GCP Deployment Guide
AWS-Style Interface for GCP Cloud Functions & API Gateway
Initial Setup
Basic Authentication & Project Setup
# Authenticate with GCP
gcloud auth login
# List all projects
gcloud projects list
# Set the active project
gcloud config set project PROJECT_ID
gcloud auth login
# List all projects
gcloud projects list
# Set the active project
gcloud config set project PROJECT_ID
# Set environment variables for easier reference
export PROJECT_ID="your-project-id"
export REGION="us-central1"
# Verify variables are set
echo "Project ID: $PROJECT_ID"
echo "Region: $REGION"
export PROJECT_ID="your-project-id"
export REGION="us-central1"
# Verify variables are set
echo "Project ID: $PROJECT_ID"
echo "Region: $REGION"
Enable Required Services
Basic Enable GCP Services
# Enable all required services
gcloud services enable cloudfunctions.googleapis.com \
run.googleapis.com \
cloudbuild.googleapis.com \
artifactregistry.googleapis.com \
apigateway.googleapis.com \
servicemanagement.googleapis.com \
servicecontrol.googleapis.com \
logging.googleapis.com \
--project=$PROJECT_ID
gcloud services enable cloudfunctions.googleapis.com \
run.googleapis.com \
cloudbuild.googleapis.com \
artifactregistry.googleapis.com \
apigateway.googleapis.com \
servicemanagement.googleapis.com \
servicecontrol.googleapis.com \
logging.googleapis.com \
--project=$PROJECT_ID
Tip: You can check which services are already enabled with:
gcloud services list --enabled --project=$PROJECT_ID
IAM Roles for Developers
Intermediate Required IAM Roles
# List of roles needed for Cloud Functions and API Gateway development:
# roles/apigateway.admin
# roles/cloudfunctions.admin
# roles/cloudfunctions.invoker
# roles/iam.serviceAccountUser
# roles/serviceusage.serviceUsageViewer
# roles/serviceusage.serviceUsageConsumer
# roles/logging.viewer
# roles/monitoring.viewer
# roles/serviceusage.serviceUsageAdmin
# roles/apigateway.admin
# roles/cloudfunctions.admin
# roles/cloudfunctions.invoker
# roles/iam.serviceAccountUser
# roles/serviceusage.serviceUsageViewer
# roles/serviceusage.serviceUsageConsumer
# roles/logging.viewer
# roles/monitoring.viewer
# roles/serviceusage.serviceUsageAdmin
# Grant a user the necessary roles
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="user:user@example.com" \
--role="roles/cloudfunctions.admin"
# Repeat for other required roles
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member="user:user@example.com" \
--role="roles/cloudfunctions.admin"
# Repeat for other required roles
Deploy Cloud Functions
Intermediate Deploy Cloud Functions
# Deploy a public HTTP function (no authentication)
gcloud functions deploy getHelloWorld \
--gen2 \
--runtime nodejs20 \
--trigger-http \
--region $REGION \
--allow-unauthenticated \
--source="./functions/getHelloWorld" \
--entry-point="getHelloWorld" \
--project="$PROJECT_ID"
gcloud functions deploy getHelloWorld \
--gen2 \
--runtime nodejs20 \
--trigger-http \
--region $REGION \
--allow-unauthenticated \
--source="./functions/getHelloWorld" \
--entry-point="getHelloWorld" \
--project="$PROJECT_ID"
# Deploy a private HTTP function (requires authentication)
gcloud functions deploy getUserData \
--gen2 \
--runtime nodejs20 \
--trigger-http \
--region $REGION \
--no-allow-unauthenticated \
--source="./functions/getUserData" \
--entry-point="getUserData" \
--project="$PROJECT_ID"
gcloud functions deploy getUserData \
--gen2 \
--runtime nodejs20 \
--trigger-http \
--region $REGION \
--no-allow-unauthenticated \
--source="./functions/getUserData" \
--entry-point="getUserData" \
--project="$PROJECT_ID"
Note: After deployment, you'll get URLs like:
https://$REGION-$PROJECT_ID.cloudfunctions.net/getHelloWorldhttps://$REGION-$PROJECT_ID.cloudfunctions.net/getUserData
Deploy API Gateway
Advanced API Gateway Deployment
# Set environment variables for API Gateway
export PROJECT_ID="your-project-id"
export REGION="us-central1"
export GATEWAY_NAME="user-check-gateway"
export API_NAME="user-check-api"
export API_CONFIG="user-check-config"
export API_YAML="api-gateway.yaml"
export PROJECT_ID="your-project-id"
export REGION="us-central1"
export GATEWAY_NAME="user-check-gateway"
export API_NAME="user-check-api"
export API_CONFIG="user-check-config"
export API_YAML="api-gateway.yaml"
# Step 1: Create the API
gcloud api-gateway apis create "$API_NAME" --project="$PROJECT_ID"
# Step 2: Create API config (requires YAML file)
gcloud api-gateway api-configs create "$API_CONFIG" \
--api="$API_NAME" \
--openapi-spec="$API_YAML" \
--project="$PROJECT_ID"
# Step 3: Create the gateway
gcloud api-gateway gateways create "$GATEWAY_NAME" \
--api="$API_NAME" \
--api-config="$API_CONFIG" \
--location="$REGION" \
--project="$PROJECT_ID"
gcloud api-gateway apis create "$API_NAME" --project="$PROJECT_ID"
# Step 2: Create API config (requires YAML file)
gcloud api-gateway api-configs create "$API_CONFIG" \
--api="$API_NAME" \
--openapi-spec="$API_YAML" \
--project="$PROJECT_ID"
# Step 3: Create the gateway
gcloud api-gateway gateways create "$GATEWAY_NAME" \
--api="$API_NAME" \
--api-config="$API_CONFIG" \
--location="$REGION" \
--project="$PROJECT_ID"
# Get the Gateway URL
export GATEWAY_URL=$(gcloud api-gateway gateways describe "$GATEWAY_NAME" \
--location="$REGION" --project="$PROJECT_ID" \
--format="value(defaultHostname)")
echo "API Gateway is live at: https://$GATEWAY_URL"
export GATEWAY_URL=$(gcloud api-gateway gateways describe "$GATEWAY_NAME" \
--location="$REGION" --project="$PROJECT_ID" \
--format="value(defaultHostname)")
echo "API Gateway is live at: https://$GATEWAY_URL"
API Keys Management
Intermediate API Keys
# Check if API key already exists
EXISTING_API_KEY_NAME=$(gcloud alpha services api-keys list \
--filter='displayName="helloWorld API Key"' \
--format="value(name)" | tail -n 1)
if [ -z "$EXISTING_API_KEY_NAME" ]; then
echo "Creating new API Key..."
# Create API Key
gcloud alpha services api-keys create \
--display-name="helloWorld API Key" \
--format="value(name)"
sleep 10
else
echo "Reusing existing API Key: $EXISTING_API_KEY_NAME"
fi
# Get the API key value
API_KEY=$(gcloud alpha services api-keys get-key-string "$EXISTING_API_KEY_NAME" \
--format="get(keyString)" 2>/dev/null)
echo "API Key: $API_KEY"
EXISTING_API_KEY_NAME=$(gcloud alpha services api-keys list \
--filter='displayName="helloWorld API Key"' \
--format="value(name)" | tail -n 1)
if [ -z "$EXISTING_API_KEY_NAME" ]; then
echo "Creating new API Key..."
# Create API Key
gcloud alpha services api-keys create \
--display-name="helloWorld API Key" \
--format="value(name)"
sleep 10
else
echo "Reusing existing API Key: $EXISTING_API_KEY_NAME"
fi
# Get the API key value
API_KEY=$(gcloud alpha services api-keys get-key-string "$EXISTING_API_KEY_NAME" \
--format="get(keyString)" 2>/dev/null)
echo "API Key: $API_KEY"
# Enable the gateway service for API key authentication
# First, get the managed service name
MANAGED_SERVICE=$(gcloud api-gateway apis describe "$API_NAME" \
--project="$PROJECT_ID" --format="value(managedService)")
# Enable the service
gcloud services enable "$MANAGED_SERVICE" --project="$PROJECT_ID"
# First, get the managed service name
MANAGED_SERVICE=$(gcloud api-gateway apis describe "$API_NAME" \
--project="$PROJECT_ID" --format="value(managedService)")
# Enable the service
gcloud services enable "$MANAGED_SERVICE" --project="$PROJECT_ID"
Testing the Deployment
Basic Test Endpoints
# Test public endpoint (no API key needed)
curl -X GET "https://$GATEWAY_URL/get-hello"
# Test secure endpoint (API key required)
curl -X GET "https://$GATEWAY_URL/get-user-data" \
-H "x-api-key: $API_KEY"
# Test POST endpoint
curl -X POST "https://$GATEWAY_URL/post-submit-data" \
-H "Content-Type: application/json" \
-d '{"name": "John", "email": "john@example.com"}'
curl -X GET "https://$GATEWAY_URL/get-hello"
# Test secure endpoint (API key required)
curl -X GET "https://$GATEWAY_URL/get-user-data" \
-H "x-api-key: $API_KEY"
# Test POST endpoint
curl -X POST "https://$GATEWAY_URL/post-submit-data" \
-H "Content-Type: application/json" \
-d '{"name": "John", "email": "john@example.com"}'
Update & Versioning
Advanced Update API Gateway
# Create a new API config version
NEW_API_CONFIG="user-check-gateway-config-v2"
gcloud api-gateway api-configs create "$NEW_API_CONFIG" \
--api="$API_NAME" \
--openapi-spec="$API_YAML" \
--project="$PROJECT_ID"
# Update the gateway to use the new config
gcloud api-gateway gateways update "$GATEWAY_NAME" \
--api="$API_NAME" \
--api-config="$NEW_API_CONFIG" \
--location="$REGION" \
--project="$PROJECT_ID"
NEW_API_CONFIG="user-check-gateway-config-v2"
gcloud api-gateway api-configs create "$NEW_API_CONFIG" \
--api="$API_NAME" \
--openapi-spec="$API_YAML" \
--project="$PROJECT_ID"
# Update the gateway to use the new config
gcloud api-gateway gateways update "$GATEWAY_NAME" \
--api="$API_NAME" \
--api-config="$NEW_API_CONFIG" \
--location="$REGION" \
--project="$PROJECT_ID"
# Rollback to previous version if needed
gcloud api-gateway gateways update "$GATEWAY_NAME" \
--api-config="previous-config-name" \
--location="$REGION" \
--project="$PROJECT_ID"
gcloud api-gateway gateways update "$GATEWAY_NAME" \
--api-config="previous-config-name" \
--location="$REGION" \
--project="$PROJECT_ID"
Delete Resources
Intermediate Cleanup Resources
# Delete Cloud Function
gcloud functions delete FUNCTION_NAME \
--region=$REGION \
--project=$PROJECT_ID
gcloud functions delete FUNCTION_NAME \
--region=$REGION \
--project=$PROJECT_ID
# Delete API Gateway and related resources
gcloud api-gateway gateways delete "$GATEWAY_NAME" \
--location="$REGION" \
--project="$PROJECT_ID"
gcloud api-gateway api-configs delete "$API_CONFIG" \
--api="$API_NAME" \
--project="$PROJECT_ID"
gcloud api-gateway apis delete "$API_NAME" \
--project="$PROJECT_ID"
gcloud api-gateway gateways delete "$GATEWAY_NAME" \
--location="$REGION" \
--project="$PROJECT_ID"
gcloud api-gateway api-configs delete "$API_CONFIG" \
--api="$API_NAME" \
--project="$PROJECT_ID"
gcloud api-gateway apis delete "$API_NAME" \
--project="$PROJECT_ID"
# Delete API Key
gcloud alpha services api-keys delete "API_KEY_NAME"
gcloud alpha services api-keys delete "API_KEY_NAME"
Troubleshooting
Advanced Common Issues & Solutions
# Check API Gateway status
gcloud api-gateway gateways describe "$GATEWAY_NAME" \
--location="$REGION" \
--project="$PROJECT_ID"
# Check API configs
gcloud api-gateway api-configs list \
--api="$API_NAME" \
--project="$PROJECT_ID"
# Check Cloud Function logs
gcloud functions logs read FUNCTION_NAME \
--region=$REGION \
--project=$PROJECT_ID
gcloud api-gateway gateways describe "$GATEWAY_NAME" \
--location="$REGION" \
--project="$PROJECT_ID"
# Check API configs
gcloud api-gateway api-configs list \
--api="$API_NAME" \
--project="$PROJECT_ID"
# Check Cloud Function logs
gcloud functions logs read FUNCTION_NAME \
--region=$REGION \
--project=$PROJECT_ID
Common Issues:
- API Gateway returns 404: Check if the managed service is enabled
- Authentication errors: Verify API key is correctly configured and restricted
- CORS issues: Configure CORS in your Cloud Function code
- Permission errors: Verify IAM roles are properly assigned
Pro Tips
- Always use the
--dry-runflag when available to test commands without making changes - Use environment variables to avoid repetition and mistakes
- Enable detailed logging for debugging complex issues
- Regularly clean up unused resources to avoid unnecessary costs
- Use version control for your API Gateway configuration files