gcloud cheat sheet
A roster of go-to
gcloud commands for the
Google Cloud’s primary command-line tool.
Get going with the
gcloud command-line tool.
gcloud init: Initialize, authorize, and configure the
gcloud version: Display version and installed components.
gcloud components install: Install specific components.
gcloud components update: Update your Cloud SDK to the latest version.
gcloud config set project: Set a default Google Cloud project to work on.
gcloud info: Display current
gcloudtool environment details.
Cloud SDK is happy to help.
gcloud help: Search the
gcloudtool reference documents for specific terms.
gcloud feedback: Provide feedback for the Cloud SDK team.
gcloud topic: Supplementary help material for non-command topics like accessibility, filtering, and formatting.
Make the Cloud SDK your own; personalize your configuration with properties.
gcloud config set: Define a property (like compute/zone) for the current configuration.
gcloud config get-value: Fetch value of a Cloud SDK property.
gcloud config list: Display all the properties for the current configuration.
gcloud config configurations create: Create a new named configuration.
gcloud config configurations list: Display a list of all available configurations.
gcloud config configurations activate: Switch to an existing named configuration.
Grant and revoke authorization to Cloud SDK
gcloud auth login: Authorize Google Cloud access for the
gcloudtool with Google user credentials and set current account as active.
gcloud auth activate-service-account: Like
gcloud auth loginbut with service account credentials.
gcloud auth list: List all credentialed accounts.
gcloud auth print-access-token: Display the current account's access token.
gcloud auth revoke: Remove access credentials for an account.
Manage project access policies
gcloud projects describe: Display metadata for a project (including its ID).
gcloud projects add-iam-policy-binding: Add an IAM policy binding to a specified project.
Identity & Access Management
Configuring Cloud Identity & Access Management (IAM) preferences and service accounts
gcloud iam list-grantable-roles: List IAM grantable roles for a resource.
gcloud iam roles create: Create a custom role for a project or org.
gcloud iam service-accounts create: Create a service account for a project.
gcloud iam service-accounts add-iam-policy-binding: Add an IAM policy binding to a service account.
gcloud iam service-accounts set-iam-policy-binding: Replace existing IAM policy binding.
gcloud iam service-accounts keys list: List a service account's keys.
Docker & Google Kubernetes Engine (GKE)
Manage containerized applications on Kubernetes
gcloud auth configure-docker: Register the
gcloudtool as a Docker credential helper.
gcloud container clusters create: Create a cluster to run GKE containers.
gcloud container clusters list: List clusters for running GKE containers.
gcloud container clusters get-credentials: Update
kubectlto use a GKE cluster.
gcloud container images list-tags: List tag and digest metadata for a container image.
Virtual Machines & Compute Engine
Create, run, and manage VMs on Google infrastructure
gcloud compute zones list: List Compute Engine zones.
gcloud compute instances describe: Display a VM instance's details.
gcloud compute instances list: List all VM instances in a project.
gcloud compute disks snapshot: Create snapshot of persistent disks.
gcloud compute snapshots describe: Display a snapshot's details.
gcloud compute snapshots delete: Delete a snapshot.
gcloud compute ssh: Connect to a VM instance by using SSH.
Serverless & App Engine
Build highly scalable applications on a fully managed serverless platform
gcloud app deploy: Deploy your app's code and configuration to the App Engine server.
gcloud app versions list: List all versions of all services deployed to the App Engine server.
gcloud app browse: Open the current app in a web browser.
gcloud app create: Create an App Engine app within your current project.
gcloud app logs read: Display the latest App Engine app logs.
Commands that might come in handy
gcloud kms decrypt: Decrypt ciphertext (to a plaintext file) using a Cloud Key Management Service (Cloud KMS) key.
gcloud logging logs list: List your project's logs.
gcloud sql backups describe: Display info about a Cloud SQL instance backup.
gcloud sql export sql: Export data from a Cloud SQL instance to a SQL file.
A quick primer for getting started with the gcloud command-line tool.
Installing the Cloud SDK
Install the Cloud SDK with these installation instructions.
Flags, arguments, and other wondrous additions
Arguments can be Positional args or Flags
- Positional args: Set after command name; must respect order of positional args.
Flags: Set after positional args; order of flags doesn’t matter.
A flag can be either a:
- Name-value pair (
- Boolean (
Additionally, flags can either be:
- Optional: in which case, the default value is used, if the flag is not defined
- Name-value pair (
Some flags are available throughout the gcloud command-line tool experience, like:
--help: For when in doubt; display detailed help for a command.
--project: If using a project other than the current one.
--quiet: Disabling interactive prompting (and applying default values for inputs).
--verbosity: Can set verbosity levels at
--format: Set output format as
Cleaning up results
For Compute Engine instances with prefix
us and not machine type
gcloud compute instances list --filter="zone ~ ^us AND -machineType:f1-micro"
For a list of projects created on or after 15 January 2018, sorted from oldest to newest, presented as a table with project number, project id and creation time columns with dates and times in local timezone:
gcloud projects list --format="table(projectNumber,projectId,createTime.date(tz=LOCAL))" --filter="createTime>=2018-01-15T12:00:00" --sort-by=createTime
For a list of ten Compute Engine instances with a label
my-label (of any value):
gcloud compute instances list --filter="labels.my-label:*" --limit=10
The underlying patterns for
gcloud commands; to aid self-discovery of
Finding gcloud commands
The gcloud command-line tool is a tree; non-leaf nodes are command groups and leaf nodes are commands. (Also, tab completion works for commands and resources!)
Most gcloud commands follow the following format:
gcloud + release level (optional) + component + entity + operation + positional args + flags
gcloud + compute + instances + create + example-instance-1 + --zone=us-central1-a
Release Level refers to the command’s release status.
alpha for alpha commands,
beta for beta commands, no release level needed for GA commands.
Component refers to the different Google Cloud services.
compute for Compute Engine,
app for App Engine, etc.
Entity refers to the plural form of an element or collection of elements under a component.
zones for compute
Operation refers to the imperative verb form of the operation to be performed on the entity.
Example: Common operations are
Positional args refer to the required, order-specific arguments needed to execute the command.
<INSTANCE_NAMES> is the required positional argument for
gcloud compute instances create.
Flags refer to the additional arguments,
--flag-name(=value), passed in to
the command after positional args.
--preemptible are optional
gcloud compute instances create.