GCP Cloud Storage

Cloud Storage is GCP's object storage service. It stores any kind of file — images, videos, backups, CSV files, HTML pages — and makes them accessible from anywhere over the internet. Unlike a traditional file system with folders and paths, Cloud Storage stores data as objects inside containers called buckets.

Think of Cloud Storage as a massive, infinitely large USB drive hosted by Google. Drop any file in, get a web address for it, and access it from anywhere — anytime.

Core Concepts

Bucket

A bucket is the top-level container for storing objects in Cloud Storage. Every bucket has a globally unique name across all of GCP. Buckets are associated with a specific region or multi-region for data residency and performance.

Object

An object is any file stored inside a bucket. An object consists of the file data itself and metadata (name, size, content type, timestamps). The object name can include slashes (/) to simulate folder paths, though Cloud Storage has no real folder structure.

Bucket: my-app-data
├── images/logo.png          ← object named "images/logo.png"
├── images/banner.jpg        ← object named "images/banner.jpg"
├── backups/db-2024-01.sql   ← object named "backups/db-2024-01.sql"
└── index.html               ← object named "index.html"

Storage Classes

Cloud Storage offers four storage classes based on access frequency and cost. Data accessed often should use Standard; rarely-accessed data should use Coldline or Archive to save costs.

Storage ClassAccess FrequencyMinimum Storage DurationUse Case
StandardFrequently accessedNoneWebsite assets, active data
Nearline~Once per month30 daysMonthly reports, backups
Coldline~Once per quarter90 daysQuarterly archives
Archive~Once per year365 daysLong-term compliance, audit logs

Bucket Location Types

Region (single location):
┌──────────────────────────────┐
│  us-central1 (Iowa)          │
│  ✓ Lowest latency            │
│  ✓ Lowest cost               │
│  ✗ No geo-redundancy         │
└──────────────────────────────┘

Dual-Region:
┌──────────────────────────────┐
│  nam4 (Iowa + S. Carolina)   │
│  ✓ High availability         │
│  ✓ Regional redundancy       │
│  Higher cost                 │
└──────────────────────────────┘

Multi-Region:
┌──────────────────────────────┐
│  US / EU / ASIA              │
│  ✓ Highest availability      │
│  ✓ Best global performance   │
│  Highest cost                │
└──────────────────────────────┘

Creating a Bucket

Via the Console

  1. Go to Cloud Storage → Buckets
  2. Click Create
  3. Enter a globally unique bucket name (example: estudy247-assets-2024)
  4. Select a location type and region
  5. Choose a storage class (Standard for most cases)
  6. Set access control (Uniform recommended)
  7. Click Create

Via Cloud Shell

# Create a bucket in us-central1
gsutil mb -l us-central1 gs://estudy247-assets-2024

# Upload a file to the bucket
gsutil cp myfile.txt gs://estudy247-assets-2024/

# List objects in the bucket
gsutil ls gs://estudy247-assets-2024/

# Download a file
gsutil cp gs://estudy247-assets-2024/myfile.txt ./downloaded.txt

# Delete an object
gsutil rm gs://estudy247-assets-2024/myfile.txt

Access Control

Cloud Storage has two modes for controlling access:

Uniform Bucket-Level Access (Recommended)

IAM policies apply to the entire bucket and all its objects uniformly. This is simpler and more secure. Individual object-level permissions are not possible in this mode.

Fine-Grained Access

Allows setting individual permissions on each object using Access Control Lists (ACLs). More complex and harder to audit.

Making a single object publicly readable:

gsutil acl ch -u AllUsers:R gs://my-bucket/public-image.png

Making an entire bucket public (use carefully — exposes all data):

gsutil iam ch allUsers:objectViewer gs://my-bucket

Signed URLs

A signed URL provides temporary access to a private object without changing the bucket's permissions. This is useful when an application needs to share a file download link that expires after a certain time.

# Generate a signed URL valid for 1 hour
gsutil signurl -d 1h my-service-account-key.json \
  gs://my-bucket/private-report.pdf

The generated URL looks like:

https://storage.googleapis.com/my-bucket/private-report.pdf?X-Goog-Signature=...&X-Goog-Expires=3600

Object Lifecycle Management

Lifecycle rules automatically transition objects to cheaper storage classes or delete them after a set period.

Lifecycle Example:
Objects uploaded today
    │
    │  After 30 days
    ▼
Nearline Storage (cheaper)
    │
    │  After 90 days
    ▼
Coldline Storage (even cheaper)
    │
    │  After 365 days
    ▼
Archive Storage (cheapest)
    │
    │  After 2 years
    ▼
Deleted automatically

Set lifecycle rules from the Console under Bucket → Lifecycle or via a JSON config.

Hosting a Static Website on Cloud Storage

Cloud Storage can serve HTML, CSS, and JavaScript files as a static website — no server needed.

  1. Create a bucket named exactly after the domain (example: www.mysite.com)
  2. Upload HTML files including index.html
  3. Make the bucket publicly readable
  4. Configure the bucket as a website:
gsutil web set -m index.html -e 404.html gs://www.mysite.com

Key Takeaways

  • Cloud Storage stores any file as an object inside a bucket.
  • Bucket names are globally unique across all of GCP.
  • Storage classes (Standard, Nearline, Coldline, Archive) balance cost vs access speed.
  • Use Uniform Bucket-Level Access with IAM for simpler, more secure permissions.
  • Signed URLs grant temporary access to private objects.
  • Lifecycle rules automate transitioning or deleting objects to reduce costs.
Previous lessons
Back to courses
Next lessons

Leave a Comment