This page shows you how to perform basic tasks in Cloud Storage using the Google Cloud CLI.
Costs that you incur in Cloud Storage are based on the resources you use. This quickstart typically uses less than $0.01 USD worth of Cloud Storage resources.
Install the Google Cloud CLI.
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
To initialize the gcloud CLI, run the following command:
gcloud initCreate or select a Google Cloud project.
Roles required to select or create a project
roles/resourcemanager.projectCreator), which contains the
resourcemanager.projects.create permission. Learn how to grant
roles.
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace PROJECT_ID with a name for the Google Cloud project you are creating.
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace PROJECT_ID with your Google Cloud project name.
Verify that billing is enabled for your Google Cloud project.
Grant roles to your user account. Run the following command once for each of the following
IAM roles:
roles/storage.admin
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
Replace the following:
PROJECT_ID: Your project ID.USER_IDENTIFIER: The identifier for your user
account. For example, myemail@example.com.
ROLE: The IAM role that you grant to your user account.Install the Google Cloud CLI.
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
To initialize the gcloud CLI, run the following command:
gcloud initCreate or select a Google Cloud project.
Roles required to select or create a project
roles/resourcemanager.projectCreator), which contains the
resourcemanager.projects.create permission. Learn how to grant
roles.
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace PROJECT_ID with a name for the Google Cloud project you are creating.
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace PROJECT_ID with your Google Cloud project name.
Verify that billing is enabled for your Google Cloud project.
Grant roles to your user account. Run the following command once for each of the following
IAM roles:
roles/storage.admin
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
Replace the following:
PROJECT_ID: Your project ID.USER_IDENTIFIER: The identifier for your user
account. For example, myemail@example.com.
ROLE: The IAM role that you grant to your user account.Buckets are the basic containers that hold your data in Cloud Storage.
To create a bucket:
Use the gcloud storage buckets create command and a globally unique name to
create a bucket:
gcloud storage buckets create gs://BUCKET_NAME/ --uniform-bucket-level-access
Replace BUCKET_NAME with a name for your bucket.
If successful, the command returns a response like the following:
Creating gs://my-awesome-bucket/...
If the bucket name that you chose is already in use, either by
you or someone else, the command returns a response like
ServiceException: 409 Bucket my-awesome-bucket already exists. Try again
with a different bucket name.
You've just created a bucket where you can store your data!
Save the following image to your computer, such as on the desktop.
Use the gcloud storage cp command to copy the image from the location
where you saved it to the bucket that you created:
gcloud storage cp Desktop/kitten.png gs://BUCKET_NAME
If successful, the command returns a response like the following:
Copying file://Desktop/kitten.png to gs://my-awesome-bucket/kitten.png Completed files 1/1 | 8.6kiB/8.6kiB
You've just stored an object in your bucket.
Use the gcloud storage cp command to download the image that you stored
in your bucket to somewhere on your computer, such as the desktop:
gcloud storage cp gs://BUCKET_NAME/kitten.png Desktop/kitten2.png
If successful, the command returns a response like the following:
Copying gs://my-awesome-bucket/kitten.png to file://Desktop/kitten2.png Completed files 1/1 | 8.6kiB/8.6kiB
You've just downloaded something from your bucket.
Use the gcloud storage cp command to create a simulated folder and copy the
image into it:
gcloud storage cp gs://BUCKET_NAME/kitten.png gs://BUCKET_NAME/quickstart-folder/kitten3.png
If successful, the command returns a response like the following:
Copying gs://my-awesome-bucket/kitten.png to gs://my-awesome-bucket/quickstart-folder/kitten3.png Completed files 1/1 | 8.6kiB/8.6kiB
You've just copied your image into a new simulated folder in your bucket.
Use the gcloud storage ls command to list the contents at the top
level of your bucket:
gcloud storage ls gs://BUCKET_NAME
If successful, the command returns a response like the following:
gs://my-awesome-bucket/kitten.png gs://my-awesome-bucket/quickstart-folder/
You've just seen the contents at the top level of your bucket.
Use the gcloud storage ls command with the --long flag to get some
details about one of your images:
gcloud storage ls gs://BUCKET_NAME/kitten.png --long
If successful, the command returns a response like the following:
8775 2026-01-21T01:22:17Z gs://srs-bucketcli/kitten.png TOTAL: 1 objects, 8775 bytes (8.57kiB)
You've just obtained information about the image's size and date of creation.
Use the gcloud storage buckets add-iam-policy-binding command to grant all
users permission to read the images stored in your bucket:
gcloud storage buckets add-iam-policy-binding gs://BUCKET_NAME --member=allUsers --role=roles/storage.objectViewer
The command is successful if your response contains the following:
bindings:
- members:
- allUsers
role: roles/storage.objectViewer
Now anyone can get your images.
To remove this access, use the following command:
gcloud storage buckets remove-iam-policy-binding gs://BUCKET_NAME --member=allUsers --role=roles/storage.objectViewer
The command is successful if no error is returned.
You have removed public access to the images in your bucket.
Use the gcloud storage buckets add-iam-policy-binding command to give a
specific email address permission to add objects to your bucket:
gcloud storage buckets add-iam-policy-binding gs://BUCKET_NAME --member=user:jeffersonloveshiking@gmail.com --role=roles/storage.objectCreator
The command is successful if your response contains the following:
bindings:
- members:
- user:jeffersonloveshiking@gmail.com
role: roles/storage.objectCreator
Now this user can add items to your bucket.
To remove this permission, use the following command:
gcloud storage buckets remove-iam-policy-binding gs://BUCKET_NAME --member=user:jeffersonloveshiking@gmail.com --role=roles/storage.objectCreator
The command is successful if no error is returned.
You have removed the user's access to this bucket.
Use the gcloud storage rm command to delete one of your images:
gcloud storage rm gs://BUCKET_NAME/kitten.png
If successful, the command returns a response like the following:
Removing gs://my-awesome-bucket/kitten.png...
This copy of the image is no longer stored on Cloud Storage
(though the copy you made in the simulated folder quickstart-folder/ still
exists).
To avoid incurring charges to your Google Cloud account for the resources used on this page, delete the Google Cloud project with the resources.
Use the gcloud storage rm command with the --recursive flag to
delete the bucket and anything inside of it:
gcloud storage rm gs://BUCKET_NAME --recursive
If successful, the command returns a response like the following:
Removing objects: Removing gs://my-awesome-bucket/quickstart-folder/kitten3.png#1768960201129254 Completed 1/1 Removing buckets: Removing gs://my-awesome-bucket/... Completed 1/1
buckets create)cp)ls)buckets add-iam-policy-binding)rm)
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-06-09 UTC.