gsutil is the command line tool for Cloud Storage. The Associate Cloud Engineer exam tests a handful of specific gsutil commands, and you should be able to look at one and immediately know what it does. This article covers the commands that show up most often, what each one does, and the kinds of scenarios where you would use it.
It does not cover every gsutil flag or every edge case. The Google docs are exhaustive if you ever need them. The goal here is the working subset that the Associate Cloud Engineer exam tests and that you actually use in practice.
Google has been moving Cloud Storage commands from gsutil into gcloud storage. Both tools work, and the Associate Cloud Engineer exam can test either. The patterns are nearly identical. If you know gsutil cp, you know gcloud storage cp. I will use gsutil here because that is what most exam questions still use, but mentally substitute when you see gcloud storage in a question.
This is the most common command. It copies files between your local machine and a bucket, between two buckets, or within the same bucket.
# Upload a file from local to a bucket
gsutil cp myfile.txt gs://my-bucket/
# Download a file from a bucket to local
gsutil cp gs://my-bucket/myfile.txt .
# Copy from one bucket to another
gsutil cp gs://source-bucket/file.txt gs://dest-bucket/
# Copy a whole directory recursively
gsutil cp -r ./local-dir gs://my-bucket/The -r flag for recursive copy is the one to remember. Without it, copying a directory does not work.
Where cp copies, rsync syncs. It compares the source and destination and only transfers what has changed. This is the right command when you have an ongoing job that pushes a directory of files to a bucket and you do not want to re-upload everything every time.
# Sync a local directory to a bucket
gsutil rsync -r ./local-dir gs://my-bucket/dir
# Sync between two buckets
gsutil rsync -r gs://source-bucket gs://dest-bucket
# Delete files in destination that are not in source
gsutil rsync -r -d ./local-dir gs://my-bucket/dirThe -d flag is important. By default, rsync only adds and updates. With -d, it also deletes files at the destination that do not exist at the source, which makes the destination a true mirror.
If a question describes "keep a bucket synchronized with a source directory," rsync is the answer. cp does not do that.
# List all buckets in the current project
gsutil ls
# List the contents of a specific bucket
gsutil ls gs://my-bucket
# List recursively, including subdirectories
gsutil ls -r gs://my-bucket/**
# Long listing with size, last modified, etc.
gsutil ls -l gs://my-bucketThis one is straightforward. gsutil ls with no arguments lists buckets. With a bucket name, it lists objects.
# Create a bucket
gsutil mb gs://new-bucket
# Create a bucket in a specific region with a storage class
gsutil mb -l us-central1 -c standard gs://new-bucket
# Remove an empty bucket
gsutil rb gs://old-bucketmb stands for "make bucket." rb is "remove bucket." A bucket has to be empty before you can remove it. If it is not, you need to delete the objects first.
# Delete a single object
gsutil rm gs://my-bucket/file.txt
# Delete all objects in a bucket
gsutil rm gs://my-bucket/**
# Delete a bucket and everything in it
gsutil rm -r gs://my-bucketThe -r flag is the same idea as cp. It makes the operation recursive.
# See who has access to a bucket
gsutil iam get gs://my-bucket
# Add a role binding
gsutil iam ch user:alice@example.com:objectViewer gs://my-bucketThe Associate Cloud Engineer exam can ask how to inspect or modify bucket-level IAM, and gsutil iam is one of the ways. The other is gcloud storage buckets get-iam-policy and gcloud storage buckets add-iam-policy-binding.
# Turn on object versioning for a bucket
gsutil versioning set on gs://my-bucket
# Turn it off
gsutil versioning set off gs://my-bucketThis one shows up specifically on the Associate Cloud Engineer exam, so be ready to recognize it. With versioning on, replacing or deleting an object keeps the old version as a noncurrent object instead of losing it.
If you see "copy files," think cp. If you see "keep things synchronized," think rsync. If you see "delete a directory of files," think rm with -r. If you see "list bucket contents," think ls. If you see "enable versioning," think gsutil versioning set on.
The exam usually does not test obscure flags. It tests whether you can recognize the right command for a described task. The trickiest distinction is cp vs rsync, and the way to remember it is that cp transfers everything every time and rsync only transfers what changed.
cp, rsync, ls, mb, rb, rm, iam, and versioning. That is the working set for the Associate Cloud Engineer exam. Know what each one does and which scenarios point to it. Most gsutil questions on the exam come down to picking the right verb.
My Associate Cloud Engineer course covers gsutil alongside the rest of the Cloud Storage section, including storage classes, lifecycle rules, and the IAM patterns the exam tests.
