Skip to main content

Cloud Storage


Cloud Storage stores objects in buckets.
There are several differences between Cloud Storage and a file system.
1. A file system has a hierarchical structure. Cloud Storage is unstructured. It is a flat system of buckets (not directories) that cannot be nested.
2. An object name may consist of up to 222 characters. A valid character in an object name include '/' (forward slash). Using this character in object names can simulate some of the hierarchical structure of a file system, even though the slash is not a functionally significant entity.
3. Objects are replicated and distributed for availability. However, there is no distributed equivalent of a file lock. Therefore, the last entity to write to an object "wins." If you use Cloud Storage in a distributed application, the application is responsible for locking and serialization of access.
4. Cloud Storage treats objects as an unstructured series of bytes.




Multi-Regional = Data is stored redundantly in multiple locations

Regional is typically lower cost than Multi-Regional. When you select Regional, you must choose a location.

Nearline and Coldline storage incur an "early deletion" charge of the minimum number of days, if an object is deleted before that time.

Regional and Multi-Regional storage classes typically return the first byte in less than a second (and often in tens of milliseconds). Nearline and Coldline storage may take seconds before the first byte is retrieved.

gsutil command to create bucket
gsutil mb [-b <on|off>] [-c class] [-l location] [-p proj_id]
          [--retention time] url...
Example:
gsutil mb -c nearline gs://some-bucket

You can specify one of the available locations for a bucket with the -l option.
Examples:

gsutil mb -l asia gs://some-bucket

gsutil mb -c standard -l us-east1 gs://some-bucket

Bucket Name requirements:
● globally unique
● lowercase, #s, -, . (3-63 chars)
● URI = DNS CNAME
● Access control
○ ACL
○ Signed access
● Encryption at rest
● No minimum size; unlimited storage
● Pay for use
● 99.999999999% durability
● Low latency (time to first byte is typically tens of milliseconds)
● API access

The dot "." is also a valid character in a bucket name. It can be used to create domain-named buckets, such as mybucket.example.com. However, there is a verification process required to prove that you are the owner of the domain before this kind of bucket can be created. Max URI bucket name is 222 characters, with max 63 characters between dots.

Retention Policy
You can specify retention period in one of the following formats:
--retention <number>s
Specifies retention period of <number> seconds for objects in this bucket.
--retention <number>d
Specifies retention period of <number> days for objects in this bucket.
--retention <number>m
Specifies retention period of <number> months for objects in this bucket.
--retention <number>y
Specifies retention period of <number> years for objects in this bucket.
Examples:
gsutil mb --retention 1y gs://some-bucket
gsutil mb --retention 36m gs://some-bucket

If you don't specify a --retention option, the bucket is created with no retention policy.

Bucket Policy Only
You can specify one of the available settings for a bucket with the -b option.
Examples:
gsutil mb -b off gs://bucket-with-acls
gsutil mb -b on gs://bucket-with-no-acls

Change the default Storage Class
·         You can change the default storage class of a bucket.
·         The default class is applied to objects as they are created in the bucket.
·         The change only affects new objects added after the change.
·         A Regional bucket can never be changed to Multi-Regional.
·         A Multi-Regional bucket can never be changed to Regional.
·         Objects can be moved from one bucket to another bucket with the same storage class from the GCP Console; however moving objects to buckets of different storageclasses requires using the gsutil command from CloudShell

Comments

Post a Comment

Popular posts from this blog

Container and Container Orchestration

What is container? Container contain application code and dependencies into single Unit. So, what is Container orchestration? Container orchestration is about to managing life cycle of container. Container orchestration to control and automate task: Provisioning and deployment of container Scaling up and removing container as per application load Allocation the resource between Container Health check of container Kubernetes open Source is the example of Container Orchestration
Post a Comment
Read more

Cloud Storage and Cloud IAM or ACLs or Signed URLs

Cloud Storage offers layers of increasingly granular access control. For most purposes, Cloud IAM is sufficient, and roles are inherited from project to bucket to object. Access control lists (ACL) offer finer control. And for detailed control, signed URLs provide a cryptographic key that gives time-limited access to a bucket or object. A signed policy document further refines the control by determining what kind of file can be uploaded by someone with a signed URL Cloud IAM Works with Cloud Storage just as with using Cloud IAM with any other resource. Project Owners are automatically granted Bucket Owner role for all buckets in the project. Note that ACLs and Cloud IAM are independent, so Project-level Cloud IAM permissions will not appear in bucket or object ACLs. Signed URLs A signed URL gives you the ability to grant access to a bucket without Cloud IAM user authentication for a limited period of time. e.g., when you don’t want to require users to have Goog...
2 comments
Read more

Service Accounts

What if you want to give permissions to a Compute Engine virtual machine rather than to a person? That’s what service accounts are for. For instance, maybe you have an application running in a virtual machine that needs to store data in Google Cloud Storage. But you don’t want to let just anyone on the Internet have access to that data; only that virtual machine. So you’d create a service account to authenticate your VM to Cloud Storage. Service accounts are named with an email address, but instead of passwords they use cryptographic keys to access resources. Service Accounts control server-to-server interactions: Provide an identity for carrying out server-to-server interactions in a project Used to authenticate from one service to another Used to control privileges used by resources                 So that applications can perform actions on behalf of authenticated end users Identified with an ...
Post a Comment
Read more