Skip to content

CLI

CLI Cheatsheet

The gcloud cheat sheet is available as a one-page sheet and a command itself (gcloud cheat-sheet):

Basics

Command Notes
gcloud init Initialize gcloud
gcloud auth list Lists credentialed accounts
gcloud auth login
gcloud config set project <NAME>
gcloud auth application-default login
Obtains user access credentials via a web flow and puts them in the well-known location for Application Default Credentials (ADC)
gcloud config set account ACCOUNT GCP user account to use for invocation
gcloud auth activate-service-account <email> --key-file=<filepath> Activate service account with key file
alpha cloud-shell ssh Cloudshell interactive
gcloud asset search-all-resources --asset-types='storage.googleapis.com/Bucket' --limit 2 Use Cloud Asset Inventory to search for all your resources globally

IAM

Command Notes
gcloud organizations list List organizations
gcloud organizations get-iam-policy <ORG ID> Enumerate policies within an Org
gcloud projects get-iam-policy <PROJECT ID> List roles assigned project-wide to all members
gcloud compute instances get-iam-policy <INSTANCE> --zone <ZONE> Show policy assigned to a single Compute Instance
gcloud projects get-iam-policy <PROJECT ID> --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:<ACCOUNT> Enumerate roles assigned to a service account project-wide
gcloud asset analyze-iam-policy --organization='$ID' --permissions="iam.serviceAccounts.actAs" --format="flattened(ACLs[0].resources[0].fullResourceName,policy.binding.members,policy.binding.role)" Which IAM members in the GCP Org can impersonate a service account
gcloud iam service-accounts get-iam-policy <name>@<project>.iam.gserviceaccount.com List bindings for a Service Account
gcloud projects add-iam-policy-binding <project> --member=serviceAccount:<name>@<project>.iam.gserviceaccount.com --role=roles/owner Add permissions to a Service Account
gcloud iam service-accounts keys list --iam-account [email protected] List all keys associated with a Service Account

GKE

Command Notes
gcloud container clusters list List clusters
gcloud container clusters get-credentials <cluster-name> Obtain credentials to interact with a GKE cluster

GCE

Command Notes
gcloud compute images list List image names

Logging

Command Notes
gcloud logging logs list List available logs
gcloud logging read <FOLDER> View logs for an item

Cloud Functions

Command Notes
gcloud functions list List cloud functions
gcloud functions describe <FUNCTION NAME> Obtain configuration for a cloud function
gcloud functions logs read <FUNCTION NAME> Show function logs

Buckets

Command Notes
gsutil ls List all storage buckets in project
gsutil ls -r gs://<BUCKET NAME>/ List contents of a specific bucket
gsutil cp gs://<BUCKET NAME>/ . Copy bucket locally

Databases

Command Notes
gcloud sql instances list List Cloud SQL instances
gcloud sql databases list --instance <INSTANCE>
gcloud spanner instances list List Cloud Spanner instances
gcloud spanner databases list --instance <INSTANCE>
gcloud bigtable instances list List Cloud Bigtable instances

Secrets Management

Command Notes
gcloud beta secrets list List entries
gcloud beta secrets versions access 1 --secret="<SECRET NAME>" Pull clear text secret

KMS

Command Notes
gcloud kms keyrings list --location global List the global keyrings available
gcloud kms keys list --keyring <KEYRING NAME> --location global List the keys inside a keyring
gcloud kms decrypt --ciphertext-file=<PATH> --plaintext-file=<PATH> --key <KEY> --keyring <KEYRING> --location global Decrypt a file using one of the keys

Pub/Sub

Command Notes
gcloud pubsub topics list List topics
gcloud pubsub subscriptions list --format=json List subscriptions across all topics