How do I use Claude Code with Google Cloud Platform?

Create a CLAUDE.md at your repo root describing your GCP project IDs per environment, the services you use (Cloud Run, Cloud SQL, BigQuery, Pub/Sub, etc.), your Terraform or Deployment Manager setup, and IAM patterns (Workload Identity for GKE, service accounts for Cloud Run). Claude Code will generate gcloud commands and Terraform resources consistent with your existing patterns and never hardcode project IDs or credentials.

Can Claude Code deploy Cloud Run services?

Yes. Tell Claude the service name, container image (Artifact Registry path), CPU/memory limits, concurrency, min/max instances, environment variables (reference Secret Manager secrets, not plain values), and the service account with least-privilege IAM. Claude generates both the gcloud run deploy command and the equivalent Terraform google_cloud_run_v2_service resource. It also generates Cloud Build triggers for CI/CD deployment.

How do I write BigQuery SQL with Claude Code?

Tell Claude your BigQuery dataset and table names, the schema (paste INFORMATION_SCHEMA output), the query goal, and any cost constraints. Claude writes idiomatic BigQuery SQL using partitioning and clustering filters to minimize bytes scanned, avoids SELECT *, uses APPROX_COUNT_DISTINCT for large cardinality columns, and adds EXPLAIN-style comments about partition pruning. Paste in the query plan from the BigQuery console for further optimization.

Can Claude Code write Cloud Functions?

Yes. Tell Claude the trigger type (HTTP, Pub/Sub, Cloud Storage, Eventarc), the runtime (Python 3.12, Node.js 22, Go 1.22), and the function's purpose. Claude generates idiomatic Cloud Functions 2nd gen code with proper error handling, structured logging (google-cloud-logging or the structured JSON format Cloud Logging understands), and the deployment command or Terraform resource. It also sets function timeout, memory, and CPU appropriately for the use case.

How do I use Terraform with GCP and Claude Code?

Tell Claude your Terraform module structure, provider version (google ~> 6.0), and which GCP services you're provisioning. Claude generates correct resource blocks using the google and google-beta providers, sets appropriate project/region/zone at the provider level rather than on each resource, and uses google_project_iam_member (additive) rather than google_project_iam_policy (authoritative) to avoid accidentally removing existing bindings. It also generates Workload Identity bindings for GKE service accounts.

Claude Code for Google Cloud — Cloud Run, BigQuery & GCP Workflows

Google Cloud Platform powers millions of services across Cloud Run, GKE, BigQuery, and Pub/Sub. Claude Code dramatically accelerates GCP development when given context about your project structure, IAM setup, and preferred IaC tooling. This guide covers CLAUDE.md templates for GCP projects, Cloud Run deployment, BigQuery SQL, Cloud Functions, and GKE workflows.

GCP CLAUDE.md Template

# Project: [Your Service Name]

## GCP project structure
- Dev: acme-platform-dev (us-central1)
- Staging: acme-platform-staging (us-central1)
- Prod: acme-platform-prod (us-central1 primary, europe-west1 secondary)
- Shared: acme-shared (Artifact Registry, Secret Manager, Cloud KMS)

## Services in use
- Cloud Run (primary compute — all stateless services)
- Cloud SQL (PostgreSQL 16, private IP only)
- BigQuery (analytics + data warehouse)
- Pub/Sub (event streaming)
- Memorystore (Redis 7.0)
- GKE Autopilot (batch workloads only)
- Artifact Registry (us-central1-docker.pkg.dev/acme-shared/services)

## IaC tooling
- Terraform (google provider ~> 6.0, modules in terraform/modules/)
- Cloud Build for CI/CD (cloudbuild.yaml at repo root)

## IAM conventions
- Cloud Run: each service has a dedicated service account [service]-sa@[project].iam.gserviceaccount.com
- GKE: Workload Identity (KSA → GSA binding per namespace)
- Never use default compute service account for production workloads
- Secret Manager for all credentials — never environment variable literals

## Key commands
```bash
gcloud run deploy SERVICE --image IMAGE --region us-central1 --project PROJECT
gcloud run services describe SERVICE --region us-central1
gcloud builds submit --config cloudbuild.yaml
bq query --use_legacy_sql=false 'SELECT ...'
gcloud pubsub topics publish TOPIC --message '{"key":"value"}'
```

Cloud Run Workflows

Deploy a new Cloud Run service

claude "write a Terraform google_cloud_run_v2_service resource for our 'payments' service.
Image: us-central1-docker.pkg.dev/acme-shared/services/payments:v1.0.0
Region: us-central1. Min instances: 1 (no cold starts). Max instances: 100.
CPU: 2 vCPU, Memory: 1Gi. Concurrency: 80.
Environment variables:
  - DATABASE_URL: from Secret Manager secret 'payments-db-url' (latest version)
  - ENVIRONMENT: literal 'prod'
Service account: payments-sa@acme-platform-prod.iam.gserviceaccount.com
Traffic: 100% to latest revision. Allow unauthenticated: false (internal only).
Also create the IAM binding allowing our API Gateway service account to invoke it."

Blue-green traffic splitting

claude "write gcloud commands to:
1. Deploy a new revision of 'payments' service with tag 'v2' (no traffic)
2. Send 10% traffic to v2, 90% to stable
3. After validation, shift 100% to v2 and delete the v1 revision tag
Include the Cloud Monitoring query to compare error rates between revisions before step 3."

Cloud Run Job for batch processing

claude "create a Terraform google_cloud_run_v2_job for a nightly data export job.
Image: us-central1-docker.pkg.dev/acme-shared/services/data-exporter:latest
Region: us-central1. 4 vCPU, 8Gi memory. Timeout: 3600s. Max retries: 3.
Parallelism: 5 (process 5 shards in parallel).
Service account: data-exporter-sa@acme-platform-prod.iam.gserviceaccount.com
Also create a Cloud Scheduler job to trigger it at 02:00 UTC every day,
using OIDC auth with the scheduler service account."

BigQuery SQL Workflows

Partitioned analytics query

claude "write a BigQuery SQL query for our data team.
Tables: acme-platform-prod.analytics.events (partitioned by event_date DATE, clustered by user_id, event_type)
Goal: daily active users for the last 30 days, segmented by country and platform.
Optimize for cost: use partition filter, clustering columns, and avoid SELECT *.
Also return 7-day and 30-day rolling averages using window functions."

Scheduled query with destination table

claude "create a Terraform resource for a BigQuery scheduled query that:
- Runs the attached SQL every day at 03:00 UTC
- Writes results to acme-platform-prod.reporting.daily_revenue_by_segment
- Uses WRITE_TRUNCATE (overwrite partition for today's date)
- Table is partitioned by report_date
- Service account: bigquery-scheduler-sa@acme-platform-prod.iam.gserviceaccount.com
Also show the IAM grants needed: BigQuery Data Editor on the destination dataset."

Cloud Functions Workflows

Trigger	Use case	Claude Code prompt
HTTP	Webhook handler	"write a Python Cloud Function 2nd gen that receives Stripe webhooks, validates the signature, and publishes the event to Pub/Sub topic 'stripe-events'"
Pub/Sub	Async event processor	"write a Go Cloud Function triggered by Pub/Sub topic 'user-signups' that enriches the user record and writes to Firestore. Handle retries idempotently using the user ID."
Cloud Storage	File processing	"write a Python Cloud Function triggered on finalize for bucket 'uploads-prod'. Parse uploaded CSV, validate schema, and stream rows to BigQuery table 'raw_uploads' using streaming insert."
Eventarc (Audit Logs)	Security alerting	"write a Cloud Function triggered by Eventarc on IAM policy changes (google.iam.v1.IAMPolicy.SetIamPolicy) that sends a Slack alert with the changed binding details."

GKE + Workload Identity

claude "configure Workload Identity for our GKE Autopilot cluster.
Service: 'payments' in namespace 'production'.
Google Service Account: payments-sa@acme-platform-prod.iam.gserviceaccount.com
It needs:
- roles/cloudsql.client (to connect to Cloud SQL via proxy)
- roles/secretmanager.secretAccessor (for Secret Manager secrets)
- roles/pubsub.publisher (for the 'order-events' topic)

Show the Terraform resources:
1. google_service_account_iam_binding for Workload Identity (workloadIdentityUser role)
2. Kubernetes ServiceAccount annotation (iam.gke.io/gcp-service-account)
3. The Deployment spec showing the serviceAccountName

Then verify the binding with: kubectl exec ... -- gcloud auth print-identity-token"

5 Tips for GCP + Claude Code

Always tell Claude your GCP project IDs (dev/staging/prod) — it uses them in Terraform resources and gcloud commands rather than requiring you to fill in placeholders.
When writing Terraform for GCP IAM, say "use google_project_iam_member not google_project_iam_policy". The authoritative policy resource can accidentally remove existing bindings managed outside Terraform.
For BigQuery cost optimization, paste the output of bq query --dry_run (bytes processed estimate). Claude rewrites the query to reduce bytes scanned using partition pruning and clustering.
Tell Claude your Artifact Registry image path format upfront. Cloud Run, Cloud Functions, and GKE all reference images differently (full vs. short form); knowing your registry prevents wrong-format image references.
For Cloud Run services that connect to Cloud SQL, always mention "use the Cloud SQL Auth Proxy sidecar pattern" or "use the direct IP via VPC Connector". Claude picks the right connection pattern for your architecture.