Create and manage databases

This page describes how to create, update, and delete Firestore with MongoDB compatibility databases. You can create multiple Firestore databases per project. You can use multiple databases to set up production and testing environments, to isolate customer data, and for data regionalization.

Free tier usage

Firestore offers free tier that lets you get started at no cost.

The free tier applies to only one Firestore database per project. The first database that is created in a project without a free tier database will get the free tier. If the database with the free tier applied is deleted, the next database created will receive the free tier.

Before you begin

You must complete the following before creating a database:

Make sure that billing is enabled for your Google Cloud project.
Assign appropriate Identity and Access Management roles as described in the next section.

Required roles

To create and manage databases, you need the Owner or Datastore Owner Identity and Access Management role. These roles grant the required permissions.

Required permissions

To manage databases, you need the following permissions:

Create a database: datastore.databases.create
Read database configuration: datastore.databases.getMetadata
Configure a database: datastore.databases.update
Delete a database: datastore.databases.delete

Create a database

To create a Firestore with MongoDB compatibility database, use one of the following methods:

Google Cloud console

In the Google Cloud console, go to the Databases page.

Go to Databases
Click Create a Firestore Database.
Enter a database ID.
Select Enterprise Edition.
Select a location for your database.
(Optional) If you need to customize your encryption, click Show Encryption Options and configure encryption options.
Click Create Database.

gcloud CLI

Use the gcloud firestore databases create command and set --edition=enterprise.

gcloud firestore databases create \
--database=DATABASE_ID \
--location=LOCATION \
--edition=enterprise

Replace the following:

DATABASE_ID: a valid database ID.
LOCATION: the name of a Firestore with MongoDB compatibility multi-region or region.

To enable deletion protection, add the --delete-protection flag. You cannot delete a database with deletion protection enabled until you disable this setting. This setting is disabled by default.

gcloud firestore databases create \
--database=DATABASE_ID \
--location=LOCATION \
--edition=enterprise \
--delete-protection

Database ID

Valid database IDs include IDs that conform to the following:

Includes only letters, numbers, and hyphen (-) characters.
Letters must be lowercase.
The first character must be a letter.
The last character must be a letter or number.
Minimum of 4 characters.
Maximum of 63 characters.
Must not be a UUID or resemble a UUID. For example, don't use an ID like f47ac10b-58cc-0372-8567-0e02b2c3d479.

If you delete a database, you cannot immediately re-use the database ID until after 5 minutes.

Delete protection

Use delete protection to prevent accidental deletion of a database. Delete protection works in the follow way:

You cannot delete a database with delete protection enabled until you disable delete protection.
Delete protection is disabled by default.
You can enable delete protection when you create the database or you can update a database configuration to enable delete protection.

List databases

Use one of the following methods to list your databases:

Console

In the Google Cloud console, go to the Databases page.

Go to Databases

gcloud CLI

Use the gcloud firestore databases list command to list all the databases in your project.

gcloud firestore databases list

View database details

To view details about a single database, use one of the following methods:

Console

In the Google Cloud console, go to the Databases page.

Go to Databases
Select a database from the list of databases.

gcloud CLI

Use the gcloud firestore databases describe command:

gcloud firestore databases describe --database=DATABASE_ID

Replace DATABASE_ID with a database ID.

Update database configuration

To update the configuration settings of a database, use the gcloud firestore databases update command.

Use this command to change, enable, or disable delete protection.

Update the delete protection setting

To enable delete protection on a database, use the gcloud firestore databases update command with the --delete-protection flag. For example:

gcloud CLI

gcloud firestore databases update --database=DATABASE_ID --delete-protection

Replace DATABASE_ID with a database ID.

To disable delete protection on a database, use the gcloud firestore databases update command with the --no-delete-protection flag. For example:

gcloud CLI

gcloud firestore databases update --database=DATABASE_ID --no-delete-protection

Replace DATABASE_ID with a database ID.

Delete a database

To delete a database, use the console or command-line tool. Deleting a database does not incur charges for delete operations.

If the database has the delete protection setting enabled, you must first disable delete protection.

Google Cloud console

In the Google Cloud console, go to the Databases page.

Go to Databases
Click View more in the Actions column for the database you want to delete. Click Delete. A dialog appears.
In the Delete database? dialog, confirm deletion by typing the database ID in the text field. Click Delete. The console informs you of operation success or failure.

If the operation fails, view the database details and verify that delete protection is disabled. To disable delete protection, see Update the delete protection setting.

gcloud CLI

Use the `gcloud firestore databases delete` command.

gcloud firestore databases delete --database=DATABASE_ID

Replace DATABASE_ID with the ID of the database to delete.

Configure per-database access permissions

You can use Identity and Access Management Conditions to configure access permissions on a per-database level. The following examples use the Google Cloud CLI to assign conditional access for one or more databases. You can also define IAM conditions in the Google Cloud console.

View existing IAM policies

gcloud projects get-iam-policy PROJECT_ID

Set PROJECT_ID to your project ID.

Grant access to a database

gcloud projects add-iam-policy-binding PROJECT_ID \
--member='user:EMAIL' \
--role='roles/datastore.user' \
--condition='expression=resource.name=="projects/PROJECT_ID/databases/DATABASE_ID",title=TITLE,description=DESCRIPTION'

Set the following:

PROJECT_ID: your project ID
EMAIL: an email address that represents a specific account. For example, alice@example.com.
DATABASE_ID: a database ID.
TITLE: an optional title for the expression.
DESCRIPTION: an optional description of the expression.

Grant access to all except one database

gcloud projects add-iam-policy-binding PROJECT_ID \
--member='user:EMAIL' \
--role='roles/datastore.user' \
--condition='expression=resource.name!="projects/PROJECT_ID/databases/DATABASE_ID",title=TITLE,description=DESCRIPTION'

Set the following:

PROJECT_ID: your project ID
EMAIL: an email address that represents a specific account. For example, alice@example.com.
DATABASE_ID: a database ID.
TITLE: an optional title for the expression.
DESCRIPTION: an optional description of the expression.

Remove policies for a given member and role

gcloud projects remove-iam-policy-binding PROJECT_ID \
--member='user:EMAIL' \
--role='roles/datastore.user' --all

Set the following:

PROJECT_ID: your project ID
EMAIL: an email address that represents a specific account. For example, alice@example.com.

Limitations

You can have a maximum of 100 databases per project. You can contact support to request an increase to this limit.

What's next

Run the Quickstart: Create a database and connect to it.
Learn about Behavior differences.
Learn about Cloud Monitoring metrics for Firestore with MongoDB compatibility.