Cloud Storage

Overview

Google Cloud Storage (GCS) is Google's unified, scalable object storage service with global availability and strong consistency.

Bucket Location Types:

• Regional: Single region. Best latency for co-located compute. Most cost-effective for regional workloads.
• Dual-region: Two specific regions. Higher availability; automatic geo-redundancy.
• Multi-region (US, EU, ASIA): Highest availability and geo-redundancy. Highest cost.

Storage Classes:

Key Features:

• Object Versioning: Maintains previous versions of overwritten/deleted objects. Combine with lifecycle rules to retain only N versions or delete versions older than X days.
• Object Lifecycle Management: Define rules to automatically delete objects, change storage class (e.g., Standard → Nearline after 30 days), or remove non-current versions based on age, count, or storage class conditions.
• Signed URLs: Generate time-limited (up to 7 days) URLs granting access to specific objects without requiring a Google account. Generated using a service account's signing key.
• Pub/Sub Notifications: Trigger Pub/Sub messages on object create/delete/metadata-update events — enables event-driven data processing pipelines.
• Uniform Bucket-Level Access: Disables per-object ACLs and enforces IAM-only access on all objects. Recommended for all new buckets for consistent, auditable access control.

Access Control:

• IAM: Storage Admin, Storage Object Viewer, Storage Object Creator — applied at bucket or project level.
• Service Account with Workload Identity: On GCP, bind a Kubernetes service account or GCE service account to a GCS IAM role — no key files required.
• HMAC Keys: S3-compatible access keys for migrating S3-based tooling to GCS without code changes.

Practice Linked Questions