gcloud - manage Google Cloud resources and developer workflow
gcloud GROUP | COMMAND [--account=ACCOUNT] [--billing-project=BILLING_PROJECT] [--configuration=CONFIGURATION] [--flags-file=YAML_FILE] [--flatten=[KEY,...]] [--format=FORMAT] [--help] [--project=PROJECT_ID] [--quiet, -q] [--verbosity=VERBOSITY; default="warning"] [--version, -v] [-h] [--access-token-file=ACCESS_TOKEN_FILE] [--impersonate-service-account=SERVICE_ACCOUNT_EMAILS] [--log-http] [--trace-token=TRACE_TOKEN] [--no-user-output-enabled]
The gcloud CLI manages authentication, local configuration, developer workflow, and interactions with the Google Cloud APIs.
For a quick introduction to the gcloud CLI, a list of commonly used commands, and a look at how these commands are structured, run gcloud cheat-sheet or see the `gcloud` CLI cheat sheet https://cloud.google.com/sdk/docs/cheatsheet.
- --account=ACCOUNT
Google Cloud user account to use for invocation. Overrides the default core/account property value for this command invocation.
- --billing-project=BILLING_PROJECT
The Google Cloud project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both billing/quota_project and --billing-project are specified, --billing-project takes precedence. Run $ gcloud config set --help to see more information about billing/quota_project.
- --configuration=CONFIGURATION
The configuration to use for this command invocation. For more information on how to use configurations, run: gcloud topic configurations. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment variable to set the equivalent of this flag for a terminal session.
- --flags-file=YAML_FILE
A YAML or JSON file that specifies a --flag:value dictionary. Useful for specifying complex flag values with special characters that work with any command interpreter. Additionally, each --flags-file arg is replaced by its constituent flags. See $ gcloud topic flags-file for more information.
- --flatten=[KEY,...]
Flatten name[] output resource slices in KEY into separate records for each item in each slice. Multiple keys and slices may be specified. This also flattens keys for --format and --filter. For example, --flatten=abc.def flattens abc.def[].ghi references to abc.def.ghi. A resource record containing abc.def[] with N elements will expand to N records in the flattened output. This allows us to specify what resource-key the filter will operate on. This flag interacts with other flags that are applied in this order: --flatten, --sort-by, --filter, --limit.
- --format=FORMAT
Sets the format for printing command output resources. The default is a command-specific human-friendly output format. If both core/format and --format are specified, --format takes precedence. --format and core/format both take precedence over core/default_format. The supported formats are limited to: config, csv, default, diff, disable, flattened, get, json, list, multi, none, object, table, text, value, yaml. For more details run $ gcloud topic formats. Run $ gcloud config set --help to see more information about core/format
- --help
Display detailed help.
- --project=PROJECT_ID
The Google Cloud project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using gcloud config list --format='text(core.project)' and can be set using gcloud config set project PROJECTID.
--project and its fallback core/project property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use --billing-project or billing/quota_project property.
- --quiet, -q
Disable all interactive prompts when running gcloud commands. If input is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this command invocation. This is equivalent to setting the environment variable CLOUDSDK_CORE_DISABLE_PROMPTS to 1.
- --verbosity=VERBOSITY; default="warning"
Override the default verbosity for this command. Overrides the default core/verbosity property value for this command invocation. VERBOSITY must be one of: debug, info, warning, error, critical, none.
- --version, -v
Print version information and exit. This flag is only available at the global level.
- -h
Print a summary help and exit.
- --access-token-file=ACCESS_TOKEN_FILE
A file path to read the access token. Use this flag to authenticate gcloud with an access token. The credentials of the active account (if exists) will be ignored. The file should only contain an access token with no other information. Overrides the default auth/access_token_file property value for this command invocation.
- --impersonate-service-account=SERVICE_ACCOUNT_EMAILS
For this gcloud invocation, all API requests will be made as the given service account or target service account in an impersonation delegation chain instead of the currently selected account. You can specify either a single service account as the impersonator, or a comma-separated list of service accounts to create an impersonation delegation chain. The impersonation is done without needing to create, download, and activate a key for the service account or accounts.
In order to make API requests as a service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account or accounts.
The roles/iam.serviceAccountTokenCreator role has the iam.serviceAccounts.getAccessToken permission. You can also create a custom role.
You can specify a list of service accounts, separated with commas. This creates an impersonation delegation chain in which each service account delegates its permissions to the next service account in the chain. Each service account in the list must have the roles/iam.serviceAccountTokenCreator role on the next service account in the list. For example, when --impersonate-service-account= SERVICE_ACCOUNT_1,SERVICE_ACCOUNT_2, the active account must have the roles/iam.serviceAccountTokenCreator role on SERVICE_ACCOUNT_1, which must have the roles/iam.serviceAccountTokenCreator role on SERVICE_ACCOUNT_2. SERVICE_ACCOUNT_1 is the impersonated service account and SERVICE_ACCOUNT_2 is the delegate.
Overrides the default auth/impersonate_service_account property value for this command invocation.
- --log-http
Log all HTTP server requests and responses to stderr. Overrides the default core/log_http property value for this command invocation.
- --trace-token=TRACE_TOKEN
Token used to route traces of service requests for investigation of issues. Overrides the default core/trace_token property value for this command invocation.
- --user-output-enabled
Print user intended output to the console. Overrides the default core/user_output_enabled property value for this command invocation. Use --no-user-output-enabled to disable.
GROUP is one of the following:
- access-approval
Manage Access Approval requests and settings.
- access-context-manager
Manage Access Context Manager resources.
- active-directory
Manage Managed Microsoft AD resources.
- ai
Manage entities in Vertex AI.
- ai-platform
Manage AI Platform jobs and models.
- alloydb
Create and manage AlloyDB databases.
- alpha
(ALPHA) Alpha versions of gcloud commands.
- anthos
Anthos command Group.
- api-gateway
Manage Cloud API Gateway resources.
- apigee
Manage Apigee resources.
- app
Manage your App Engine deployments.
- artifacts
Manage Artifact Registry resources.
- asset
Manage the Cloud Asset Inventory.
- assured
Read and manipulate Assured Workloads data controls.
- auth
Manage oauth2 credentials for the Google Cloud CLI.
- batch
Manage Batch resources.
- beta
(BETA) Beta versions of gcloud commands.
- bigtable
Manage your Cloud Bigtable storage.
- billing
Manage billing accounts and associate them with projects.
- bms
Manage Bare Metal Solution resources.
- builds
Create and manage builds for Google Cloud Build.
- certificate-manager
Manage SSL certificates for your Google Cloud projects.
- cloud-shell
Manage Google Cloud Shell.
- components
List, install, update, or remove Google Cloud CLI components.
- composer
Create and manage Cloud Composer Environments.
- compute
Create and manipulate Compute Engine resources.
- config
View and edit Google Cloud CLI properties.
- container
Deploy and manage clusters of machines for running containers.
- data-catalog
Manage Data Catalog resources.
- database-migration
Manage Database Migration Service resources.
- dataflow
Manage Google Cloud Dataflow resources.
- dataplex
Manage Dataplex resources.
- dataproc
Create and manage Google Cloud Dataproc clusters and jobs.
- datastore
Manage your Cloud Datastore resources.
- datastream
Manage Cloud Datastream resources.
- debug
Commands for interacting with the Cloud Debugger.
- deploy
Create and manage Google Cloud Deploy resources.
- deployment-manager
Manage deployments of cloud resources.
- dns
Manage your Cloud DNS managed-zones and record-sets.
- domains
Manage domains for your Google Cloud projects.
- edge-cache
Manage Media CDN resources.
- edge-cloud
Manage edge-cloud resources.
- emulators
Set up your local development environment using emulators.
- endpoints
Create, enable and manage API services.
- essential-contacts
Manage Essential Contacts.
- eventarc
Manage Eventarc resources.
- filestore
Create and manipulate Filestore resources.
- firebase
Work with Google Firebase.
- firestore
Manage your Cloud Firestore resources.
- functions
Manage Google Cloud Functions.
- game
Managed Cloud Game Services.
- healthcare
Manage Cloud Healthcare resources.
- iam
Manage IAM service accounts and keys.
- iap
Manage IAP policies.
- identity
Manage Cloud Identity Groups and Memberships resources.
- ids
Manage Cloud IDS.
- iot
Manage Cloud IoT resources.
- kms
Manage cryptographic keys in the cloud.
- logging
Manage Cloud Logging.
- memcache
Manage Cloud Memorystore Memcached resources.
- metastore
Manage Dataproc Metastore resources.
- ml
Use Google Cloud machine learning capabilities.
- ml-engine
Manage AI Platform jobs and models.
- monitoring
Manage Cloud Monitoring dashboards.
- network-connectivity
Manage Network Connectivity Center resources.
- network-management
Manage Network Management resources.
- network-security
Manage Network Security resources.
- network-services
Manage Network Services resources.
- notebooks
Notebooks Command Group.
- org-policies
Create and manage Organization Policies.
- organizations
Create and manage Google Cloud Platform Organizations.
- policy-intelligence
A platform to help better understand, use and manage policies at scale.
- policy-troubleshoot
Troubleshoot Google Cloud Platform policies.
- privateca
Manage private Certificate Authorities on Google Cloud.
- projects
Create and manage project access policies.
- pubsub
Manage Cloud Pub/Sub topics, subscriptions, and snapshots.
- recaptcha
Manage reCAPTCHA Enterprise Keys.
- recommender
Manage Cloud recommendations and recommendation rules.
- redis
Manage Cloud Memorystore Redis resources.
- resource-manager
Manage Cloud Resources.
- resource-settings
Create and manage Resource Settings.
- run
Manage your Cloud Run applications.
- scc
Manage Cloud SCC resources.
- scheduler
Manage Cloud Scheduler jobs and schedules.
- secrets
Manage secrets on Google Cloud.
- service-directory
Command groups for Service Directory.
- services
List, enable and disable APIs and services.
- source
Cloud git repository commands.
- spanner
Command groups for Cloud Spanner.
- sql
Create and manage Google Cloud SQL databases.
- storage
Create and manage Cloud Storage buckets and objects.
- tasks
Manage Cloud Tasks queues and tasks.
- topic
gcloud supplementary help.
- transcoder
Manage Transcoder jobs and job templates.
- transfer
Manage Transfer Service jobs, operations, and agents.
- vmware
Manage Google Cloud VMware Engine resources.
- workflows
Manage your Cloud Workflows resources.
- workspace-add-ons
Manage Google Workspace Add-ons resources.
COMMAND is one of the following:
- cheat-sheet
Display gcloud cheat sheet.
- docker
(DEPRECATED) Enable Docker CLI access to Google Container Registry.
- feedback
Provide feedback to the Google Cloud CLI team.
- help
Search gcloud help text.
- info
Display information about the current gcloud environment.
- init
Initialize or reinitialize gcloud.
- survey
Invoke a customer satisfaction survey for Google Cloud CLI.
- version
Print version information for Google Cloud CLI components.