Go 1.11 has reached end of support
and will be
deprecated
on January 31, 2026. After deprecation, you won't be able to deploy Go 1.11
applications, even if your organization previously used an organization policy to
re-enable deployments of legacy runtimes. Your existing Go
1.11 applications will continue to run and receive traffic after their
deprecation date. We
recommend that you
migrate to the latest supported version of Go.
Understanding Google Cloud Storage Features
Stay organized with collections
Save and categorize content based on your preferences.
Buckets, objects, and ACLs
A bucket is the storage location you read files from and write files to. You
must always specify a bucket when using the App Engine client library for
Cloud Storage. Your project can access multiple buckets. Note that the client
library doesn't support
bucket creation.
Access control lists (ACLs) control access to the buckets and to the objects
contained in them. Your project and your App Engine app are automatically added
to the ACL that permits bucket access when you create a bucket in your project.
Note that the ACL that permits bucket access is distinct from the potentially
many ACLs governing the objects in that bucket. Thus, your app has read and
write privileges to the bucket(s) it is activated for, but it only has full
rights to the objects it creates in the bucket. Your app's access to objects
created by other apps or persons is limited to the rights given to your app by
the objects' creator.
If an object is created in the bucket without an ACL explicitly defined for it,
it uses the default object ACL assigned to the bucket by the bucket owner. If
the bucket owner has not specified a default object ACL, the object default is
public-read, which means that anyone allowed bucket access can read the object.
ACLs and the client library
An app using the client library can change the bucket ACL and can also specify
an ACL that controls access to the objects it creates.
The available ACL settings are described under documentation for the
storage API.
Modifying Cloud Storage objects
Once you create an object in a bucket, you cannot modify or append to it. Instead,
you must overwrite the object with a new object of the same name that contains
your desired changes.
Cloud Storage and subdirectories
The App Engine client library for Cloud Storage lets you supply subdirectory
delimiters when you create an object, but there are no true subdirectories in
Cloud Storage. Instead, a subdirectory in Cloud Storage is a part of the object
filename.
For example, you might assume that creating an object
somewhere/over/the/rainbow.mp3 would store the file rainbow.mp3 in the
subdirectory somewhere/over/the/. Instead, the object name is set to
somewhere/over/the/rainbow.mp3.
What's next
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-04 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis API supports first-generation runtimes and can be used when upgrading to corresponding second-generation runtimes, with a migration guide available for App Engine Go 1.12+ runtime updates.\u003c/p\u003e\n"],["\u003cp\u003eA bucket serves as the storage location for reading and writing files, and it must be specified when using the App Engine client library, although the library does not support bucket creation.\u003c/p\u003e\n"],["\u003cp\u003eAccess control lists (ACLs) manage access to buckets and their contents, automatically granting your project and App Engine app bucket access, but object access depends on the creator's permissions.\u003c/p\u003e\n"],["\u003cp\u003eWhile the client library allows for subdirectory delimiters in object creation, Cloud Storage does not have true subdirectories; they are simply part of the object's filename.\u003c/p\u003e\n"],["\u003cp\u003eOnce an object is created in Cloud Storage it cannot be directly modified, and instead must be overwritten with a new object containing the desired changes.\u003c/p\u003e\n"]]],[],null,["# Understanding Google Cloud Storage Features\n\n| This API is supported for first-generation runtimes and can be used when [upgrading to corresponding second-generation runtimes](/appengine/docs/standard/\n| go\n| /services/access). If you are updating to the App Engine Go 1.12+ runtime, refer to the [migration guide](/appengine/migration-center/standard/migrate-to-second-gen/go-differences) to learn about your migration options for legacy bundled services.\n\nBuckets, objects, and ACLs\n--------------------------\n\nA bucket is the storage location you read files from and write files to. You\nmust always specify a bucket when using the App Engine client library for\nCloud Storage. Your project can access multiple buckets. Note that the client\nlibrary doesn't support\n[bucket creation](/appengine/docs/legacy/standard/go111/googlecloudstorageclient/setting-up-cloud-storage#activating_a_cloud_storage_bucket).\n\nAccess control lists (ACLs) control access to the buckets and to the objects\ncontained in them. Your project and your App Engine app are automatically added\nto the ACL that permits bucket access when you create a bucket in your project.\n\nNote that the ACL that permits bucket access is distinct from the potentially\nmany ACLs governing the objects in that bucket. Thus, your app has read and\nwrite privileges to the bucket(s) it is activated for, but it only has full\nrights to the objects it creates in the bucket. Your app's access to objects\ncreated by other apps or persons is limited to the rights given to your app by\nthe objects' creator.\n\nIf an object is created in the bucket without an ACL explicitly defined for it,\nit uses the default object ACL assigned to the bucket by the bucket owner. If\nthe bucket owner has not specified a default object ACL, the object default is\n`public-read`, which means that anyone allowed bucket access can read the object.\n\nACLs and the client library\n---------------------------\n\nAn app using the client library can change the bucket ACL and can also specify an ACL that controls access to the objects it creates. The available ACL settings are described under documentation for the [storage API](/go/docs/reference/cloud.google.com/go/storage/latest#functions).\n\nModifying Cloud Storage objects\n-------------------------------\n\nOnce you create an object in a bucket, you cannot modify or append to it. Instead,\nyou must overwrite the object with a new object of the same name that contains\nyour desired changes.\n\nCloud Storage and subdirectories\n--------------------------------\n\nThe App Engine client library for Cloud Storage lets you supply subdirectory\ndelimiters when you create an object, but there are no true subdirectories in\nCloud Storage. Instead, a subdirectory in Cloud Storage is a part of the object\nfilename.\n\nFor example, you might assume that creating an object\n`somewhere/over/the/rainbow.mp3` would store the file `rainbow.mp3` in the\nsubdirectory `somewhere/over/the/`. Instead, the object name is set to\n`somewhere/over/the/rainbow.mp3`.\n\nWhat's next\n-----------\n\n- Visit the [API Reference documentation](https://godoc.org/cloud.google.com/go/storage).\n- Learn how to [set up Cloud Storage](/appengine/docs/legacy/standard/go111/googlecloudstorageclient/setting-up-cloud-storage)."]]
