Skip to main content
While AWS is my primary cloud platform, a good portion of consulting and cross-team work involves GCP and Azure environments. These notes are a practitioner-level reference — enough to get oriented, run essential CLI commands, and map familiar AWS concepts to their GCP and Azure equivalents without having to dig through full documentation every time.

Authentication Setup

Getting auth right is always the first step on a new machine or project.
1

Install the Google Cloud SDK

# macOS via Homebrew
brew install --cask google-cloud-sdk

# Linux (interactive installer)
curl https://sdk.cloud.google.com | bash
exec -l $SHELL
2

Authenticate interactively

# Opens a browser for OAuth2 login
gcloud auth login

# Verify active account
gcloud auth list
3

Set default project and region

gcloud config set project my-project-id
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a

# View full config
gcloud config list
4

Application Default Credentials (for local dev)

# Sets credentials used by SDKs and Terraform google provider
gcloud auth application-default login

# Or point to a service account key file
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/sa-key.json"
5

Authenticate as a service account (CI/CD)

gcloud auth activate-service-account \
  --key-file=/path/to/sa-key.json

# Or use Workload Identity Federation (keyless, preferred)
# Configure in IAM → Workload Identity Pools
Prefer Workload Identity Federation over service account key files for CI/CD pipelines. It eliminates long-lived credentials and works with GitHub Actions, GitLab CI, and other OIDC-capable providers.

GCP — Key Services and CLI

# List all VM instances across all zones
gcloud compute instances list

# Create a VM
gcloud compute instances create web-server-01 \
  --machine-type=e2-medium \
  --image-family=debian-12 \
  --image-project=debian-cloud \
  --zone=us-central1-a \
  --tags=http-server,https-server

# SSH into a VM (uses OS Login or project metadata SSH keys)
gcloud compute ssh web-server-01 --zone=us-central1-a

# Stop / start / delete
gcloud compute instances stop web-server-01 --zone=us-central1-a
gcloud compute instances start web-server-01 --zone=us-central1-a
gcloud compute instances delete web-server-01 --zone=us-central1-a

# Create a snapshot of a disk
gcloud compute disks snapshot web-server-01 \
  --snapshot-names=web-server-snap-$(date +%Y%m%d) \
  --zone=us-central1-a

# List buckets
gsutil ls
# or
gcloud storage buckets list

# Create a bucket
gsutil mb -p my-project-id -l us-central1 gs://my-bucket-name

# Copy files
gsutil cp ./file.txt gs://my-bucket-name/
gsutil cp gs://my-bucket-name/file.txt .

# Sync directory
gsutil -m rsync -r ./dist gs://my-static-site

# Make a single object public
gsutil acl ch -u AllUsers:R gs://my-bucket-name/public-file.html

# List objects with sizes
gsutil ls -lh gs://my-bucket-name/

# Set lifecycle policy (JSON file)
gsutil lifecycle set lifecycle.json gs://my-bucket-name
lifecycle.json
{
  "rule": [
    {
      "action": {"type": "SetStorageClass", "storageClass": "NEARLINE"},
      "condition": {"age": 30}
    },
    {
      "action": {"type": "Delete"},
      "condition": {"age": 365}
    }
  ]
}

# List clusters
gcloud container clusters list

# Create a cluster (Autopilot — recommended for most use cases)
gcloud container clusters create-auto my-cluster \
  --region=us-central1

# Create a Standard cluster
gcloud container clusters create my-cluster \
  --num-nodes=3 \
  --machine-type=e2-standard-2 \
  --region=us-central1

# Get credentials (populates ~/.kube/config)
gcloud container clusters get-credentials my-cluster \
  --region=us-central1

# Upgrade the control plane
gcloud container clusters upgrade my-cluster \
  --master --cluster-version=1.29 \
  --region=us-central1

# Resize a node pool
gcloud container clusters resize my-cluster \
  --node-pool=default-pool \
  --num-nodes=5 \
  --region=us-central1

# Deploy a Cloud Function (Gen 2, HTTP trigger)
gcloud functions deploy my-function \
  --gen2 \
  --runtime=python311 \
  --region=us-central1 \
  --source=. \
  --entry-point=handle_request \
  --trigger-http \
  --allow-unauthenticated

# Deploy with a Pub/Sub trigger
gcloud functions deploy process-message \
  --gen2 \
  --runtime=nodejs20 \
  --region=us-central1 \
  --source=. \
  --entry-point=processMessage \
  --trigger-topic=my-topic

# List functions
gcloud functions list --region=us-central1

# View logs
gcloud functions logs read my-function \
  --region=us-central1 --limit=50

# Delete a function
gcloud functions delete my-function --region=us-central1

Azure — Key Services and CLI

# List all VMs
az vm list --output table

# Create a VM
az vm create \
  --resource-group my-rg \
  --name web-server-01 \
  --image Ubuntu2204 \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --tags Env=prod Owner=platform-team

# Open port 80
az vm open-port --port 80 \
  --resource-group my-rg --name web-server-01

# Start / stop / deallocate (stop billing for compute)
az vm start  --resource-group my-rg --name web-server-01
az vm stop   --resource-group my-rg --name web-server-01
az vm deallocate --resource-group my-rg --name web-server-01

# SSH using native SSH (az CLI ≥ 2.47)
az ssh vm --resource-group my-rg --name web-server-01

# Create a storage account
az storage account create \
  --name mystorageaccount \
  --resource-group my-rg \
  --location eastus \
  --sku Standard_LRS

# Get connection string
az storage account show-connection-string \
  --name mystorageaccount \
  --resource-group my-rg \
  --output tsv

# Create a container (like an S3 bucket "folder")
az storage container create \
  --name my-container \
  --account-name mystorageaccount

# Upload a file
az storage blob upload \
  --account-name mystorageaccount \
  --container-name my-container \
  --name report.pdf \
  --file ./report.pdf

# List blobs
az storage blob list \
  --account-name mystorageaccount \
  --container-name my-container \
  --output table

# Generate a SAS token (1-hour expiry)
az storage blob generate-sas \
  --account-name mystorageaccount \
  --container-name my-container \
  --name report.pdf \
  --permissions r \
  --expiry $(date -u -d '1 hour' +%Y-%m-%dT%H:%MZ)

# List clusters
az aks list --output table

# Create a cluster
az aks create \
  --resource-group my-rg \
  --name my-aks-cluster \
  --node-count 3 \
  --node-vm-size Standard_D2s_v3 \
  --enable-managed-identity \
  --generate-ssh-keys

# Get credentials (merges into ~/.kube/config)
az aks get-credentials \
  --resource-group my-rg \
  --name my-aks-cluster

# Scale a node pool
az aks scale \
  --resource-group my-rg \
  --name my-aks-cluster \
  --node-count 5 \
  --nodepool-name nodepool1

# Upgrade cluster version
az aks upgrade \
  --resource-group my-rg \
  --name my-aks-cluster \
  --kubernetes-version 1.29.0

# Enable the cluster autoscaler
az aks update \
  --resource-group my-rg \
  --name my-aks-cluster \
  --enable-cluster-autoscaler \
  --min-count 2 --max-count 10

# Create a Function App (consumption plan)
az functionapp create \
  --resource-group my-rg \
  --consumption-plan-location eastus \
  --runtime python \
  --runtime-version 3.11 \
  --functions-version 4 \
  --name my-function-app \
  --storage-account mystorageaccount

# Deploy using the Azure Functions Core Tools
func azure functionapp publish my-function-app

# List function apps
az functionapp list --output table

# Stream live logs
az webapp log tail \
  --resource-group my-rg \
  --name my-function-app

Cross-Cloud Service Comparison

CategoryAWSGCPAzure
Virtual MachinesEC2Compute EngineVirtual Machines
Managed KubernetesEKSGKEAKS
Serverless FunctionsLambdaCloud FunctionsAzure Functions
Object StorageS3Cloud Storage (GCS)Blob Storage
Block StorageEBSPersistent DiskManaged Disks
Managed PostgreSQLRDS / AuroraCloud SQL / AlloyDBAzure Database for PostgreSQL
Container RegistryECRArtifact RegistryAzure Container Registry (ACR)
DNSRoute 53Cloud DNSAzure DNS
CDNCloudFrontCloud CDNAzure Front Door / CDN
IAM / IdentityIAMCloud IAMAzure Active Directory / Entra ID
Secret ManagementSecrets ManagerSecret ManagerAzure Key Vault
Infrastructure as CodeCloudFormationCloud Deployment ManagerBicep / ARM Templates
Monitoring / LoggingCloudWatchCloud Monitoring + LoggingAzure Monitor + Log Analytics
Load Balancer (L7)ALBCloud Load BalancingApplication Gateway
VPN / Private NetworkVPCVPCVirtual Network (VNet)
CI/CDCodePipelineCloud BuildAzure DevOps / GitHub Actions
Event BusEventBridgeEventarc / Pub/SubEvent Grid
The Terraform providers for all three clouds (AWS, GCP, Azure) are mature and widely used. Writing Terraform is often the fastest path to provisioning resources consistently across clouds — see the Terraform notes for patterns that apply to all three.

AWS Reference

Deep-dive CLI commands, IAM practices, S3 operations, and EC2 management for AWS.

Terraform

IaC patterns that work across AWS, GCP, and Azure with a unified workflow.

Kubernetes

Container orchestration patterns applicable to EKS, GKE, and AKS clusters.

FinOps & Cost Management

Cloud cost optimization strategies and tooling for multi-cloud environments.
Last modified on June 9, 2026