Cloud Storage
Store objects in Google Cloud Storage with the right class and access controls.
Cloud Storage is GCP’s object store: objects in buckets with globally unique names. Storage classes trade access cost for storage cost:
- Standard — frequent access
- Nearline — ~monthly access
- Coldline — ~quarterly access
- Archive — rarely accessed, cheapest
Access is controlled by IAM (bucket/project level) and optionally ACLs. Use uniform bucket-level access (IAM only) for simplicity and security, keep Public Access Prevention on, and use signed URLs for temporary sharing. Lifecycle rules auto-transition or delete objects by age.
gcloud storage buckets create gs://my-unique-bucket --location=EU
gcloud storage cp report.pdf gs://my-unique-bucket/reports/
gcloud storage ls gs://my-unique-bucket/reports/
# Signed URL: temporary access without making the object public
gcloud storage sign-url gs://my-unique-bucket/reports/report.pdf --duration=1h- Pick a storage class for website assets, monthly backups, and long-term archives.
- Explain why uniform bucket-level access is recommended.
- Describe how a signed URL shares an object without making the bucket public.
- Write a lifecycle rule (in words) to move objects to Coldline after 90 days.
Cheat Sheet▾
| Class | Access pattern |
|---|---|
| Standard | Frequent |
| Nearline | ~Monthly |
| Coldline | ~Quarterly |
| Archive | Rare, cheapest |
| Uniform access | IAM-only permissions |
| Signed URL | Temporary scoped access |
| Lifecycle rules | Auto transition/delete |
Common Interview Questions▾
What are Cloud Storage classes for?
To match cost to access frequency — Standard for hot data, Nearline/Coldline for infrequent access, and Archive for rarely-touched long-term storage at the lowest price.
How do you give temporary access to a private object?
Generate a signed URL with an expiry, granting time-limited access to that object without changing bucket permissions or exposing it publicly.