GCP Core Services Cheatsheet: Google Cloud Quick Reference
This page is a quick reference for Google Cloud Platform (GCP) services. It covers the services you will use most often in cloud engineering, data, and DevOps roles, organised by category.
Compute#
Compute Engine#
Google Cloud’s virtual machine service. Choose machine type, OS, disk, and network configuration. Billed per second with a 1-minute minimum.
Machine families
| Family | Purpose | Example types |
|---|---|---|
| N2 / N2D | General purpose, most workloads | n2-standard-4, n2d-standard-8 |
| C2 / C2D | Compute optimised, high-frequency CPU | c2-standard-4, c2d-standard-8 |
| M2 / M3 | Memory optimised, large in-memory workloads | m2-ultramem-208 |
| T2D / T2A | Scale-out, cost-efficient workloads | t2d-standard-1 |
| A2 / A3 | GPU-accelerated, ML training and inference | a2-highgpu-1g |
GKE (Google Kubernetes Engine)#
Managed Kubernetes service. Google manages the control plane; you manage worker nodes (or use Autopilot mode for fully managed nodes).
| Mode | Description |
|---|---|
| Standard | You manage node pools, sizing, and upgrades |
| Autopilot | Google manages nodes; you only define pods; billed per pod resource request |
Autopilot is the recommended default for most teams — it reduces operational overhead and enforces GKE best practices automatically.
Cloud Run#
Serverless container execution. Deploy any container that listens on an HTTP port. Scales to zero when there is no traffic. Scales up instantly under load. Billed per CPU and memory per 100ms of request processing. Ideal for stateless HTTP services, APIs, and event-driven workloads.
Cloud Functions#
Event-driven serverless functions. Write a function; attach it to a trigger (Pub/Sub message, HTTP request, Cloud Storage event, Firestore change, Eventarc event). Second-generation functions are built on Cloud Run infrastructure, giving them higher concurrency and longer timeouts (up to 60 minutes).
App Engine#
Fully managed application platform. Deploy web applications without configuring infrastructure.
| Environment | Description |
|---|---|
| Standard | Language-specific runtimes (Python, Java, Node, Go, PHP, Ruby); scales to zero; fast spin-up |
| Flexible | Custom runtimes via Docker containers; does not scale to zero; runs on managed VMs |
Batch#
Managed service for running batch jobs at scale. Define jobs with tasks; Batch provisions VMs, schedules tasks, and handles retries. Good for HPC, data processing pipelines, and ML training jobs.
Storage#
Cloud Storage#
Object storage service. Store objects in buckets. Accessed via HTTP API or gsutil / gcloud storage CLI. 11 nines of durability.
Storage classes
| Class | Use case | Minimum storage duration |
|---|---|---|
| Standard | Frequently accessed data | None |
| Nearline | Access less than once per month | 30 days |
| Coldline | Access less than once per quarter | 90 days |
| Archive | Rarely accessed long-term archives | 365 days |
Autoclass automatically moves objects between classes based on access patterns.
Persistent Disk#
Block storage for Compute Engine and GKE. Attached to VMs as persistent disks. Multiple VMs can read the same disk simultaneously (read-only); some disk types support read-write multi-attach.
Disk types
| Type | Characteristics |
|---|---|
| pd-standard | Standard spinning HDD, lowest cost |
| pd-balanced | Balanced SSD, good default for most workloads |
| pd-ssd | High-performance SSD, lower latency |
| pd-extreme | Highest IOPS and throughput, for demanding databases |
| Hyperdisk Extreme | Next-generation block storage with independently configurable IOPS and throughput |
Filestore#
Managed NFS file system. Mount across multiple Compute Engine VMs or GKE pods. Available in Basic, Enterprise, and High Scale tiers. Used for shared application storage, media rendering, and legacy NFS migrations.
Cloud Storage FUSE#
An open-source adapter that mounts Cloud Storage buckets as file systems on Linux and macOS. Useful for ML training jobs that need to read training data from GCS using standard file I/O.
Networking#
GCP networking has a distinct architecture compared to AWS. The VPC is global — a single VPC spans all regions. Subnets are regional.
Core Networking Components#
| Component | Purpose |
|---|---|
| VPC | Global virtual network; subnets are created per region |
| Subnets | Regional IP ranges within a VPC |
| Firewall Rules | Applied at the network level; use target tags or service accounts to target instances |
| Cloud Router | Enables dynamic routing (BGP) for VPN and Interconnect connections |
| Cloud NAT | Outbound internet access for VMs with no external IP; regional, managed |
| Cloud DNS | Managed authoritative DNS; private zones for internal resolution |
Load Balancing#
GCP load balancers are globally distributed — a single external L7 load balancer serves traffic from edge locations worldwide.
| Type | Layer | Scope |
|---|---|---|
| External Application Load Balancer | L7 (HTTP/HTTPS) | Global or regional |
| Internal Application Load Balancer | L7 | Regional |
| External Proxy Network Load Balancer | L4 (TCP/SSL) | Global or regional |
| Internal Passthrough Network Load Balancer | L4 (TCP/UDP) | Regional |
| External Passthrough Network Load Balancer | L4 (TCP/UDP) | Regional |
Connectivity#
| Service | Purpose |
|---|---|
| Cloud CDN | Edge caching integrated with External Application Load Balancer |
| Shared VPC | Share a VPC network across multiple GCP projects; centralised network management |
| VPC Network Peering | Connect two VPCs privately; non-transitive |
| Cloud VPN | Encrypted IPsec tunnel between GCP and on-premises or other clouds |
| Cloud Interconnect | Dedicated private connection to Google’s network (Partner or Dedicated) |
Database#
Cloud SQL#
Managed relational database service. Supports MySQL, PostgreSQL, and SQL Server. Handles backups, replication, failover, and patching. High availability uses a standby replica in a separate zone with automatic failover.
Cloud Spanner#
Globally distributed, strongly consistent relational database. Supports SQL (ANSI 2011 and PostgreSQL dialect). Scales horizontally while maintaining ACID transactions across regions and continents. Use for globally distributed applications that need relational semantics at scale.
Firestore#
Managed NoSQL document database. Stores data as documents within collections. Real-time listeners push updates to clients. Native mode is recommended; Datastore mode is for legacy migrations. Good for mobile apps, user profiles, and real-time applications.
Bigtable#
Wide-column NoSQL database. High throughput, low latency for large-scale data (time-series, IoT, financial data, ad serving). Not suitable for transactional workloads or complex queries. Used internally at Google for Search, Maps, and Gmail.
Memorystore#
Managed in-memory cache. Supports Redis and Valkey (the open-source Redis fork). Use to cache database results, session state, and leaderboards. Also supports Redis as a message broker.
AlloyDB#
PostgreSQL-compatible database built on Google infrastructure. Columnar cache, intelligent storage layer, and ML-powered query optimisation. Up to 4x faster than standard PostgreSQL for analytical queries, and comparable to Aurora for transactional workloads.
Data and Analytics#
| Service | Purpose |
|---|---|
| BigQuery | Serverless, columnar data warehouse. SQL queries over petabytes of data. Billed per TB scanned (or flat rate). Integrates with GCS, Pub/Sub, Dataflow, and Looker. |
| Dataflow | Fully managed stream and batch data processing. Based on Apache Beam. Auto-scales. Use for ETL pipelines, real-time analytics, and data transformation. |
| Pub/Sub | Asynchronous messaging service. Publishers send messages to topics; subscribers receive them. At-least-once delivery. Used to decouple services and ingest streaming data. |
| Dataproc | Managed Apache Hadoop and Spark. Spin up clusters in under 90 seconds. Use for existing Spark/Hadoop workloads or when you need direct cluster control. |
| Looker Studio | Browser-based BI and data visualisation tool. Connects to BigQuery, Google Sheets, and many other sources. Free to use. |
IAM and Security#
GCP IAM uses a resource hierarchy: Organisation → Folders → Projects → Resources. Permissions granted at a higher level are inherited downward.
| Concept | Description |
|---|---|
| Principal | Who is making the request: user, group, service account, or workload identity |
| Role | A named collection of permissions: Basic (Owner/Editor/Viewer), Predefined, or Custom |
| Policy | A binding of principals to roles on a resource |
| Service Account | A non-human identity for applications and VMs |
| Workload Identity | Federate external identities (GitHub Actions, on-prem) to GCP without a service account key |
Avoid service account keys — They are long-lived credentials that can be exfiltrated. Use Workload Identity Federation or the metadata server instead.
| Service | Purpose |
|---|---|
| Cloud KMS | Manage encryption keys; encrypt/decrypt data; supports CMEK for GCP services |
| Secret Manager | Store and access API keys, passwords, and certificates; supports versioning and rotation |
| Cloud Audit Logs | Admin Activity, Data Access, System Event, and Policy Denied logs |
| Security Command Center | Centralised security posture management; vulnerability findings, misconfiguration detection |
Serverless and Application Services#
| Service | Purpose |
|---|---|
| Cloud Run | Serverless containers (see Compute section above) |
| Cloud Functions | Event-driven functions (see Compute section above) |
| Eventarc | Unified event routing from GCP services, custom apps, and Pub/Sub to Cloud Run or Workflows |
| Cloud Tasks | Managed task queue; schedule and execute asynchronous tasks with retry logic |
| Cloud Scheduler | Managed cron jobs; trigger HTTP endpoints, Pub/Sub topics, or Cloud Functions on a schedule |
Monitoring and Observability#
| Service | Purpose |
|---|---|
| Cloud Monitoring | Collect and visualise metrics from GCP services and custom applications; create dashboards and alerting policies |
| Cloud Logging | Centralised log storage and querying; route logs to BigQuery, Cloud Storage, or Pub/Sub |
| Cloud Trace | Distributed tracing; automatically instruments App Engine, Cloud Run, and Cloud Functions |
| Cloud Profiler | Continuous CPU and memory profiling of production applications with low overhead |
| Error Reporting | Automatically aggregates and surfaces errors from Cloud Logging; alerts on new error types |
GCP Certification Path#
| Level | Certification |
|---|---|
| Foundational | Cloud Digital Leader |
| Associate | Associate Cloud Engineer |
| Professional | Professional Cloud Architect, Professional Data Engineer, Professional DevOps Engineer, Professional Security Engineer, Professional Network Engineer, Professional Cloud Developer |
For most engineers entering GCP roles, Associate Cloud Engineer is the recommended entry point after Cloud Digital Leader.