Use the Google Cloud Platform Console to perform simple storage management tasks for Google Cloud Storage. Some typical uses for the Cloud Platform Console include:
- Enabling the Google Cloud Storage API for a project.
- Creating and deleting buckets.
- Uploading, downloading, and deleting objects.
- Managing Identity and Access Management (IAM) policies.
This page provides an overview of the Cloud Platform Console, including the tasks you can accomplish using the Cloud Platform Console to manage your data. For more advanced tasks, use the gsutil command line tool or any of the client libraries that support Google Cloud Storage.
Access to the Cloud Platform Console
The Cloud Platform Console requires no setup or installation, and you can access it directly in a browser. Depending on your use case, you access Cloud Platform Console in slightly different ways. If you are:
- A user granted access to a project
In order to use Google Cloud Platform Console as a project member, you must be added to the project’s member list. A current project owner can give you access, which applies to all buckets and objects defined in the project. For more information, see Adding a member to a project.
- A user granted access to a bucket
In this use case, a project owner gives you access to an individual bucket within a larger project. The owner then sends you the bucket name which you substitute into the URL above. You are able to only work with objects in the specified bucket. This is useful for users who are not project members, but who need to access a bucket. When you access the URL, you are prompted to authenticate with a Google account if you are not already signed in. Note that the trailing slash (/) in the URL must be used.
A variation of this use case is when a project owner grants All Users permission to read objects in a bucket. This creates a bucket whose contents are publicly readable. For more information, see Setting permissions and metadata below.
- A user granted access to an object
In this use case, a project owner gives you access to single objects within a bucket and sends you the URL to access the objects. When you access the URLs, you are prompted to authenticate with a Google account if you are not already signed in.
Note that the form of the URL above (
storage.cloud.google.com) is slightly different from the URL for objects that are shared publicly. When you share a link publicly, the URL is of the form:
https://storage.googleapis.com/[BUCKET_NAME]/[OBJECT_NAME]. This public URL does not require a recipient to authenticate with Google and can be used for non-authenticated access to an object.
Tasks you can perform with the Google Cloud Platform Console
The Cloud Platform Console enables you to perform basic storage management tasks with your data using a browser. To use the Cloud Platform Console, you must authenticate with Google and have appropriate permission to complete a given task. If you are the account owner who created the project, it is likely you already have all the permission you need to complete the tasks below. Otherwise, you can be added as a project member (Adding a member to a project) or be given permission to perform actions on a bucket (Setting bucket permissions).
Creating a bucket
Google Cloud Storage uses a flat namespace to store your data but you can use the Cloud Platform Console to create folders and mimic a folder hierarchy. Your data isn't physically stored in a hierarchical structure, but is displayed like that in the Cloud Platform Console.
Because Cloud Storage has no notion of folders, the folder suffix and object name delimiters are visible when you view your folders using gsutil or any other command-line tools that may work with Cloud Storage.
See Creating Storage Buckets for a step-by-step guide to creating buckets using the Cloud Platform Console.
Uploading data to a bucket
You can upload data to your bucket by uploading one or more files or a folder containing files. When you upload a folder, the Google Cloud Platform Console maintains the same hierarchical structure of the folder, including all of the files and folders it contains. You can track the progress of uploads to the Cloud Platform Console using the upload progress window. You can minimize the progress window and continue working with your bucket.
See Uploading Objects for a step-by-step guide to uploading objects to your buckets using the Cloud Platform Console.
You can also upload objects to the Cloud Platform Console by dragging and dropping files and folders from your desktop or file manager tool to a bucket or sub-folder in Cloud Platform Console.
Downloading data from a bucket
See Downloading Objects for a step-by-step guide to downloading objects from your buckets using the Cloud Platform Console.
You can also display an object in your browser by clicking it. If the object cannot be displayed, your browser will download the object instead (or prompt you to download it).
Creating and using folders
Because the Google Cloud Storage system has no notion of folders, folders created in the Cloud Platform Console are a convenience to help you organize objects in a bucket. As a visual aid, the Cloud Platform Console shows folders with a folder icon image to help you distinguish folders from objects.
From within a bucket (or a folder in a bucket) you can create a new folder by clicking the Create Folder button. Unlike buckets, folders don't have to be globally unique. That is, while a bucket name can only be used if there are no buckets already in existence with that name, folder names can be used repeatedly so long as they don't reside in the same bucket or sub-folder.
Objects added to a folder appear to reside within the folder in the
Cloud Platform Console. In reality, all objects exist at the bucket level, and
simply include the directory structure in their name. For example, if you
create a folder named
pets and add a file
cat.jpeg to that folder, the
Cloud Platform Console makes the file appear to exist in the folder. In reality,
there is no separate folder entity: the file simply exists in the bucket
and has the name
When navigating folders in the Cloud Platform Console, you can access higher levels of the directory by clicking the desired folder or bucket name in the breadcrumb trail above the file lists.
Working with folders in gsutil
When you use other tools to work with your buckets and data, the presentation of folders may be different than as presented in the Cloud Platform Console. For example, to see how gsutil interprets folders, see How Subdirectories Work.
Deleting objects, folders, and buckets
You can delete any folder or object in the Google Cloud Platform Console by selecting the checkbox next to it and clicking the delete button. When you delete a folder, you also delete all objects inside it. Note that even objects marked as SHARED PUBLICLY are deleted without a prompt from Cloud Storage to confirm your choice.
See Deleting Objects for a step-by-step guide to removing objects from your buckets using the Cloud Platform Console.
In order to delete a bucket, you do not need to delete all folders and objects within that bucket. When you delete a bucket with objects in it, the Cloud Platform Console shows a dialog warning you that the bucket content will be deleted. You can continue or cancel the delete.
See Deleting Buckets for a step-by-step guide to deleting buckets from your project using the Cloud Platform Console.
Sharing your data publicly
See Making Data Public for a step-by-step guide to sharing your objects with others by making them publicly accessible. You can make either the indiviual objects or the entire contents of a bucket publicly accessible.
When you share an object publicly, a shareable link appears in the Shared Publicly
column. The shareable link references your objects using the
domain, which is different than the domain used in the Cloud Platform Console to
navigate in a bucket. For example, for a bucket named
example-bucket and an
image1.JPG, the public link to share the object is
http://storage.googleapis.com/example-bucket/image1.JPG. For an example
of accessing a publicly shared object, see Accessing Public Data.
To stop sharing an object publicly:
You can stop publicly sharing an individual object in two ways: by deselecting the checkbox in the SHARED PUBLICLY column or by editing the object permissions. When using the latter approach, remove the permission entry for anonymous users, which is the entry with allUsers in the Name column.
You can stop publicly sharing the content of entire buckets by removing bucket-level IAM access to allUsers.
Setting bucket permissions
You can control access to a Google Cloud Storage bucket by
using Identity and Access Management (IAM) permissions. For example,
you can set a bucket's permissions to allow an entity such as a user or group
to view or create objects in your bucket. You might do this in cases when
it isn't appropriate to add a user as a project team member. The entity
specified in the IAM permission must authenticate by signing in to Google
when accessing the bucket. Share the bucket URL with the user(s) as
Making a bucket readable to
allAuthenticatedUsers does not make all its
objects publicly accessible. To make objects publicly accessible, which does
not require authentication with Google, share each object publicly as shown
in Making Data Public.
Setting object permissions and metadata
You can easily and uniformly control access to objects in a bucket by using Identity and Access Management (IAM) permissions in the Cloud Platform Console. If you want to customize access for individual objects within a bucket, use Signed URLs or Access Control Lists (ACLs) instead.
See Using IAM Permissions for step-by-step guides to viewing and editing IAM permissions.
To view or change permissions for individual objects, see Changing ACLs.
You can also configure an object's metadata in the Cloud Platform Console. An object's metadata controls aspects of how requests are handled, including what type of content your data represents and how your data is encoded. You can only set metadata on one object at a time using the Cloud Platform Console. You can use gsutil setmeta to set metadata on multiple objects at once.
See Viewing and Editing Object Metadata for a step-by-step guide to viewing and editing an object's metadata.
Filtering objects to view
In the Cloud Platform Console, you can filter the objects you see by specifying a prefix in the Filter by prefix... text box located above the list of objects. This filter displays objects beginning with the specified prefix. The prefix only filters objects in your current bucket view: it does not select objects contained in folders.
Giving users project-level roles
When you create a project, you are given the Owner IAM role. Other entities, such as collaborators, must be given their own roles in order to work with your project's buckets and objects.
Once you have been given a role for the project, the project name appears in your list of projects. If you are an existing project owner, you can add a member to your project. See Using IAM with projects for step-by-step guides to adding and removing access at the project level.