1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Getting Started with Google Compute Engine

Going CLI with gcloud compute


Provisioning your first GCE instance
Start course

Google Compute Engine is the cornerstone of the Google Cloud Platform. It is an IaaS (Infrastructure as a Service) environment - powered by KVM hypervisors - that allows you to create instances based on default images and custom snapshots, with complete control over network traffic.

This course, crafted by our expert Linux System Administrator David Clinton, will help you get started with Google Compute Engine, either through Google's browser console or their command line interface. By the end of this course you will have everything it takes to master the efficient and effective use of GCE.

Who should take this course

As a beginner-level course, you don't need experience with Google Cloud Platform to benefit from this tutorial. Some basic knowledge of the Linux CLI interface and TCP/IP stack might help you better understand the Networking and the CLI lectures though.

If you need a high-level introduction to the cloud, check out the Introduction to Cloud Computing course. We also have an Introduction to Google Cloud Platform course to offer you broader overview of the whole family of Google services.

If, after going through this course, you'd like to test your knowledge of Google Compute Engine and improve your CloudRank, we've got Quizzes that should serve as a perfect followup.



Hi, and welcome to CloudAcademy.com's video series on getting started with Google Compute Engine. In this video, we'll explore Google's gcloud SDK. This is a package you download to your own local system that will allow you to access and completely manage your Google Cloud project from any internet-connected terminal session.

How to install gcloud

Let's make sure that we have Python installed on this computer already. Type which Python and Python is in fact installed. We'll also install a package called curl, which we're going to use to download the SDK from the Google website. Now we can use curl actually to download the package and then we'll pipe that to bash to run the script. Into which directory would we like to extract this package, the default is fine for us. We have no problem helping improve the Google Cloud SDK. Therefore we'll allow some anonymized data to be shared. We have no particular app engine we're interested in working with right now, so for now we'll just set four which is the default.

We do want to update the RC file to allow Google Cloud to be accessed from the environment, and we do want to modify the path and the profile to allow bash completion and we're done. And the Google Cloud or the Gcloud package should now be running. We'll first though need to authorize or log into the system. Google gives us a URL that is a very long URL, which we're going to copy. We'll select and use Shift+Control+C to copy it. We'll paste it into the URL box of a browser and that will provide us with a verification code. We agreed to allow access to our projects from this location. We paste the verification code and we're now in, but we're not really able to do anything useful just yet. Let me first have to select a particular project. Our project is known as, in other words, this project ID is future-graph-718. In fact, I gave it the name exploration when I created it, but that won't work to set the project in Gcloud or using great many other Google services. You have to refer to it either by its project ID or its project number.

Create a new instance with gcloud

Let's start by creating a Google instance. We'll use Gcloud to tell Ubuntu, in this case, that we want to use a Gcloud package. We'll tell it "Compute" to tell Google that we're interested in accessing and manipulating the GCE, the Google Compute Engine. We'll tell it that we're talking about instances. That's the particular subset of Google Compute that we're going to work with right now. We're creating a brand new instance that will be called test-instance1. The image we'll use "--image" tells us that the next words will be the actual image we're using. It will be debian-7 and its zone will be us-central1-a. By default since we haven't specified otherwise, we'll be given the default firewall. It seems to exist.

Let's now run gcloud compute instances list, which will list all the instances currently running in our project. There are three. One is called instance1, one is called instance2, and our new instance, test-instance1, which was in us-central1-a. It has an internal IP address at and an external IP address that, if it was a web server, you could access let's say using a browser of and it is running. If you want to know more about this instance now that we know its name, we could run Gcloud compute instances describe test-instance1 and its zone. And that will return for us all the important data associated with the instance. We're not going to go through all that now, but you know now how to access it.

Create a new Firewall rule with gcloud

Let's create a new firewall rule. Because we're not going to specify which firewall we're talking about, it will be added to the default firewall and that happens to be the one that is used for our own instance. So gcloud compute firewall-rules. This tells gcloud that we're in GCE in the compute section of their services, and we want to do something connected to firewall rules. Create, we'll create a new firewall rule called allow HTTPS. That's secure HTTP. Its description which we're adding although I don't believe it's absolutely necessary but is incoming HTTPS allowed. And the actual rule will be TCP.

Any traffic coming using the protocol TCP, which is pointed at port 443, will be allowed. It seems to have worked. Have we wanted to deny traffic using 443 or some other port instead of "--allow", we would have typed "--deny". You will of course consult the syntax guides that Google makes available for all the details of all the operations that are possible related to firewall rules and other services or configuration that you'd like to work with. Let's now view all of our firewalls and all the firewall rules by asking compute firewall-rules list. We see that there is a firewall rule called allow-https. That's the one we've just created. It's part of the default network. It will accept any traffic from anywhere in the internet and that is traffic that is coming on using the TCP protocol on port 443.

How to access and delete your instance 

Let's now log into our new instance. Remember we are on a shell in our local computer. We'd like to log in using SSH onto the instance we've just created on the cloud. Yes, we're fine adding this key and we don't need to include a passphrase. We'll enter the same one again which is nothing. We'll wait for the key to generate and we seem to be in. How do we know? Because the prompt now has changed from what it had been before, I believe, was Ubuntu to test-instance1.

We'll exit our SSH shell and we'll demonstrate how to delete an instance the one we've just created which has no other purpose besides this demonstration. So Gcloud compute instances delete test-instance1 --zone with the us-central1-a. Be very sure that this is the instance we want to destroy and hit enter. We do want to continue one last chance to change our minds and we're done.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.