gcloud - manage Google Cloud resources and developer workflow

gcloudGROUP |COMMAND[--account=ACCOUNT][--billing-project=BILLING_PROJECT][--configuration=CONFIGURATION][--flags-file=YAML_FILE][--flatten=[KEY,…]][--format=FORMAT][--help][--project=PROJECT_ID][--quiet,-q][--verbosity=VERBOSITY; default="warning"][--version,-v][-h][--access-token-file=ACCESS_TOKEN_FILE][--impersonate-service-account=SERVICE_ACCOUNT_EMAILS][--log-http][--trace-token=TRACE_TOKEN][--no-user-output-enabled]

For a quick introduction to thegcloud CLI, a list of commonly usedcommands, and a look at how these commands are structured, rungcloud cheat-sheet or seethe`gcloud` CLI cheatsheet.

--account=ACCOUNT

Google Cloud user account to use for invocation. Overrides the defaultcore/account property value for this command invocation.

--billing-project=BILLING_PROJECT

The Google Cloud project that will be charged quota for operations performed ingcloud. If you need to operate on one project, but need quotaagainst a different project, you can use this flag to specify the billingproject. If bothbilling/quota_project and--billing-project are specified,--billing-projecttakes precedence. Run$gcloudconfig set --help to see more information aboutbilling/quota_project.

--configuration=CONFIGURATION

File name of the configuration to use for this command invocation. For moreinformation on how to use configurations, run:gcloud topicconfigurations. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAMEenvironment variable to set the equivalent of this flag for a terminal session.

--flags-file=YAML_FILE

A YAML or JSON file that specifies a--flag:valuedictionary. Useful for specifying complex flag values with special charactersthat work with any command interpreter. Additionally, each--flags-file arg is replaced by its constituent flags. See $gcloud topic flags-file formore information.

--flatten=[KEY,…]

Flattenname[] output resource slices inKEY into separate records for each item in each slice.Multiple keys and slices may be specified. This also flattens keys for--format and--filter. For example,--flatten=abc.def flattensabc.def[].ghi references toabc.def.ghi. A resource record containingabc.def[]with N elements will expand to N records in the flattened output. This allows usto specify whatresource-key thefilter will operateon. This flag interacts with other flags that are applied in this order:--flatten,--sort-by,--filter,--limit.

--format=FORMAT

Sets the format for printing command output resources. The default is acommand-specific human-friendly output format. If bothcore/formatand--format are specified,--format takes precedence.--format andcore/format both take precedence overcore/default_format. The supported formats are limited to:config,csv,default,diff,disable,flattened,get,json,list,multi,none,object,table,text,value,yaml. For more details run $ gcloud topic formats. Run$gcloud config set --help tosee more information aboutcore/format

--help

Display detailed help.

--project=PROJECT_ID

The Google Cloud project ID to use for this invocation. If omitted, then thecurrent project is assumed; the current project can be listed usinggcloudconfig list --format='text(core.project)' and can be set usinggcloud config set project PROJECTID.

--project and its fallbackcore/project property playtwo roles in the invocation. It specifies the project of the resource to operateon. It also specifies the project for API enablement check, quota, and billing.To specify a different project for quota and billing, use--billing-project orbilling/quota_project property.

--quiet,-q

Disable all interactive prompts when runninggcloud commands. Ifinput is required, defaults will be used, or an error will be raised.

Overrides the default core/disable_prompts property value for this commandinvocation. This is equivalent to setting the environment variableCLOUDSDK_CORE_DISABLE_PROMPTS to 1.

--verbosity=VERBOSITY; default="warning"

Override the default verbosity for this command. Overrides the defaultcore/verbosity property value for this command invocation.VERBOSITY must be one of:debug,info,warning,error,critical,none.

--version,-v

Print version information and exit. This flag is only available at the globallevel.

-h

Print a summary help and exit.

--access-token-file=ACCESS_TOKEN_FILE

A file path to read the access token. Use this flag to authenticategcloud with an access token. The credentials of the active account(if exists) will be ignored. The file should only contain an access token withno other information. Overrides the defaultauth/access_token_fileproperty value for this command invocation.

--impersonate-service-account=SERVICE_ACCOUNT_EMAILS

For thisgcloud invocation, all API requests will be made as thegiven service account or target service account in an impersonation delegationchain instead of the currently selected account. You can specify either a singleservice account as the impersonator, or a comma-separated list of serviceaccounts to create an impersonation delegation chain. The impersonation is donewithout needing to create, download, and activate a key for the service accountor accounts.

In order to make API requests as a service account, your currently selectedaccount must have an IAM role that includes theiam.serviceAccounts.getAccessToken permission for the serviceaccount or accounts.

Theroles/iam.serviceAccountTokenCreator role has theiam.serviceAccounts.getAccessToken permission. You can also createa custom role.

You can specify a list of service accounts, separated with commas. This createsan impersonation delegation chain in which each service account delegates itspermissions to the next service account in the chain. Each service account inthe list must have theroles/iam.serviceAccountTokenCreator role onthe next service account in the list. For example, when--impersonate-service-account=SERVICE_ACCOUNT_1,SERVICE_ACCOUNT_2,the active account must have theroles/iam.serviceAccountTokenCreator role onSERVICE_ACCOUNT_1, which must have theroles/iam.serviceAccountTokenCreator role onSERVICE_ACCOUNT_2.SERVICE_ACCOUNT_1 is the impersonatedservice account andSERVICE_ACCOUNT_2 isthe delegate.

Overrides the defaultauth/impersonate_service_account propertyvalue for this command invocation.

--log-http

Log all HTTP server requests and responses to stderr. Overrides the defaultcore/log_http property value for this command invocation.

--trace-token=TRACE_TOKEN

Token used to route traces of service requests for investigation of issues.Overrides the defaultcore/trace_token property value for thiscommand invocation.

--user-output-enabled

Print user intended output to the console. Overrides the defaultcore/user_output_enabled property value for this commandinvocation. Use--no-user-output-enabled to disable.

access-approval

Manage Access Approval requests and settings.

access-context-manager

Manage Access Context Manager resources.

active-directory

Manage Managed Microsoft AD resources.

ai

Manage entities in Vertex AI.

ai-platform

Manage AI Platform jobs and models.

alloydb

Create and manage AlloyDB databases.

alpha

(ALPHA) Alpha versions of gcloud commands.

anthos

Anthos command Group.

api-gateway

Manage Cloud API Gateway resources.

apigee

Manage Apigee resources.

app

Manage your App Engine deployments.

apphub

Manage App Hub resources.

artifacts

Manage Artifact Registry resources.

asset

Manage the Cloud Asset Inventory.

assured

Read and manipulate Assured Workloads data controls.

audit-manager

Enroll resources, audit workloads and generate reports.

auth

Manage oauth2 credentials for the Google Cloud CLI.

backup-dr

Manage Backup and DR resources.

batch

Manage Batch resources.

beta

(BETA) Beta versions of gcloud commands.

beyondcorp

Manage Beyondcorp resources.

bigtable

Manage your Cloud Bigtable storage.

billing

Manage billing accounts and associate them with projects.

bms

Manage Bare Metal Solution resources.

bq

Manage Bq resources.

builds

Create and manage builds for Google Cloud Build.

certificate-manager

Manage SSL certificates for your Google Cloud projects.

cloud-shell

Manage Google Cloud Shell.

cloudlocationfinder

Manage Cloudlocationfinder resources.

colab

Manage Colab Enterprise resources.

compliance-manager

Manage Compliance Manager resources.

components

List, install, update, or remove Google Cloud CLI components.

composer

Create and manage Cloud Composer Environments.

compute

Create and manipulate Compute Engine resources.

config

View and edit Google Cloud CLI properties.

container

Deploy and manage clusters of machines for running containers.

data-catalog

Manage Data Catalog resources.

database-migration

Manage Database Migration Service resources.

dataflow

Manage Google Cloud Dataflow resources.

dataplex

Manage Dataplex resources.

dataproc

Create and manage Google Cloud Dataproc clusters and jobs.

datastore

Manage your Cloud Datastore resources.

datastream

Manage Cloud Datastream resources.

deploy

Create and manage Cloud Deploy resources.

deployment-manager

Manage deployments of cloud resources.

design-center

Manage Application Design Center resources.

developer-connect

Manage Developer Connect resources.

dns

Manage your Cloud DNS managed-zones and record-sets.

domains

Manage domains for your Google Cloud projects.

edge-cache

Manage Media CDN resources.

edge-cloud

Manage edge-cloud resources.

emulators

Set up your local development environment using emulators.

endpoints

Create, enable and manage API services.

essential-contacts

Manage Essential Contacts.

eventarc

Manage Eventarc resources.

filestore

Create and manipulate Filestore resources.

firebase

Work with Google Firebase.

firestore

Manage your Cloud Firestore resources.

functions

Manage Google Cloud Functions.

gemini

Manage resources associated with Gemini Code Assist and Gemini Cloud Assist.

healthcare

Manage Cloud Healthcare resources.

iam

Manage IAM service accounts and keys.

iap

Manage IAP policies.

identity

Manage Cloud Identity Groups and Memberships resources.

ids

Manage Cloud IDS.

immersive-stream

Manage Immersive Stream resources.

infra-manager

Manage Infra Manager resources.

kms

Manage cryptographic keys in the cloud.

logging

Manage Cloud Logging.

looker

Manage Looker resources.

lustre

Manage Lustre resources.

managed-kafka

Administer Managed Service for Apache Kafka clusters, topics, and consumergroups.

memcache

Manage Cloud Memorystore Memcached resources.

memorystore

Manage Memorystore resources.

metastore

Manage Dataproc Metastore resources.

migration

The root group for various Cloud Migration teams.

ml

Use Google Cloud machine learning capabilities.

model-armor

Model Armor is a service offering LLM-agnostic security and AI safety measuresto mitigate risks associated with large language models (LLMs).

monitoring

Manage Cloud Monitoring dashboards.

netapp

Create and manipulate Cloud NetApp Files resources.

network-connectivity

Manage Network Connectivity resources.

network-management

Manage Network Management resources.

network-security

Manage Network Security resources.

network-services

Manage Network Services resources.

notebooks

Notebooks Command Group.

observability

Manage Observability resources.

oracle-database

Manage Oracle Database resources.

org-policies

Create and manage Organization Policies.

organizations

Create and manage Google Cloud Platform Organizations.

pam

Manage Privileged Access Manager (PAM) entitlements and grants.

parametermanager

Parameter Manager is a single source of truth to store, access and manage thelifecycle of your application parameters.

policy-intelligence

A platform to help better understand, use, and manage policies at scale.

policy-troubleshoot

Troubleshoot Google Cloud Platform policies.

preview

(PREVIEW) Preview versions of gcloud commands.

privateca

Manage private Certificate Authorities on Google Cloud.

projects

Create and manage project access policies.

publicca

Manage accounts for Google Trust Services' Certificate Authority.

pubsub

Manage Cloud Pub/Sub topics, subscriptions, and snapshots.

recaptcha

Manage reCAPTCHA Enterprise Keys.

recommender

Manage Cloud recommendations and recommendation rules.

redis

Manage Cloud Memorystore Redis resources.

resource-manager

Manage Cloud Resources.

run

Manage your Cloud Run applications.

scc

Manage Cloud SCC resources.

scheduler

Manage Cloud Scheduler jobs and schedules.

secrets

Manage secrets on Google Cloud.

service-directory

Command groups for Service Directory.

service-extensions

Manage Service Extensions resources.

services

List, enable and disable APIs and services.

source

Cloud git repository commands.

source-manager

Manage Secure Source Manager resources.

spanner

Command groups for Cloud Spanner.

sql

Create and manage Google Cloud SQL databases.

storage

Create and manage Cloud Storage buckets and objects.

tasks

Manage Cloud Tasks queues and tasks.

telco-automation

Manage Telco Automation resources.

topic

gcloud supplementary help.

transcoder

Manage Transcoder jobs and job templates.

transfer

Manage Transfer Service jobs, operations, and agents.

vmware

Manage Google Cloud VMware Engine resources.

workbench

Workbench Command Group.

workflows

Manage your Cloud Workflows resources.

workspace-add-ons

Manage Google Workspace Add-ons resources.

workstations

Manage Cloud Workstations resources.

cheat-sheet

Display gcloud cheat sheet.

docker

(DEPRECATED) Enable Docker CLI access to Google Container Registry.

feedback

Provide feedback to the Google Cloud CLI team.

help

Search gcloud help text.

info

Display information about the current gcloud environment.

init

Initialize or reinitialize gcloud.

survey

Invoke a customer satisfaction survey for Google Cloud CLI.

version

Print version information for Google Cloud CLI components.