Cloud Storage is an object storage service designed to handle unstructured data. It stores and retrieves binary objects without analyzing their contents. It can mimic file system behavior, allowing you to copy files in and out like a typical file system.
Use cases include serving web content, storing archival or backup data, and distributing large files globally.
Buckets are global containers for objects. Each bucket must have a unique name in the global namespace. Avoid sensitive data in bucket names.
Example bucket name: declass
Access is managed via IAM roles and Access Control Lists (ACLs).
Encryption at rest and in transit is always enabled. Uses two-level encryption: a data encryption key (DEK) and a key encryption key (KEK) stored in Cloud KMS. Automatic key rotation is handled by Google.
You control and manage the KEK using Cloud KMS.
You provide the KEK directly. Google does not store the key.
Encryption protects data confidentiality, while locking ensures data immutability. Locked objects cannot be modified or deleted before a set retention period.
Objects are stored with metadata and are automatically replicated for durability. In multi-region buckets, objects are spread across multiple regions; in single-region buckets, they are replicated across zones.
Example object path: de/modules/O2/script.sh
gsutil mb -p $DEVSHELL_PROJECT_ID \
-c regional \
-l us-central1 \
gs://$DEVSHELL_PROJECT_ID-vcm/
gsutil -m cp -r gs://cloud-training/automl-lab-clouds/* gs://$DEVSHELL_PROJECT_ID-vcm/
gsutil -m cp ...
gsutil ls gs://$DEVSHELL_PROJECT_ID-vcm/
gsutil ls gs://$DEVSHELL_PROJECT_ID-vcm/*
Cloud Storage is an object store, while HDFS is a true distributed file system. Cloud Storage only simulates a directory structure.
mv gs://foo/bar gs://foo/bar2 simulates directory renaming by copying and deleting objects.
gs://foo/bargs://foo/bar/baz1, gs://foo/bar/baz2gs://foo/bar/baz1, gs://foo/bar/baz2