This page provides an overview of Cloud Storage and how it works.
Cloud Storage is a service for storing your objects in Google Cloud. An object is an immutable piece of data consisting of a file of any format. You store objects in containers called buckets. All buckets are associated with a project, and you can group your projects under an organization. Each project, bucket, and object in Google Cloud is a resource in Google Cloud, as are things such as Compute Engine instances.
After you create a project, you can create Cloud Storage buckets, upload objects to your buckets, and download objects from your buckets. You can also grant permissions to make your data accessible to principals you specify, or - for certain use cases such as hosting a website - accessible to everyone on the public internet.
The Google Cloud hierarchy
The Cloud Storage structure looks like this:
Here's how the Cloud Storage structure can apply to a real-world case:
Organization: Your company, called Example Inc., creates a Google Cloud organization called
exampleinc.org
.Project: Example Inc. is building several applications, and each one is associated with a project. Each project has its own set of Cloud Storage APIs, as well as other resources.
Bucket: Each project can contain multiple buckets, which are containers to store your objects. For example, you might create a
photos
bucket for all the image files your app generates and a separatevideos
bucket.Object: An individual file, such as an image called
puppy.png
.
Basic tools for Cloud Storage
Here are some basic ways you can interact with Cloud Storage:
Console: The Google Cloud console provides a visual interface for you to manage your data in a browser.
Google Cloud CLI: The gcloud CLI allows you to interact with Cloud Storage through a terminal using
gcloud storage
commands.Client libraries: The Cloud Storage client libraries allow you to manage your data using one of your preferred languages, including C++, C#, Go, Java, Node.js, PHP, Python, and Ruby.
Terraform: Terraform is an infrastructure-as-code (IaC) tool that you can use to provision the infrastructure for Cloud Storage.
Securing your data
Once you upload your objects to Cloud Storage, you have fine-grained control over how you secure and share your data. Here are some ways to secure the data you upload to Cloud Storage:
Identity and Access Management: Use IAM to control who has access to the resources in your Google Cloud project. Resources include Cloud Storage buckets and objects, as well as other Google Cloud entities such as Compute Engine instances. You can grant principals certain types of access to buckets and objects, such as
update
,create
, ordelete
.Data encryption: Cloud Storage uses server-side encryption to encrypt your data by default. You can also use supplemental data encryption options such as customer-managed encryption keys and customer-supplied encryption keys.
Authentication: Ensure that anyone who accesses your data has proper credentials.
Bucket Lock: Govern how long objects in buckets must be retained by specifying a retention policy.
Object Versioning: When a live version of an object is replaced or deleted, it can be retained as a noncurrent version if you enable Object Versioning.
Use cases for Cloud Storage
You can get started with Hosting a static website to learn how to upload and share your site's files through a Cloud Storage bucket. To learn how to use Cloud Storage with other Google Cloud services, covering a variety of topics including Big Data, web development, machine learning, and containers, see Google Cloud tutorials using Cloud Storage.
Resource names
Each resource has a unique name that identifies it, much like a filename.
Buckets have a resource name in the form of
projects/_/buckets/BUCKET_NAME
, where
BUCKET_NAME
is the ID of the bucket. Objects have a
resource name in the form of
projects/_/buckets/BUCKET_NAME/objects/OBJECT_NAME
,
where OBJECT_NAME
is the ID of the object.
A #NUMBER
appended to the end of the resource name
indicates a specific generation of the object. #0
is a special identifier for
the most recent version of an object. #0
is useful to add when the name of
the object ends in a string that would otherwise be interpreted as a generation
number.
Quickstart guides
To learn the fundamentals of using Cloud Storage, visit the following guides:
- Google Cloud console quickstart: The Google Cloud console provides a browser interface for interacting with Cloud Storage.
- gcloud quickstart: gcloud is a command-line tool for interacting with Google Cloud, including Cloud Storage.
- gsutil quickstart: gsutil is a legacy command-line tool for interacting specifically with Cloud Storage.
Looking for other products?
If Cloud Storage is not the right storage solution for you, see more information about the following storage services:
- Google Drive: Store, manage, and share your personal files.
- Cloud Storage for Firebase: Manage data for your mobile applications.
- Persistent Disk: Add block storage to your Compute Engine virtual machine.
- Storage Transfer Service: Quickly import online data into Cloud Storage or between Cloud Storage buckets.
- Filestore: Create a file-based workload.
What's next
- Learn the fundamentals of Cloud Storage through the Google Cloud console or Google Cloud CLI.
- Explore Google Cloud tutorials using Cloud Storage.
- Get started with client libraries.