Deploy GCP Filestore Instances

The gcp:filestore/instance:Instance resource, part of the Pulumi GCP provider, provisions a managed NFS file share: its capacity, service tier, network attachment, and access controls. This guide focuses on four capabilities: basic NFS share creation, client access control with export options, protocol selection, and customer-managed encryption.

Filestore instances attach to existing VPC networks and may reference KMS keys for encryption. The examples are intentionally small. Combine them with your own VPC configuration, client IP ranges, and security policies.

Create a basic NFS file share

Most deployments start with a simple NFS share attached to the default VPC, providing shared storage for GKE or Compute Engine workloads.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.filestore.Instance("instance", {
    name: "test-instance",
    location: "us-central1-b",
    tier: "BASIC_HDD",
    fileShares: {
        capacityGb: 1024,
        name: "share1",
    },
    networks: [{
        network: "default",
        modes: ["MODE_IPV4"],
    }],
});

import pulumi
import pulumi_gcp as gcp

instance = gcp.filestore.Instance("instance",
    name="test-instance",
    location="us-central1-b",
    tier="BASIC_HDD",
    file_shares={
        "capacity_gb": 1024,
        "name": "share1",
    },
    networks=[{
        "network": "default",
        "modes": ["MODE_IPV4"],
    }])

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/filestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := filestore.NewInstance(ctx, "instance", &filestore.InstanceArgs{
			Name:     pulumi.String("test-instance"),
			Location: pulumi.String("us-central1-b"),
			Tier:     pulumi.String("BASIC_HDD"),
			FileShares: &filestore.InstanceFileSharesArgs{
				CapacityGb: pulumi.Int(1024),
				Name:       pulumi.String("share1"),
			},
			Networks: filestore.InstanceNetworkArray{
				&filestore.InstanceNetworkArgs{
					Network: pulumi.String("default"),
					Modes: pulumi.StringArray{
						pulumi.String("MODE_IPV4"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var instance = new Gcp.Filestore.Instance("instance", new()
    {
        Name = "test-instance",
        Location = "us-central1-b",
        Tier = "BASIC_HDD",
        FileShares = new Gcp.Filestore.Inputs.InstanceFileSharesArgs
        {
            CapacityGb = 1024,
            Name = "share1",
        },
        Networks = new[]
        {
            new Gcp.Filestore.Inputs.InstanceNetworkArgs
            {
                Network = "default",
                Modes = new[]
                {
                    "MODE_IPV4",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.filestore.Instance;
import com.pulumi.gcp.filestore.InstanceArgs;
import com.pulumi.gcp.filestore.inputs.InstanceFileSharesArgs;
import com.pulumi.gcp.filestore.inputs.InstanceNetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var instance = new Instance("instance", InstanceArgs.builder()
            .name("test-instance")
            .location("us-central1-b")
            .tier("BASIC_HDD")
            .fileShares(InstanceFileSharesArgs.builder()
                .capacityGb(1024)
                .name("share1")
                .build())
            .networks(InstanceNetworkArgs.builder()
                .network("default")
                .modes("MODE_IPV4")
                .build())
            .build());

    }
}

resources:
  instance:
    type: gcp:filestore:Instance
    properties:
      name: test-instance
      location: us-central1-b
      tier: BASIC_HDD
      fileShares:
        capacityGb: 1024
        name: share1
      networks:
        - network: default
          modes:
            - MODE_IPV4

The fileShares property defines the share name and capacity in gigabytes. The networks property connects the instance to your VPC; clients mount the share using the instance’s IP address. The tier property determines performance characteristics and regional availability; BASIC_HDD offers cost-effective storage while BASIC_SSD provides higher throughput.

Control access with NFS export options

Applications often need granular access control, allowing some clients read-write access while restricting others to read-only based on IP ranges.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.filestore.Instance("instance", {
    name: "test-instance",
    location: "us-central1-b",
    tier: "BASIC_SSD",
    fileShares: {
        capacityGb: 2560,
        name: "share1",
        nfsExportOptions: [
            {
                ipRanges: ["10.0.0.0/24"],
                accessMode: "READ_WRITE",
                squashMode: "NO_ROOT_SQUASH",
            },
            {
                ipRanges: ["10.10.0.0/24"],
                accessMode: "READ_ONLY",
                squashMode: "ROOT_SQUASH",
                anonUid: 123,
                anonGid: 456,
            },
        ],
    },
    networks: [{
        network: "default",
        modes: ["MODE_IPV4"],
        connectMode: "DIRECT_PEERING",
    }],
});

import pulumi
import pulumi_gcp as gcp

instance = gcp.filestore.Instance("instance",
    name="test-instance",
    location="us-central1-b",
    tier="BASIC_SSD",
    file_shares={
        "capacity_gb": 2560,
        "name": "share1",
        "nfs_export_options": [
            {
                "ip_ranges": ["10.0.0.0/24"],
                "access_mode": "READ_WRITE",
                "squash_mode": "NO_ROOT_SQUASH",
            },
            {
                "ip_ranges": ["10.10.0.0/24"],
                "access_mode": "READ_ONLY",
                "squash_mode": "ROOT_SQUASH",
                "anon_uid": 123,
                "anon_gid": 456,
            },
        ],
    },
    networks=[{
        "network": "default",
        "modes": ["MODE_IPV4"],
        "connect_mode": "DIRECT_PEERING",
    }])

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/filestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := filestore.NewInstance(ctx, "instance", &filestore.InstanceArgs{
			Name:     pulumi.String("test-instance"),
			Location: pulumi.String("us-central1-b"),
			Tier:     pulumi.String("BASIC_SSD"),
			FileShares: &filestore.InstanceFileSharesArgs{
				CapacityGb: pulumi.Int(2560),
				Name:       pulumi.String("share1"),
				NfsExportOptions: filestore.InstanceFileSharesNfsExportOptionArray{
					&filestore.InstanceFileSharesNfsExportOptionArgs{
						IpRanges: pulumi.StringArray{
							pulumi.String("10.0.0.0/24"),
						},
						AccessMode: pulumi.String("READ_WRITE"),
						SquashMode: pulumi.String("NO_ROOT_SQUASH"),
					},
					&filestore.InstanceFileSharesNfsExportOptionArgs{
						IpRanges: pulumi.StringArray{
							pulumi.String("10.10.0.0/24"),
						},
						AccessMode: pulumi.String("READ_ONLY"),
						SquashMode: pulumi.String("ROOT_SQUASH"),
						AnonUid:    pulumi.Int(123),
						AnonGid:    pulumi.Int(456),
					},
				},
			},
			Networks: filestore.InstanceNetworkArray{
				&filestore.InstanceNetworkArgs{
					Network: pulumi.String("default"),
					Modes: pulumi.StringArray{
						pulumi.String("MODE_IPV4"),
					},
					ConnectMode: pulumi.String("DIRECT_PEERING"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var instance = new Gcp.Filestore.Instance("instance", new()
    {
        Name = "test-instance",
        Location = "us-central1-b",
        Tier = "BASIC_SSD",
        FileShares = new Gcp.Filestore.Inputs.InstanceFileSharesArgs
        {
            CapacityGb = 2560,
            Name = "share1",
            NfsExportOptions = new[]
            {
                new Gcp.Filestore.Inputs.InstanceFileSharesNfsExportOptionArgs
                {
                    IpRanges = new[]
                    {
                        "10.0.0.0/24",
                    },
                    AccessMode = "READ_WRITE",
                    SquashMode = "NO_ROOT_SQUASH",
                },
                new Gcp.Filestore.Inputs.InstanceFileSharesNfsExportOptionArgs
                {
                    IpRanges = new[]
                    {
                        "10.10.0.0/24",
                    },
                    AccessMode = "READ_ONLY",
                    SquashMode = "ROOT_SQUASH",
                    AnonUid = 123,
                    AnonGid = 456,
                },
            },
        },
        Networks = new[]
        {
            new Gcp.Filestore.Inputs.InstanceNetworkArgs
            {
                Network = "default",
                Modes = new[]
                {
                    "MODE_IPV4",
                },
                ConnectMode = "DIRECT_PEERING",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.filestore.Instance;
import com.pulumi.gcp.filestore.InstanceArgs;
import com.pulumi.gcp.filestore.inputs.InstanceFileSharesArgs;
import com.pulumi.gcp.filestore.inputs.InstanceNetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var instance = new Instance("instance", InstanceArgs.builder()
            .name("test-instance")
            .location("us-central1-b")
            .tier("BASIC_SSD")
            .fileShares(InstanceFileSharesArgs.builder()
                .capacityGb(2560)
                .name("share1")
                .nfsExportOptions(                
                    InstanceFileSharesNfsExportOptionArgs.builder()
                        .ipRanges("10.0.0.0/24")
                        .accessMode("READ_WRITE")
                        .squashMode("NO_ROOT_SQUASH")
                        .build(),
                    InstanceFileSharesNfsExportOptionArgs.builder()
                        .ipRanges("10.10.0.0/24")
                        .accessMode("READ_ONLY")
                        .squashMode("ROOT_SQUASH")
                        .anonUid(123)
                        .anonGid(456)
                        .build())
                .build())
            .networks(InstanceNetworkArgs.builder()
                .network("default")
                .modes("MODE_IPV4")
                .connectMode("DIRECT_PEERING")
                .build())
            .build());

    }
}

resources:
  instance:
    type: gcp:filestore:Instance
    properties:
      name: test-instance
      location: us-central1-b
      tier: BASIC_SSD
      fileShares:
        capacityGb: 2560
        name: share1
        nfsExportOptions:
          - ipRanges:
              - 10.0.0.0/24
            accessMode: READ_WRITE
            squashMode: NO_ROOT_SQUASH
          - ipRanges:
              - 10.10.0.0/24
            accessMode: READ_ONLY
            squashMode: ROOT_SQUASH
            anonUid: 123
            anonGid: 456
      networks:
        - network: default
          modes:
            - MODE_IPV4
          connectMode: DIRECT_PEERING

The nfsExportOptions array defines per-client access rules. Each entry specifies ipRanges (CIDR blocks), accessMode (READ_WRITE or READ_ONLY), and squashMode (how root user access is handled). Setting anonUid and anonGid maps anonymous users to specific IDs when ROOT_SQUASH is enabled. Clients matching the first rule get read-write access; those matching the second get read-only.

Use NFSv4.1 with ENTERPRISE tier

High-performance workloads or those requiring NFSv4.1 features use ENTERPRISE tier, which supports regional availability and advanced protocol options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.filestore.Instance("instance", {
    name: "test-instance",
    location: "us-central1",
    tier: "ENTERPRISE",
    protocol: "NFS_V4_1",
    fileShares: {
        capacityGb: 1024,
        name: "share1",
    },
    networks: [{
        network: "default",
        modes: ["MODE_IPV4"],
    }],
});

import pulumi
import pulumi_gcp as gcp

instance = gcp.filestore.Instance("instance",
    name="test-instance",
    location="us-central1",
    tier="ENTERPRISE",
    protocol="NFS_V4_1",
    file_shares={
        "capacity_gb": 1024,
        "name": "share1",
    },
    networks=[{
        "network": "default",
        "modes": ["MODE_IPV4"],
    }])

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/filestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := filestore.NewInstance(ctx, "instance", &filestore.InstanceArgs{
			Name:     pulumi.String("test-instance"),
			Location: pulumi.String("us-central1"),
			Tier:     pulumi.String("ENTERPRISE"),
			Protocol: pulumi.String("NFS_V4_1"),
			FileShares: &filestore.InstanceFileSharesArgs{
				CapacityGb: pulumi.Int(1024),
				Name:       pulumi.String("share1"),
			},
			Networks: filestore.InstanceNetworkArray{
				&filestore.InstanceNetworkArgs{
					Network: pulumi.String("default"),
					Modes: pulumi.StringArray{
						pulumi.String("MODE_IPV4"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var instance = new Gcp.Filestore.Instance("instance", new()
    {
        Name = "test-instance",
        Location = "us-central1",
        Tier = "ENTERPRISE",
        Protocol = "NFS_V4_1",
        FileShares = new Gcp.Filestore.Inputs.InstanceFileSharesArgs
        {
            CapacityGb = 1024,
            Name = "share1",
        },
        Networks = new[]
        {
            new Gcp.Filestore.Inputs.InstanceNetworkArgs
            {
                Network = "default",
                Modes = new[]
                {
                    "MODE_IPV4",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.filestore.Instance;
import com.pulumi.gcp.filestore.InstanceArgs;
import com.pulumi.gcp.filestore.inputs.InstanceFileSharesArgs;
import com.pulumi.gcp.filestore.inputs.InstanceNetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var instance = new Instance("instance", InstanceArgs.builder()
            .name("test-instance")
            .location("us-central1")
            .tier("ENTERPRISE")
            .protocol("NFS_V4_1")
            .fileShares(InstanceFileSharesArgs.builder()
                .capacityGb(1024)
                .name("share1")
                .build())
            .networks(InstanceNetworkArgs.builder()
                .network("default")
                .modes("MODE_IPV4")
                .build())
            .build());

    }
}

resources:
  instance:
    type: gcp:filestore:Instance
    properties:
      name: test-instance
      location: us-central1
      tier: ENTERPRISE
      protocol: NFS_V4_1
      fileShares:
        capacityGb: 1024
        name: share1
      networks:
        - network: default
          modes:
            - MODE_IPV4

The protocol property selects NFS_V4_1 instead of the default NFS_V3. NFSv4.1 provides improved security and performance but requires ENTERPRISE, HIGH_SCALE_SSD, ZONAL, or REGIONAL tiers. The location property uses a regional identifier (us-central1) rather than a zonal one, enabling regional availability.

Encrypt data with customer-managed keys

Compliance requirements often mandate encryption with customer-managed keys stored in Cloud KMS rather than Google-managed keys.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const filestoreKeyring = new gcp.kms.KeyRing("filestore_keyring", {
    name: "filestore-keyring",
    location: "us-central1",
});
const filestoreKey = new gcp.kms.CryptoKey("filestore_key", {
    name: "filestore-key",
    keyRing: filestoreKeyring.id,
});
const instance = new gcp.filestore.Instance("instance", {
    name: "test-instance",
    location: "us-central1",
    tier: "ENTERPRISE",
    fileShares: {
        capacityGb: 1024,
        name: "share1",
    },
    networks: [{
        network: "default",
        modes: ["MODE_IPV4"],
    }],
    kmsKeyName: filestoreKey.id,
});

import pulumi
import pulumi_gcp as gcp

filestore_keyring = gcp.kms.KeyRing("filestore_keyring",
    name="filestore-keyring",
    location="us-central1")
filestore_key = gcp.kms.CryptoKey("filestore_key",
    name="filestore-key",
    key_ring=filestore_keyring.id)
instance = gcp.filestore.Instance("instance",
    name="test-instance",
    location="us-central1",
    tier="ENTERPRISE",
    file_shares={
        "capacity_gb": 1024,
        "name": "share1",
    },
    networks=[{
        "network": "default",
        "modes": ["MODE_IPV4"],
    }],
    kms_key_name=filestore_key.id)

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/filestore"
	"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		filestoreKeyring, err := kms.NewKeyRing(ctx, "filestore_keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("filestore-keyring"),
			Location: pulumi.String("us-central1"),
		})
		if err != nil {
			return err
		}
		filestoreKey, err := kms.NewCryptoKey(ctx, "filestore_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("filestore-key"),
			KeyRing: filestoreKeyring.ID(),
		})
		if err != nil {
			return err
		}
		_, err = filestore.NewInstance(ctx, "instance", &filestore.InstanceArgs{
			Name:     pulumi.String("test-instance"),
			Location: pulumi.String("us-central1"),
			Tier:     pulumi.String("ENTERPRISE"),
			FileShares: &filestore.InstanceFileSharesArgs{
				CapacityGb: pulumi.Int(1024),
				Name:       pulumi.String("share1"),
			},
			Networks: filestore.InstanceNetworkArray{
				&filestore.InstanceNetworkArgs{
					Network: pulumi.String("default"),
					Modes: pulumi.StringArray{
						pulumi.String("MODE_IPV4"),
					},
				},
			},
			KmsKeyName: filestoreKey.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var filestoreKeyring = new Gcp.Kms.KeyRing("filestore_keyring", new()
    {
        Name = "filestore-keyring",
        Location = "us-central1",
    });

    var filestoreKey = new Gcp.Kms.CryptoKey("filestore_key", new()
    {
        Name = "filestore-key",
        KeyRing = filestoreKeyring.Id,
    });

    var instance = new Gcp.Filestore.Instance("instance", new()
    {
        Name = "test-instance",
        Location = "us-central1",
        Tier = "ENTERPRISE",
        FileShares = new Gcp.Filestore.Inputs.InstanceFileSharesArgs
        {
            CapacityGb = 1024,
            Name = "share1",
        },
        Networks = new[]
        {
            new Gcp.Filestore.Inputs.InstanceNetworkArgs
            {
                Network = "default",
                Modes = new[]
                {
                    "MODE_IPV4",
                },
            },
        },
        KmsKeyName = filestoreKey.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.filestore.Instance;
import com.pulumi.gcp.filestore.InstanceArgs;
import com.pulumi.gcp.filestore.inputs.InstanceFileSharesArgs;
import com.pulumi.gcp.filestore.inputs.InstanceNetworkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var filestoreKeyring = new KeyRing("filestoreKeyring", KeyRingArgs.builder()
            .name("filestore-keyring")
            .location("us-central1")
            .build());

        var filestoreKey = new CryptoKey("filestoreKey", CryptoKeyArgs.builder()
            .name("filestore-key")
            .keyRing(filestoreKeyring.id())
            .build());

        var instance = new Instance("instance", InstanceArgs.builder()
            .name("test-instance")
            .location("us-central1")
            .tier("ENTERPRISE")
            .fileShares(InstanceFileSharesArgs.builder()
                .capacityGb(1024)
                .name("share1")
                .build())
            .networks(InstanceNetworkArgs.builder()
                .network("default")
                .modes("MODE_IPV4")
                .build())
            .kmsKeyName(filestoreKey.id())
            .build());

    }
}

resources:
  instance:
    type: gcp:filestore:Instance
    properties:
      name: test-instance
      location: us-central1
      tier: ENTERPRISE
      fileShares:
        capacityGb: 1024
        name: share1
      networks:
        - network: default
          modes:
            - MODE_IPV4
      kmsKeyName: ${filestoreKey.id}
  filestoreKeyring:
    type: gcp:kms:KeyRing
    name: filestore_keyring
    properties:
      name: filestore-keyring
      location: us-central1
  filestoreKey:
    type: gcp:kms:CryptoKey
    name: filestore_key
    properties:
      name: filestore-key
      keyRing: ${filestoreKeyring.id}

The kmsKeyName property references a Cloud KMS crypto key for data encryption. You must create the KeyRing and CryptoKey resources first, then grant the Filestore service account permissions to use the key. All data written to the share is encrypted with your key; Google cannot access the data without your key.

Beyond these examples

These snippets focus on specific Filestore instance features: NFS share provisioning and capacity, access control with export options, and protocol selection and encryption. They’re intentionally minimal rather than full storage solutions.

The examples reference pre-existing infrastructure such as VPC networks (all use ‘default’), and KMS key rings and crypto keys for the encryption example. They focus on configuring the instance rather than provisioning the surrounding infrastructure.

To keep things focused, common Filestore patterns are omitted, including:

  • Directory Services configuration (directoryServices)
  • Performance tuning (performanceConfig)
  • Replication setup (initialReplication)
  • Deletion protection (deletionProtectionEnabled)
  • Labels and resource manager tags

These omissions are intentional: the goal is to illustrate how each Filestore feature is wired, not provide drop-in storage modules. See the Filestore Instance resource reference for all available configuration options.

Let's deploy GCP Filestore Instances

Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.

Try Pulumi Cloud for FREE

Frequently Asked Questions

Configuration & Tiers
What tier should I choose for my Filestore instance?
Available tiers are STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL, and ENTERPRISE. The tier is immutable after creation, so choose based on your performance and availability requirements.
Can I use NFSv4.1 with BASIC_HDD or BASIC_SSD tiers?
No, NFSv4.1 can only be used with HIGH_SCALE_SSD, ZONAL, REGIONAL, and ENTERPRISE tiers. The default protocol is NFSv3.
Should I use zone or location for my instance?
Use location instead of zone. The zone property is deprecated and will be removed in a future major release. For ENTERPRISE tier instances, location can be a region.
Immutability & Limitations
What properties can't I change after creating my instance?
The following properties are immutable: location, networks, project, tier, protocol, kmsKeyName, initialReplication, and tags. Modifying tags specifically triggers resource replacement.
Why does changing tags recreate my Filestore instance?
The tags field is immutable and causes resource replacement when modified. Set tags at creation time, or use the gcp.tags.TagValue resource to apply tags to existing instances.
What are the current version limitations for Filestore instances?
This version supports only a single file share per instance and only a single VPC network connection per instance.
Security & Encryption
How do I encrypt my Filestore instance with KMS?
Set the kmsKeyName property to your KMS crypto key ID. Note that kmsKeyName is immutable and must be set at creation time.
How do I enable deletion protection?
Set deletionProtectionEnabled to true and optionally provide a deletionProtectionReason to document why protection is enabled.
NFS & Access Control
How do I configure different access modes for different IP ranges?
Use multiple nfsExportOptions entries within fileShares. Each entry can specify different ipRanges, accessMode (READ_WRITE or READ_ONLY), and squashMode (NO_ROOT_SQUASH or ROOT_SQUASH).
When should I configure directoryServices?
Directory Services configuration should only be set when protocol is NFS_V4_1. It’s not applicable for NFSv3 instances.
Labels & Metadata
What's the difference between labels and effectiveLabels?
The labels field is non-authoritative and only manages labels in your configuration. Use effectiveLabels to see all labels present on the resource, including those set by other clients and services.

Using a different cloud?

Explore storage guides for other cloud providers:

AWS Guides Azure Guides