This page provides an overview of Cloud Storage and how it works.

Cloud Storage is a service for storing yourobjects inGoogle Cloud. An object is an immutable piece of data consisting of a file ofany format. You store objects in containers calledbuckets, and you canoptionally organize objects stored in buckets by usingfolders.

All buckets are associated with aproject, and you can group yourprojects under anorganization. Each project, bucket, managed folder,and object in Google Cloud is aresource in Google Cloud, as are things suchasCompute Engine instances.

After you create a project, you cancreate Cloud Storage buckets,upload objects to your buckets, anddownload objects from yourbuckets. You can also grant permissions to make your data accessible toprincipals you specify oraccessible to everyone on the public internet.

The Google Cloud hierarchy

Here's how the Cloud Storage structure can apply to a real-world case:

• Organization: Your company, called Example Inc., creates a Google Cloudorganization calledexampleinc.org.

• Project: Example Inc. is building several applications, and each one isassociated with a project. Each project has its own set ofCloud Storage APIs, as well as other resources.

• Bucket: Each project can contain multiple buckets, which are containers tostore your objects. For example, you might create aphotos bucket for allthe image files your app generates and a separatevideos bucket.

  • Hierarchical namespace enabled buckets: Buckets can havehierarchical namespace enabled, which lets you store your data in alogical file system structure usingfolders. You can manage folders byusing folder-specific operations, including creating, deleting, listing,and renaming. Buckets with hierarchical namespace enabled offer up to8 times higher initial QPS limits for reading and writing objects comparedto buckets without hierarchical namespace enabled, and is beneficial fordata-intensive tasks like analytics and AI/ML workloads.

• Object: Buckets contain objects, such as an image calledpuppy.png. Eachbucket can contain essentially unlimited individual objects.

• Folder: Buckets with hierarchical namespace enabled can contain folders.Folders enable a real file system for storing objects, as opposed to asimulated file system. You can atomically rename a folder and all the objectswithin it in one operation.

• Managed folder: Each bucket can also containmanaged folders,which grant or revoke additional access beyond the IAMpermissions set on the bucket. Managed folders don't use a true directory treestructure; rather, a managed folder is a resource overlay used only forpermission checking.

Tools for Cloud Storage

You can interact with Cloud Storage by using the following tools:

• Console: TheGoogle Cloud console provides a visual interface foryou to manage your data in a browser.

• Google Cloud CLI: Thegcloud CLI allows you to interactwith Cloud Storage through a terminal usinggcloud storage commands.

• Client libraries: The Cloud Storageclient libraries allowyou to manage your data using one of your preferred languages, including C++,C#, Go, Java, Node.js, PHP, Python, and Ruby.

• REST APIs: Manage your data using theJSON orXML API.

• Terraform:Terraform is an infrastructure-as-code (IaC)tool that you can use to provision the infrastructure forCloud Storage. For more information, seeProvision resources with Cloud Storage.

• gRPC:gRPC lets you interact with Cloud Storage. gRPCis a high performance, open source universal RPC framework developed by Googlethat you can use to define your services using Protocol Buffers.

• Cloud Storage FUSE:Cloud Storage FUSE lets you mount Cloud Storagebuckets to your local file system. This enables your applications to read froma bucket or write to a bucket by using standard file system semantics.

Securing your data

Once you upload your objects to Cloud Storage, you have fine-grainedcontrol over how you secure and share your data. Here are some ways to securethe data you upload to Cloud Storage:

• Identity and Access Management: UseIAM to control who has access to theresources in your Google Cloud project. Resources include Cloud Storagebuckets and objects, as well as other Google Cloud entities such asCompute Engine instances. You can grant principals certain types of accessto buckets and objects, such asupdate,create, ordelete.

• Data encryption: Cloud Storage uses server-side encryption toencrypt your data by default. You can also use supplemental dataencryption options such ascustomer-managed encryption keys andcustomer-supplied encryption keys.

• Authentication: Ensure that anyone who accesses your data haspropercredentials.

• Soft delete: Prevent permanent loss of data againstaccidental or malicious deletion by retaining recently deleted objects andbuckets. By default, Cloud Storage enablessoft deletefor all buckets with a seven day retention period.

• Object Versioning: When a live version of an object is replaced ordeleted, it can be retained as anoncurrent version if youenable Object Versioning.

• Bucket IP filtering: Withbucket IP filtering, youcan restrict access to a bucket based on the source IP address of the requestand secure your data from unauthorized access from specific IP addresses orVirtual Private Cloud (VPC).

• Bucket Lock: Govern how long objects in buckets must be retained byspecifying a retention policy.

Resource names

Note: The use of resource names within Cloud Storage is limited toPub/Sub Notifications for Cloud Storage andIdentity and Access Management.

Each resource has a unique name that identifies it, much like a filename.Buckets have a resource name in the form ofprojects/_/buckets/BUCKET_NAME, whereBUCKET_NAME is the ID of the bucket. Objects have aresource name in the form ofprojects/_/buckets/BUCKET_NAME/objects/OBJECT_NAME,whereOBJECT_NAME is the ID of the object.

A#NUMBER appended to the end of the resource nameindicates a specific generation of the object.#0 is a special identifier forthe most recent version of an object.#0 is useful to add when the name ofthe object ends in a string that would otherwise be interpreted as a generationnumber.

Quickstart guides

To learn the fundamentals of using Cloud Storage, visit the followingguides:

• Google Cloud console quickstart
• gcloud quickstart
• Terraform quickstart

Looking for other products?

If Cloud Storage is not the right storage solution for you, see moreinformation about the following storage services:

• Google Cloud Managed Lustre: Store your data in a high-performance, fullymanaged parallel file system that's optimized for AI and HPC workloads.

• Google Drive: Store, manage, and share your personal files.

• Cloud Storage for Firebase: Manage data for yourmobile applications.

• Persistent Disk: Add block storage to your Compute Engine virtualmachine.

• Filestore: Add file storage for multiwriter access to yourGKE clusters.

• Explore morestorage services offered by Google.

What's next

• Learn the fundamentals of Cloud Storage through theGoogle Cloud console orGoogle Cloud CLI.
• TryGoogle Cloud jump start solutions that use Cloud Storage.
• Get started withclient libraries.
• Quickly import online data into Cloud Storage or betweenCloud Storage buckets usingStorage Transfer Service.