Connect to Cloud Storage using gRPC

gRPC is a high performance, open source universal RPC framework developedby Google that you can use to define your services using Protocol Buffers. Youcan use gRPC to interact with Cloud Storage. gRPC utilizesdirect connectivity betweenCompute Engine instances andCloud Storage buckets, bypassingGoogle Front Ends (GFEs).

Note: For analytics workloads on Google Cloud, gRPC improvesCloud Storage read performance only when the Compute Engine instanceand the Cloud Storage bucket are in the same region.

You can connect to Cloud Storage using gRPC through the following supportedclients:

Enable gRPC on a client library

C++

Before you begin

  1. Ensure you have the following versions installed:

    • gRPC version 1.65.1 or later

    • C++ client library version v2.30.0 or later

    • C++ version 14 or later

    For installation instructions, seeSetting up a C++ development environment.

  2. Set up authentication.

  3. Ensure each Compute Engine instance has aservice account attachedto it, even if the service account has no permissions. This service account isused to represent the Compute Engine instance in theApplication Layer Transport Security (ALTS) handshake process and isrequired fordirect connectivity.

Configure the C++ client library

  1. Create a gRPC client usinggcs::MakeGrpcClient():

    namespacegcs=google::cloud::storage;voidApp(){autoclient=gcs::MakeGrpcClient();//applicationcode}

    The C++ client library automatically usesdirect connectivity when it detectsthat the application is running on Google Cloud.

  2. To configure the C++ client library to use gRPC, enable theCloud Storage gRPC client to update your build systemconfiguration for CMake or Bazel.

    CMake

    1. Enable the Cloud Storage gRPC client plugin atcompile-time.

      cmake -DGOOGLE_CLOUD_CPP_ENABLE=storage_grpc [other options here]

    2. In your codebase, for thetarget_link_libraries() command replacegoogle-cloud-cpp::storage withgoogle-cloud-cpp::storage_grpc

      For example, the quickstart program for gRPC uses the followingcode:

      add_executable(quickstart_grpc quickstart_grpc.cc)target_link_libraries(quickstart_grpc google-cloud-cpp::storage_grpc)

    Bazel

    Replace the dependencies from@google_cloud_cpp//:storage to@google_cloud_cpp//:storage_grpc.

    For example, the quickstart program for gRPC uses the following code:

      cc_binary(      name = "quickstart",      srcs = [          "quickstart.cc",      ],      deps = [          "@com_github_googleapis_google_cloud_cpp//:storage_grpc",      ],  )

Java

Before you begin

  1. Ensure you have the following versions installed:

    • Java client libraries:

      • com.google.cloud:google-cloud-storage:2.43.1 or later.
      • com.google.cloud:libraries-bom:26.48 or later.

    • Java 8 or later

    For installation instructions, seeSetting up a Java development environment.

  2. Set up authentication.

  3. Ensure each Compute Engine instance has aservice account attachedto it, even if the service account has no permissions. This service account isused to represent the Compute Engine instance in theApplication Layer Transport Security (ALTS) handshake process and isrequired fordirect connectivity.

Update your project to use the BOM

To make sure that your projects have compatible versions of Google Cloud clientlibraries, use the versions specified in theGoogle Cloud libraries Bill of Materials (BOM). Toupdate your project to use the BOM, use any of the following methods:

Standalone Cloud Storage

If you are using the Cloud Storage client library independently (without otherGoogle Cloud libraries), use the Cloud Storage client library-specificBOM.

Maven

Import the BOM in thedependencyManagement section of yourpom.xml file.

The following example shows how you would import the BOM and include thegoogle-cloud-storage artifact.

<dependencyManagement><dependencies><dependency><groupId>com.google.cloud</groupId><artifactId>google-cloud-storage-bom</artifactId><version>2.43.1</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><dependencies><dependency><groupId>com.google.cloud</groupId><artifactId>google-cloud-storage</artifactId></dependency></dependencies>

Gradle

Add a platform dependency oncom.google.cloud:google-cloud-storage-bom:

implementation platform('com.google.cloud:google-cloud-storage-bom:2.43.1')implementation 'com.google.cloud:google-cloud-storage'

Cloud Storage with other Google Cloud libraries

If you are using the Cloud Storage client library along with other Google Cloud libraries, use the Google Cloud client libraries BOM.

Maven

Import the BOM in thedependencyManagement section of yourpom.xml file.

The following example shows how to import the BOM and include thelibraries-bom artifact.

<dependencyManagement><dependencies><dependency><groupId>com.google.cloud</groupId><artifactId>libraries-bom</artifactId><version>26.48.0</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><dependencies><dependency><groupId>com.google.cloud</groupId><artifactId>google-cloud-storage</artifactId></dependency></dependencies>

Gradle

Add a platform dependency oncom.google.cloud:libraries-bom:

implementation platform('com.google.cloud:libraries-bom:26.48.0')implementation 'com.google.cloud:google-cloud-storage'

Create a gRPC client

The following sample uses a gRPC centric builder. The gRPC Java client automatically uses direct connectivity when it detects that the application is running on Google Cloud.

// Imports the Google Cloud client libraryimportcom.google.cloud.storage.Bucket;importcom.google.cloud.storage.BucketInfo;importcom.google.cloud.storage.Storage;importcom.google.cloud.storage.StorageOptions;publicclassQuickstartGrpcSample{publicstaticvoidmain(String...args)throwsException{// Create an instance of options which will use the Google Cloud Storage gRPC API for all// operationsStorageOptionsoptions=StorageOptions.grpc().build();// Instantiates a client in a try-with-resource to automatically cleanup underlying resourcestry(Storagestorage=options.getService()){// The name for the new bucketStringbucketName=args[0];// "my-new-bucket";// Creates the new bucket using a request to the gRPC APIBucketbucket=storage.create(BucketInfo.of(bucketName));System.out.printf("Bucket %s created.%n",bucket.getName());}}}

Go

Before you begin

  1. Setup your development environment.

  2. Ensure you useCloud Storage Go client library version 1.46.0 or later.

  3. Set up authentication.

  4. Ensure each Compute Engine instance has aservice account attachedto it, even if the service account has no permissions. This service account isused to represent the Compute Engine instance in theApplication Layer Transport Security (ALTS) handshake process and isrequired fordirect connectivity.

Create a gRPC client

To use the client, you need to call theNewGRPCClient constructor inyour application instead ofNewClient.

// Sample storage-quickstart creates a Google Cloud Storage bucket using// gRPC API.packagemainimport("context""fmt""log""time""cloud.google.com/go/storage")funcmain(){ctx:=context.Background()// Use your Google Cloud Platform project ID and Cloud Storage bucketprojectID:="project-id"bucketName:="bucket-name"// Creates a gRPC enabled client.client,err:=storage.NewGRPCClient(ctx)iferr!=nil{log.Fatalf("Failed to create client: %v",err)}deferclient.Close()// Creates the new bucket.ctx,cancel:=context.WithTimeout(ctx,time.Second*10)defercancel()iferr:=client.Bucket(bucketName).Create(ctx,projectID,nil);err!=nil{log.Fatalf("Failed to create bucket: %v",err)}fmt.Printf("Bucket %v created.\n",bucketName)}

The Go client library automatically uses direct connectivity when it detectsthat the application is running on Google Cloud.

For information about how to use a gRPC client, seegRPC API.

Configure VPC Service Controls

If you are using Virtual Private Cloud with restricted virtual IP addresses(VPC Service Controls) to enhance the security of your network, you need toupdate your firewall rules to enabledirect connectivity for optimalperformance between your Compute Engine instance and Cloud Storagebucket.

To do so, add allowlist firewall rules to permit traffic on all ports for thefollowing CIDR blocks:

  • For IPv4 traffic:34.126.0.0/18
  • For IPv6 traffic:2001:4860:8040::/42

In addition to the preceding rules, retain the existing allowlist rule for199.36.153.4/30.

If you have restrictions on firewall rule modifications and you cannot updatethem, then you can force the traffic to avoid direct connectivity by usingstorage.googleapis.com as the Cloud Storageendpoint instead ofgoogle-c2p://storage.googleapis.com.

For example, for C++ use,.set<google::cloud::EndpointOption>(storage.googleapis.com)instead ofgoogle-c2p:///storage.googleapis.com.

Note: VPC networks have a defaultmaximum transmission unit(MTU) of1460bytes. For improved throughput, we recommend increasing the default MTU toat least4096 bytes. For more information about network MTUs, see themaximumtransmission unit overview.

Enable observability for gRPC related requests

You can configure Cloud Storage client libraries to to generate gRPCrelated metrics in Cloud Monitoring. The gRPC related metrics canhelp you to do the following:

  • Monitor and optimize the performance of gRPC requests to Cloud Storage.

  • Troubleshoot and debug issues.

  • Gain insights into your application's usage and behavior.

For information about how to generate gRPC related metrics,seeUse client-side metrics.

If gathering metrics isn't necessary for your use case, you can choose to opt-outof metrics collection. For instructions, seeOpt-out of client-sidemetrics.

Limitations

  • IPv6 requests cannot be sent overlegacy networks.

  • Direct connectivity is not supported when using the following GKE versionson IPv4-only clusters:

    • 1.28, 1.28.0-gke.100 or later until 1.28.5-gke.1199000
    • 1.27, 1.27.4-gke.1900 or later
    • 1.26, 1.26.10-gke.1238000 or later
    • 1.25, 1.25.15-gke.1045000 or later

  • gRPC does not support thenotifications,hmacKeys, andserviceAccount methods.

  • HTTP-specific client constructor options, such asWithHTTPClient, arenot supported forGo client library.

  • The gRPC API is not supported withregional endpoints.

Troubleshooting direct connectivity

To learn how to check for direct connectivity and troubleshoot when it's notavailable, seeDirect connectivity.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.