
}
# Terraform commands
terraform init
terraform plan
terraform apply
terraform destroy
# Import existing resources
terraform import google_compute_instance.default projects/my-project/zones/us-central1-a/instances/existing-instance
Comprehensive Google Cloud Platform Cheatsheet Reference
This Google Cloud Platform cheatsheet on Nikhil Learn Hub collects syntax, commands, and practical snippets for quick revision. Explore Google Cloud services, Compute Engine, storage, networking, and cloud deployment concepts with examples.
Use the reference cards and examples above during coding sessions; return here instead of scattered searches when you need dependable reminders. Follow the Google Cloud learning roadmap when you want structured lessons beyond one-page lookups.
Quick lookup coverage
- Compute Engine and Cloud Storage patterns
- IAM, VPC, and gcloud reminders
- Kubernetes and serverless entry points
How to study with this sheet
- GCP certification study support
- Data and ML service cross-links
- Production troubleshooting shortcuts
Who Should Use This Cheatsheet
Students, self-taught developers, and professionals who need fast Google Cloud Platform lookups during labs, debugging, or interview revision should keep this page bookmarked.
Related Resources on Nikhil Learn Hub
- Google Cloud learning roadmapstructured learning path for the same technology
- Cheatsheets hubbrowse all quick-reference sheets
- Technology hubtutorials, roadmaps, and practice hubs