Google Cloud MCP Server

Google's catalog of managed remote MCP servers covering 60+ Google Cloud and Workspace products including BigQuery, GKE, Cloud Run, Firestore, and Spanner.

Developer Tools by Google OAuth2 active

Connect (Remote Server) GitHub Docs

Overview

Google Cloud MCP is Google's official program for exposing Cloud, Workspace, and developer products to AI agents through the Model Context Protocol. Most servers are remote and managed by Google: AI applications connect over HTTPS to per-service endpoints (for example https://bigquery.googleapis.com/mcp, https://run.googleapis.com/mcp, https://compute.googleapis.com/mcp) and authenticate with Google credentials. Coverage spans data and analytics (BigQuery, Dataplex, Dataproc, Datastream), databases (AlloyDB, Cloud SQL, Spanner, Firestore, Bigtable, Memorystore), compute (Compute Engine, GKE, Cloud Run, Cloud Storage), observability (Cloud Logging, Cloud Monitoring, Cloud Trace, Error Reporting), security (Chronicle, Security Command Center, Cloud Resource Manager), and developer tools (gcloud CLI, Chrome DevTools, Maps, Firebase).

The catalog at github.com/google/mcp aggregates both remote managed servers and open-source servers that you can run locally or deploy on Cloud Run/GKE. Companion repositories such as googleapis/gcloud-mcp ship the gcloud, observability, storage, and backupdr servers as npm packages. Authentication is handled by Google credentials: OAuth 2.0 (web and desktop), Application Default Credentials via gcloud auth application-default login, or bearer tokens with an x-goog-user-project header.

Security and governance use existing Google Cloud primitives: IAM-based access control, audit logs, and Model Armor for prompt-injection and data-exfiltration protections. Many endpoints are still labeled Preview or Beta, and the aggregating repo carries the standard "not an officially supported Google product" disclaimer even though individual services are first-party.

Tools

Tool	Description
`BigQuery MCP`	Query datasets, inspect schemas, run SQL, and manage jobs on BigQuery.
`Cloud Run MCP`	Deploy, list, and manage Cloud Run services and revisions.
`Compute Engine MCP`	Manage VM instances, disks, networks, and zones on Compute Engine.
`GKE MCP`	Inspect clusters, node pools, and workloads on Google Kubernetes Engine.
`Cloud Storage MCP`	List buckets, read and write objects, set IAM and lifecycle policies.
`Spanner MCP`	Query and manage Cloud Spanner databases and instances.
`Firestore MCP`	Read, write, and query Firestore documents and collections.
`AlloyDB MCP`	Manage AlloyDB clusters and run queries against PostgreSQL-compatible instances.
`Cloud SQL MCP`	Administer Cloud SQL instances for MySQL, PostgreSQL, and SQL Server.
`Cloud Logging / Monitoring / Trace MCP`	Search logs, query metrics, and inspect traces via Cloud Observability APIs.
`Chronicle (Google SecOps) MCP`	Investigate security events, IOCs, and detections in Google Security Operations.
`Cloud Resource Manager MCP`	List and manage projects, folders, and organization resources.
`Google Maps (Grounding Lite) MCP`	Geocode, search places, and ground responses in Maps data.
`gcloud MCP (local)`	Run any gcloud CLI command via run_gcloud_command from an AI agent.
`Workspace MCP (Gmail, Drive, Calendar, Chat, People)`	Developer-preview servers for the Google Workspace suite.

Setup Guide

Prerequisites

A Google Cloud project with billing enabled
The target API enabled for the service you want to use (for example BigQuery API)
IAM permissions on that service
For OAuth clients: a "Web application" OAuth client ID and secret
For local CLI tools: Node.js 20+ and gcloud CLI installed

Authentication

Choose one:

OAuth 2.0 with a Web application client. Add redirect URI https://claude.ai/api/mcp/auth_callback for Claude.
Application Default Credentials: run gcloud auth application-default login (token must be refreshed hourly).
Bearer token via Authorization: Bearer <token> plus x-goog-user-project: <project_id> header.

Claude.ai / Claude Desktop (remote OAuth server)

{
  "name": "BigQuery MCP",
  "mcp_server_url": "https://bigquery.googleapis.com/mcp",
  "authentication": {
    "type": "OAuth",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
  }
}

VS Code

{
  "servers": [
    {
      "name": "BigQuery MCP",
      "uri": "https://bigquery.googleapis.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_ACCESS_TOKEN",
        "x-goog-user-project": "YOUR_PROJECT_ID"
      }
    }
  ]
}

Add via Command Palette: MCP: Add Server... then select HTTP.

Gemini CLI

File: ~/.gemini/extensions/<ext_name>/gemini-extension.json

{
  "name": "gcp-bigquery",
  "version": "1.0.0",
  "mcpServers": {
    "bigquery": {
      "httpUrl": "https://bigquery.googleapis.com/mcp",
      "authProviderType": "google_credentials",
      "oauth": {
        "scopes": ["https://www.googleapis.com/auth/cloud-platform"]
      },
      "headers": { "x-goog-user-project": "YOUR_PROJECT_ID" }
    }
  }
}

Local gcloud MCP server (open source companion)

{
  "mcpServers": {
    "gcloud": {
      "command": "npx",
      "args": ["-y", "@google-cloud/gcloud-mcp"]
    }
  }
}

Or initialize for Gemini Code Assist:

npx @google-cloud/gcloud-mcp init --agent=gemini-cli

Use Cases

Let an agent answer ad-hoc analytics questions by writing and running SQL against BigQuery datasets with the user's IAM scope.
Triage production incidents by searching Cloud Logging, pulling Cloud Monitoring metrics, and inspecting recent Cloud Run revisions from one chat session.
Deploy a container to Cloud Run or roll back a revision using natural language while reviewing diffs before execution.
Automate Google Cloud Storage housekeeping: list large objects, apply lifecycle rules, or move data between buckets.
Investigate security alerts by correlating Chronicle detections with Cloud Resource Manager project metadata.
Run gcloud commands from a coding agent (Gemini CLI, Claude Code) for routine cluster, IAM, and project administration.

Example Prompts

"Using the BigQuery MCP, find the top 10 SKUs by revenue last week in the analytics.orders table."
"List all Cloud Run services in us-central1 and show which ones had errors in the last hour according to Cloud Logging."
"Scale the api-prod GKE deployment to 6 replicas and confirm rollout status."
"Show me Firestore documents in the users collection where plan == 'enterprise' and last_login is older than 30 days."
"Use the gcloud MCP to enable the Vertex AI API on project acme-staging and create a service account named agent-runner."

Pros

First-party servers from Google with native IAM, audit logging, and Model Armor protections.
Broad coverage: 60+ services spanning data, databases, compute, observability, security, and Workspace.
Remote managed endpoints mean no local install or hosting needed for most use cases.
Standard Google auth (OAuth 2.0 and ADC) works with existing organization controls and least-privilege roles.

Limitations

Many individual servers are still Preview or Beta and may have breaking changes.
Setup requires correct project, API enablement, OAuth client, and IAM roles, which is more involved than a single API-key server.
The aggregating repo carries a "not an officially supported Google product" disclaimer even though individual services are first-party.
Tool schemas are not always documented in one place; you often need to read the per-service MCP reference page.

Alternatives

AWS MCP servers: AWS Labs catalog of MCP servers for AWS services.
Azure MCP server: Microsoft's MCP server for Azure resources and CLI.
Cloudflare MCP: Provider-hosted MCP servers for Workers, R2, KV, and analytics.