Mar 14, 2026

Google Cloud (gcloud) CLI Cheat Sheet — Commands You'll Actually Use

Click any command to expand the explanation and examples.

🔧 Setup & Config

gcloud init / auth setup

# Initial setup (interactive) gcloud init

gcloud auth login gcloud auth application-default login # For local dev with client libraries

Check current config

gcloud config list

Set project

gcloud config set project my-project-id

Set region/zone

gcloud config set compute/region europe-west1 gcloud config set compute/zone europe-west1-b

Switch between configurations

gcloud config configurations create staging gcloud config configurations activate staging gcloud config configurations list

gcloud info / projects setup

# Current project and account gcloud config get-value project gcloud config get-value account

List projects

gcloud projects list

Describe a project

gcloud projects describe my-project-id

Set project for single command

gcloud compute instances list —project other-project

🖥️ Compute Engine — VMs

gcloud compute instances compute

# List instances gcloud compute instances list

Create instance

gcloud compute instances create my-vm
—machine-type=e2-medium
—zone=europe-west1-b
—image-family=debian-12
—image-project=debian-cloud

SSH into instance

gcloud compute ssh my-vm —zone=europe-west1-b

Start / stop / delete

gcloud compute instances start my-vm —zone=europe-west1-b gcloud compute instances stop my-vm —zone=europe-west1-b gcloud compute instances delete my-vm —zone=europe-west1-b

Describe (get details)

gcloud compute instances describe my-vm —zone=europe-west1-b

Firewall rules compute

# List rules gcloud compute firewall-rules list

Allow HTTP

gcloud compute firewall-rules create allow-http
—allow=tcp:80
—target-tags=http-server

Allow SSH from specific IP

gcloud compute firewall-rules create allow-ssh
—allow=tcp:22
—source-ranges=1.2.3.4/32

Delete rule

gcloud compute firewall-rules delete allow-http

📦 Cloud Storage

gcloud storage / gsutil storage

# List buckets gcloud storage ls

List objects

gcloud storage ls gs://my-bucket/ gcloud storage ls gs://my-bucket/** —recursive

Copy files

gcloud storage cp file.txt gs://my-bucket/ gcloud storage cp gs://my-bucket/file.txt ./ gcloud storage cp -r ./dist gs://my-bucket/

Sync (like rsync)

gcloud storage rsync ./dist gs://my-bucket/ —delete-unmatched-destination-objects

Create bucket

gcloud storage buckets create gs://my-new-bucket —location=europe-west1

Delete

gcloud storage rm gs://my-bucket/file.txt gcloud storage rm gs://my-bucket/** —recursive

Make public

gcloud storage objects update gs://my-bucket/file.txt —add-acl-grant=entity=allUsers,role=READER

🚀 Cloud Run — Serverless Containers

gcloud run run

# Deploy from source (builds automatically) gcloud run deploy my-service --source . --region=europe-west1

Deploy from container image

gcloud run deploy my-service —image=gcr.io/my-project/my-app —region=europe-west1

List services

gcloud run services list

Get URL

gcloud run services describe my-service —region=europe-west1 —format=‘value(status.url)‘

Set environment variables

gcloud run services update my-service —set-env-vars=“KEY=value,DB=prod” —region=europe-west1

View logs

gcloud run services logs read my-service —region=europe-west1

Allow unauthenticated access

gcloud run services add-iam-policy-binding my-service
—member=“allUsers” —role=“roles/run.invoker” —region=europe-west1

Delete

gcloud run services delete my-service —region=europe-west1

👤 IAM

gcloud iam iam

# List service accounts gcloud iam service-accounts list

Create service account

gcloud iam service-accounts create deploy-bot —display-name=“Deploy Bot”

Create key for service account

gcloud iam service-accounts keys create key.json —iam-account=deploy-bot@my-project.iam.gserviceaccount.com

Grant role to user

gcloud projects add-iam-policy-binding my-project
—member=“user:alice@example.com”
—role=“roles/editor”

Grant role to service account

gcloud projects add-iam-policy-binding my-project
—member=“serviceAccount:deploy-bot@my-project.iam.gserviceaccount.com”
—role=“roles/storage.admin”

View IAM policy

gcloud projects get-iam-policy my-project

📊 Logging

gcloud logging logs

# Read recent logs
gcloud logging read "resource.type=cloud_run_revision" --limit=50
Filter by severity
gcloud logging read “severity>=ERROR” —limit=20
Filter by time
gcloud logging read “timestamp>=“2026-03-14T00:00:00Z"" —limit=50
Stream logs (live tail)
gcloud logging tail “resource.type=cloud_run_revision”
Logs for specific service
gcloud logging read “resource.type=cloud_run_revision AND resource.labels.service_name=my-service” —limit=20

Google Cloud (gcloud) CLI Cheat Sheet — Commands You'll Actually Use

🔧 Setup & Config

Login

Check current config

Set project

Set region/zone

Switch between configurations

List projects

Describe a project

Set project for single command

🖥️ Compute Engine — VMs

Create instance

SSH into instance

Start / stop / delete

Describe (get details)

Allow HTTP

Allow SSH from specific IP

Delete rule

📦 Cloud Storage

List objects

Copy files

Sync (like rsync)

Create bucket

Delete

Make public

🚀 Cloud Run — Serverless Containers

Deploy from container image

List services

Get URL

Set environment variables

View logs

Allow unauthenticated access

Delete

👤 IAM

Create service account

Create key for service account

Grant role to user

Grant role to service account

View IAM policy

📊 Logging

Filter by severity

Filter by time

Stream logs (live tail)

Logs for specific service

You might also like

AWS CLI Cheat Sheet — Every Command You'll Actually Use

Azure CLI Cheat Sheet — Commands You'll Actually Use

Terraform Cheat Sheet — Commands, Syntax, and Common Patterns

Ansible Cheat Sheet — Playbooks, Modules, and Common Tasks