This page provides an overview of Cloud Storage and how it works.
Cloud Storage is a service for storing your objects inGoogle Cloud. An object is an immutable piece of data consisting of a file ofany format. You store objects in containers called buckets. Buckets canalso contain managed folders, which you use to provide expanded accessto groups of objects with a shared name prefix.
All buckets are associated with a project, and you can group yourprojects under an organization. Each project, bucket, managed folder,and object in Google Cloud is a resource in Google Cloud, as are things suchas Compute Engine instances.
After you create a project, you can create Cloud Storage buckets,upload objects to your buckets, and download objects from yourbuckets. You can also grant permissions to make your data accessible toprincipals you specify or accessible to everyone on the public internet.
The Google Cloud hierarchy
Here's how the Cloud Storage structure can apply to a real-world case:
Organization: Your company, called Example Inc., creates a Google Cloudorganization called
exampleinc.org
.Project: Example Inc. is building several applications, and each one isassociated with a project. Each project has its own set ofCloud Storage APIs, as well as other resources.
Bucket: Each project can contain multiple buckets, which are containers tostore your objects. For example, you might create a
photos
bucket for all theimage files your app generates and a separatevideos
bucket.Object: Each bucket can contain essentially unlimited individual objects,such as an image called
puppy.png
.Managed folder: Each bucket can also contain multiple managed folders,which grant additional access beyond the access granted to the overall bucket.This additional access applies to objects that have a prefix matching themanaged folder name. For example, you might create an
animals/
managed folder,which gives designated users additional access to objects such asanimals/puppy.png
andanimals/kitten.png
.
Here are some basic ways you can interact with Cloud Storage:
Console: The Google Cloud console provides a visual interface foryou to manage your data in a browser.
Google Cloud CLI: The gcloud CLI allows you to interactwith Cloud Storage through a terminal usinggcloud storage commands.
Client libraries: The Cloud Storage client libraries allowyou to manage your data using one of your preferred languages, including C++,C#, Go, Java, Node.js, PHP, Python, and Ruby.
REST APIs: Manage your data using the JSON or XML API.
Terraform: Terraform is an infrastructure-as-code (IaC)tool that you can use to provision the infrastructure forCloud Storage.
Cloud Storage FUSE: Cloud Storage FUSE lets you mount Cloud Storagebuckets to your local file system. This enables your applications to read froma bucket or write to a bucket by using standard file system semantics.
Securing your data
Once you upload your objects to Cloud Storage, you have fine-grainedcontrol over how you secure and share your data. Here are some ways to securethe data you upload to Cloud Storage:
Identity and Access Management: Use IAM to control who has access to theresources in your Google Cloud project. Resources include Cloud Storagebuckets and objects, as well as other Google Cloud entities such asCompute Engine instances. You can grant principals certain types of accessto buckets and objects, such as
update
,create
, ordelete
.Data encryption: Cloud Storage uses server-side encryption toencrypt your data by default. You can also use supplemental dataencryption options such as customer-managed encryption keys andcustomer-supplied encryption keys.
Authentication: Ensure that anyone who accesses your data has propercredentials.
Bucket Lock: Govern how long objects in buckets must be retained byspecifying a retention policy.
Soft delete: Prevent permanent loss of data againstaccidental or malicious deletion by retaining recently deleted objects. Bydefault, Cloud Storage enables soft deletefor all buckets with a seven day retention period.
Object Versioning: When a live version of an object is replaced ordeleted, it can be retained as a noncurrent version if youenable Object Versioning.
Resource names
Each resource has a unique name that identifies it, much like a filename.Buckets have a resource name in the form ofprojects/_/buckets/BUCKET_NAME
, whereBUCKET_NAME
is the ID of the bucket. Objects have aresource name in the form ofprojects/_/buckets/BUCKET_NAME/objects/OBJECT_NAME
,where OBJECT_NAME
is the ID of the object.
A #NUMBER
appended to the end of the resource nameindicates a specific generation of the object. #0
is a special identifier forthe most recent version of an object. #0
is useful to add when the name ofthe object ends in a string that would otherwise be interpreted as a generationnumber.
Quickstart guides
To learn the fundamentals of using Cloud Storage, visit the followingguides:
- Google Cloud console quickstart
- gcloud quickstart
- Terraform quickstart
Looking for other products?
If Cloud Storage is not the right storage solution for you, see moreinformation about the following storage services:
- Google Drive: Store, manage, and share your personal files.
- Cloud Storage for Firebase: Manage data for yourmobile applications.
- Persistent Disk: Add block storage to yourCompute Engine virtual machine.
- Filestore: Add file storage for multiwriter access to yourGKE clusters.
What's next
- Learn the fundamentals of Cloud Storage through theGoogle Cloud console or Google Cloud CLI.
- Explore Google Cloud tutorials using Cloud Storage.
- Get started with client libraries.
- Quickly import online data into Cloud Storage or betweenCloud Storage buckets using Storage Transfer Service.