This document explains how to create a virtual machine (VM) or bare metal instance by using a boot disk image, a boot disk snapshot, or a container image. Some images support Shielded VM features, which offer security features such as UEFI-compliant firmware, Secure Boot, and vTPM-protected Measured Boot. On Shielded VMs, vTPM and integrity monitoring are enabled by default.
While creating your compute instance, you can create one or more disks for it. You can also add more disks to the instance after it's created. Compute Engine automatically starts the instance after you create it.
While creating a compute instance, you can also add multiple network interfaces. To mitigate your instance's exposure to threats on the internet, you can omit the external IP address when you add a network interface to the instance. In such cases, the instance is accessible only from other compute instances in the same VPC network or a linked network unless you configure Cloud NAT.
If you are creating a compute instance for the first time, see Quickstart using a Linux VM or Quickstart using a Windows Server VM.
For more specific or complicated Compute Engine instance creation, see the following resources:
- Create a VM that uses a user-managed service account.
- Create Windows Server instances.
- Create SQL Server instances.
- Create instances on sole-tenant nodes.
- Create a VM instance with a custom hostname.
- Create VM instances that use the gVNIC network interface.
- Create a VM instance with attached GPUs.
- Create a VM instance with a high performance computing (HPC) image.
- Create VMs in bulk.
- Create a VM instance with an attached instance schedule.
- Create a managed instance group (MIG).
- Create a Confidential VM instance.
- Reserve instances and consume reserved instances.
- Configure a VM instance with higher bandwidth.
If you are bringing an existing license, see Bringing your own licenses.
Before you begin
- When creating compute instances from images or disks by using the Google Cloud CLI or REST, there's a limit of 20 instances per second. If you need to create a higher number of instances per second, request a higher quota limit for the Images resource.
-
If you haven't already, then set up authentication.
Authentication is
the process by which your identity is verified for access to Google Cloud services and APIs.
To run code or samples from a local development environment, you can authenticate to
Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
- Set a default region and zone.
Terraform
To use the Terraform samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
C#
To use the .NET samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
Go
To use the Go samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
Java
To use the Java samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
Node.js
To use the Node.js samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
PHP
To use the PHP samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
Python
To use the Python samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
Ruby
To use the Ruby samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up authentication for a local development environment.
REST
To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
For more information, see Authenticate for using REST in the Google Cloud authentication documentation.
-
Required roles
To get the permissions that you need to create VMs,
ask your administrator to grant you the
Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1
) IAM role on the project.
For more information about granting roles, see Manage access to projects, folders, and organizations.
This predefined role contains the permissions required to create VMs. To see the exact permissions that are required, expand the Required permissions section:
Required permissions
The following permissions are required to create VMs:
-
compute.instances.create
on the project -
To use a custom image to create the VM:
compute.images.useReadOnly
on the image -
To use a snapshot to create the VM:
compute.snapshots.useReadOnly
on the snapshot -
To use an instance template to create the VM:
compute.instanceTemplates.useReadOnly
on the instance template -
To assign a legacy network to the VM:
compute.networks.use
on the project -
To specify a static IP address for the VM:
compute.addresses.use
on the project -
To assign an external IP address to the VM when using a legacy network:
compute.networks.useExternalIp
on the project -
To specify a subnet for your VM:
compute.subnetworks.use
on the project or on the chosen subnet -
To assign an external IP address to the VM when using a VPC network:
compute.subnetworks.useExternalIp
on the project or on the chosen subnet -
To set VM instance metadata for the VM:
compute.instances.setMetadata
on the project -
To set tags for the VM:
compute.instances.setTags
on the VM -
To set labels for the VM:
compute.instances.setLabels
on the VM -
To set a service account for the VM to use:
compute.instances.setServiceAccount
on the VM -
To create a new disk for the VM:
compute.disks.create
on the project -
To attach an existing disk in read-only or read-write mode:
compute.disks.use
on the disk -
To attach an existing disk in read-only mode:
compute.disks.useReadOnly
on the disk
You might also be able to get these permissions with custom roles or other predefined roles.
Create a VM instance from an image
This section explains how to create a VM from a public OS image or a custom image. A VM contains a bootloader, a boot file system, and an OS image. If you are creating an Arm VM, choose an OS image that is Arm-compatible.
View a list of public images available on Compute Engine
Before you create a VM by using a public image, review the list of public images that are available on Compute Engine.
For more information about the features available with each public image, see Feature support by operating system.
Console
In the Google Cloud console, go to the Images page.
gcloud
Run the following command:
gcloud compute images list
Make a note of the name of the image or image family and the name of the project containing the image.
Optional: To determine whether the image supports Shielded VM features, run the following command:
gcloud compute images describe IMAGE_NAME \ --project=IMAGE_PROJECT
Replace the following:
IMAGE_NAME
: name of the image to check for support of Shielded VM featuresIMAGE_PROJECT
: project containing the image
If the image supports Shielded VM features, the following line appears in the output:
type: UEFI_COMPATIBLE
.
C#
Before trying this sample, follow the C# setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine C# API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Go
Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Go API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Java
Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Java API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Node.js
Before trying this sample, follow the Node.js setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Node.js API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
PHP
Before trying this sample, follow the PHP setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine PHP API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Python API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Ruby
Before trying this sample, follow the Ruby setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Ruby API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
REST
Run the following command:
GET https://compute.googleapis.com/compute/v1/projects/IMAGE_PROJECT/global/images/
Make a note of the name of the image or image family and the name of the project containing the image.
Optional: To determine whether the image supports Shielded VM features, run the following command:
GET https://compute.googleapis.com/compute/v1/projects/IMAGE_PROJECT/global/images/IMAGE_NAME
Replace the following:
IMAGE_PROJECT
: project containing the imageIMAGE_NAME
: name of the image to check for support of Shielded VM features
If the image supports Shielded VM features, the following line appears in the output:
type: UEFI_COMPATIBLE
.
Create a VM instance from a public image
Google, open source communities, and third-party vendors provide and maintain public OS images. By default, all Google Cloud projects can create VMs from public OS images. However, if your Google Cloud project has a defined list of trusted images, you can use only the images on that list to create a VM.
If you create a Shielded VM image with a local SSD, you can't shield data with integrity monitoring or the virtual platform trusted module (vTPM).
Console
In the Google Cloud console, go to the VM instances page.
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. For more information, see Resource naming convention.
Optional: Change the Zone for this VM. If you select Any, Google automatically chooses a zone for you based on machine type and availability.
Select a Machine configuration for your VM.
In the Boot disk section, click Change, and then do the following:
- On the Public images tab, choose the following:
- Operating system
- OS version
- Boot disk type
- Boot disk size
- Optional: For advanced configuration options, click Show advanced configuration.
- To confirm your boot disk options, click Select.
- On the Public images tab, choose the following:
In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic. When you select one of these, Compute Engine adds a network tag to your VM, which associates the firewall rule with the VM. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on
tcp:80
(HTTP) ortcp:443
(HTTPS).Optional: If you chose an OS image that supports Shielded VM features, you can modify the Shielded VM settings. To modify Shielded VM settings, expand the Security section in the Advanced options section, and then do the following as required:
To turn on Secure Boot, select Turn on Secure Boot. Secure Boot is disabled by default.
To turn off vTPM, clear the Turn on vTPM checkbox. vTPM is enabled by default. Disabling vTPM also disables integrity monitoring because integrity monitoring relies on data gathered by Measured Boot.
To turn off integrity monitoring, clear the Turn on Integrity Monitoring checkbox. Integrity monitoring is enabled by default.
To create and start the VM, click Create.
gcloud
- Select a public image. Make a note of the name of the image or image family and the name of the project containing the image.
Use the
gcloud compute instances create
command to create a VM from an image family or from a specific version of an OS image.If you specify the optional
--shielded-secure-boot
flag, Compute Engine creates a VM with all three of the Shielded VM features enabled:After Compute Engine starts your VM, you must stop the VM to modify Shielded VM options.
gcloud compute instances create VM_NAME \ --zone=ZONE \ [--image=IMAGE | --image-family=IMAGE_FAMILY] \ --image-project=IMAGE_PROJECT \ --machine-type=MACHINE_TYPE
Replace the following:
VM_NAME
: name of the new VMZONE
: zone to create the instance inIMAGE
orIMAGE_FAMILY
: specify one of the following:IMAGE
: a specific version of a public imageFor example,
--image=debian-10-buster-v20200309
.IMAGE_FAMILY
: an image family.This creates the VM from the most recent, non-deprecated OS image. For example, if you specify
--image-family=debian-10
, Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.
IMAGE_PROJECT
: project containing the imageMACHINE_TYPE
: machine type, predefined or custom, for the new VMTo get a list of the machine types available in a zone, use the
gcloud compute machine-types list
command with the--zones
flag.
Verify that Compute Engine created the VM:
gcloud compute instances describe VM_NAME
Replace
VM_NAME
with the name of the VM.
Terraform
To create a VM, you can use the google_compute_instance
resource.
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
To generate the Terraform code, you can use the Equivalent code component in the Google Cloud console.- In the Google Cloud console, go to the VM instances page.
- Click Create instance.
- Specify the parameters you want.
- At the top or bottom of the page, click Equivalent code, and then click the Terraform tab to view the Terraform code.
C#
C#
Before trying this sample, follow the C# setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine C# API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Go
Go
Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Go API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Java
Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Java API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Node.js
Before trying this sample, follow the Node.js setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Node.js API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
PHP
Before trying this sample, follow the PHP setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine PHP API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Python API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Ruby
Before trying this sample, follow the Ruby setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Ruby API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
REST
- Select a public image. Make a note of the name of the image or image family and the name of the project containing the image.
Use the
instances.insert
method to create a VM from an image family or from a specific version of an OS image:POST https://compute.googleapis.com/compute/v1/projects/
PROJECT_ID
/zones/ZONE
/instances { "machineType":"zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name":"VM_NAME
", "disks":[ { "initializeParams":{ "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE" }, "boot":true } ], "networkInterfaces":[ { "network":"global/networks/NETWORK_NAME" } ], "shieldedInstanceConfig":{ "enableSecureBoot":"ENABLE_SECURE_BOOT" } }Replace the following:
PROJECT_ID
: ID of the project to create the VM inZONE
: zone to create the VM inMACHINE_TYPE_ZONE
: zone containing the machine type to use for the new VMMACHINE_TYPE
: machine type, predefined or custom, for the new VMVM_NAME
: name of the new VMIMAGE_PROJECT
: project containing the image
For example, if you specifydebian-10
as the image family, specifydebian-cloud
as the image project.IMAGE or IMAGE_FAMILY
: specify one of the following:IMAGE
: a specific version of a public image
For example,"sourceImage": "projects/debian-cloud/global/images/debian-10-buster-v20200309"
IMAGE_FAMILY
: an image family
This creates the VM from the most recent, non-deprecated OS image. For example, if you specify"sourceImage": "projects/debian-cloud/global/images/family/debian-10"
, Compute Engine creates a VM from the latest version of the OS image in theDebian 10
image family.
NETWORK_NAME
: the VPC network that you want to use for the VM. You can specifydefault
to use your default network.ENABLE_SECURE_BOOT
: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.If you specify
true
forenableSecureBoot
, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.
Create a bare metal instance from a public image
Google, open source communities, and third-party vendors provide and maintain public OS images. By default, all Google Cloud projects can create bare metal instances using supported public OS images. However, if your Google Cloud project has a defined list of trusted images, you can use only the images on that list to create a bare metal instance.
Console
In the Google Cloud console, go to the VM instances page.
Select your project and click Continue.
Click Create instance.
Specify a Name for your instance. For more information, see Resource naming convention.
Optional: Change the Zone for this instance. If you choose a zone that doesn't have any available bare metal servers, you are prompted to choose a different zone.
In the Machine configuration section, do one of the following:
- Click the General purpose tab, and then select C3.
- Click the Memory optimized tab, and then select X4.
For the Machine type, click the list. In the filter box, type in
metal
, and then select one of the available types.In the Availability policies section, click VM provisioning model advanced settings to expand the section. Make sure the value for On host maintenance is
Terminate instance
.In the Boot disk section, click Change, and then do the following:
- On the Public images tab, choose the following:
- Operating system
- OS version
- Boot disk type
- Boot disk size
- Optional: For Hyperdisk Balanced boot disks, choose the Provisioned IOPS and Provisioned throughput settings for the disk.
- Optional: For additional disk configuration options, click Show advanced configuration.
To confirm your boot disk options, click Select.
- On the Public images tab, choose the following:
In the Firewall section, to permit HTTP or HTTPS traffic to the bare metal instance, select Allow HTTP traffic or Allow HTTPS traffic. When you select one of these options, Compute Engine adds a network tag to your instance, which associates the firewall rule with the instance. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on
tcp:80
(HTTP) ortcp:443
(HTTPS).Expand the Advanced options section, and then expand the Networking section. Make sure the Network interface card is set to IDPF.
To create and start the bare metal instance, click Create.
gcloud
- Select a public image that supports bare metal instances. Make a note of the name of the image or image family and the name of the project containing the image.
Use the
gcloud compute instances create
command to create a bare metal instance from an image family or from a specific version of an OS image.gcloud compute instances create INSTANCE_NAME \ --zone=ZONE \ --machine-type=MACHINE_TYPE \ --network-interface=nic-type=IDPF \ --maintenance-policy=TERMINATE \ --create-disk=boot=yes,image=projects/IMAGE_PROJECT/global/images/IMAGE,provisioned-iops=IOPS,provisioned-throughput=THROUGHPUT,size=SIZE,type=hyperdisk-balanced \ --no-shielded-secure-boot
Replace the following:
INSTANCE_NAME
: a name for the new bare metal instanceZONE
: zone to create the bare metal instance inMACHINE_TYPE
: the bare metal machine type to use for the instance. The name of the machine type must end in-metal
.To get a list of the machine types available in a zone, use the
gcloud compute machine-types list
command with the--zones
flag.IMAGE_PROJECT
: the image project that contains the imageIMAGE
: specify one of the following:- A specific version of the OS image—for example,
sles-15-sp4-sap-v20240208-x86-6
. - An image family, which must be
formatted as
family/IMAGE_FAMILY
. This creates the instance from the most recent, non-deprecated OS image. For example, if you specifyfamily/sles-15-sp4-sap
, Compute Engine creates a bare metal instance from the latest version of the OS image in the SUSE Linux Enterprise Server 15 SP4 image family. For more information about using image families, see Image families best practices.
- A specific version of the OS image—for example,
IOPS
: Optional: the highest number of I/O operations per second (IOPS) that the disk can handle.THROUGHPUT
: Optional: an integer that represents the highest throughput, measured in MiB per second, that the disk can handle.SIZE
: Optional: the size of the new disk. The value must be a whole number. The default unit of measurement is GiB.
Verify that Compute Engine created the instance:
gcloud compute instances describe INSTANCE_NAME
Replace
INSTANCE_NAME
with the name of the new instance.
REST
- Select a public image that supports bare metal instances. Make a note of the name of the image or image family and the name of the project containing the image.
Use the
instances.insert
method to create a bare metal instance from an image family or from a specific version of an OS image:POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances { "machineType": "projects/PROJECT_ID/zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name": "INSTANCE_NAME", "disks": [ { "boot": true, "initializeParams": { "diskSizeGb": "DISK_SIZE", "diskType": "hyperdisk-balanced", "provisionedIops": "IOPS_LIMIT", "provisionedThroughput": "THROUGHPUT_LIMIT", "sourceImage": "projects/IMAGE_PROJECT/global/images/IMAGE" } } ], "networkInterfaces": [ { "nicType": "IDPF" } ], "scheduling": { "onHostMaintenance": "TERMINATE" } }
Replace the following:
PROJECT_ID
: ID of the project to create the bare metal instance inZONE
: zone to create the bare metal instance inMACHINE_TYPE_ZONE
: zone that contains the machine type to use for the new bare metal instanceMACHINE_TYPE
: the machine type to use for the instance. The name of the machine type must end in-metal
.INSTANCE_NAME
: name of the new instanceDISK_SIZE
: disk size in GiBIOPS_LIMIT
: the number of I/O operations per second that you want to provision for the disk.THROUGHPUT_LIMIT
: an integer that represents the throughput, measured in MB per second, that you want to provision for the disk.IMAGE_PROJECT
: the image project that contains the imageIMAGE
: specify one of the following:- A specific version of the OS image—for example,
sles-15-sp4-sap-v20240208-x86-6
. - An image family, which must be
formatted as
family/IMAGE_FAMILY
. This creates the instance from the most recent, non-deprecated OS image. For example, if you specifyfamily/sles-15-sp4-sap
, Compute Engine creates a bare metal instance from the latest version of the OS image in the SUSE Linux Enterprise Server 15 SP4 image family. For more information about using image families, see Image families best practices.
- A specific version of the OS image—for example,
Create a VM from a custom image
A custom image belongs only to your project. To create a VM with a custom image, you must first create a custom image if you don't already have one.
Console
In the Google Cloud console, go to the VM instances page.
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. For more information, see Resource naming convention.
Optional: Change the Zone for this VM. If you select Any, Google automatically chooses a zone for you based on machine type and availability.
Select a Machine configuration for your VM.
In the Boot disk section, click Change, and then do the following:
- Select the Custom Images tab.
- To select the image project, click Select a project, and then do
the following:
- Select the project that contains the image.
- Click Open.
- In the Image list, click the image that you want to import.
- Select the type and size of your boot disk.
- Optional: For advanced configuration options, click Show advanced configuration.
- To confirm your boot disk options, click Select.
In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.
The Google Cloud console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on
tcp:80
(HTTP) ortcp:443
(HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Cloud Next Generation Firewall documentation.To create and start the VM, click Create.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
Run the
gcloud compute instances create
command to create a VM with a custom image:gcloud compute instances create VM_NAME \ --image-project IMAGE_PROJECT \ [--image IMAGE | --image-family IMAGE_FAMILY] --subnet SUBNET
Replace the following:
VM_NAME
: name of the VMIMAGE_PROJECT
: Project ID that contains the imageIMAGE
orIMAGE_FAMILY
: specify one of the following:IMAGE
: name of your custom imageFor example,
--image=my-debian-image-v2
.IMAGE_FAMILY
: if you created your custom images as part of a custom image family, specify that custom image family.This creates the VM from the most recent, non-deprecated OS image and OS version in your custom image family. For example, if you specify
--image-family=my-debian-family
, Compute Engine creates a VM from the latest OS image in your custommy-debian-family
image family.
SUBNET
: If the subnet and instance are in the same project, replace SUBNET with the name of a subnet that is in the same region as the instance.
Terraform
To generate the Terraform code, you can use the Equivalent code component in the Google Cloud console.- In the Google Cloud console, go to the VM instances page.
- Click Create instance.
- Specify the parameters you want.
- At the top or bottom of the page, click Equivalent code, and then click the Terraform tab to view the Terraform code.
Go
Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Go API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Java
Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Java API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Node.js
Before trying this sample, follow the Node.js setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Node.js API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Python API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
REST
The process for creating a VM with a custom image in the API is the same as if you were creating a VM with a publicly available image.
To create the VM from a custom image, use the
instances.insert
method.
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID
/zones/ZONE
/instances { "machineType":"zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name":"VM_NAME
", "disks":[ { "initializeParams":{ "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE" }, "boot":true } ], "networkInterfaces":[ { "network":"global/networks/NETWORK_NAME" } ], "shieldedInstanceConfig":{ "enableSecureBoot":"ENABLE_SECURE_BOOT" } }
Replace the following:
PROJECT_ID
: ID of the project to create the VM inZONE
: zone to create the VM inMACHINE_TYPE_ZONE
: zone containing the machine type to use for the new VMMACHINE_TYPE
: machine type, predefined or custom, for the new VMVM_NAME
: name of the new VMIMAGE_PROJECT
: name of the project that contains the custom imageIMAGE
orIMAGE_FAMILY
: specify one of the following:IMAGE
: name of your custom image. For example,"sourceImage": "projects/my-project-1234/global/images/my-debian-image-v2"
.IMAGE_FAMILY
: if you created your custom images as part of a custom image family, specify that custom image family.This creates the VM from the most recent, non-deprecated OS image in your custom image family. For example, if you specify
"sourceImage": "projects/my-project-1234/global/images/family/my-debian-family"
, Compute Engine creates a VM from the latest version of the OS image in the custommy-debian-family
image family.
NETWORK_NAME
: the VPC network that you want to use for the VM. You can specifydefault
to use your default network.ENABLE_SECURE_BOOT
: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.If you specify
true
forenableSecureBoot
, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.
Create a VM instance with additional non-boot disks
When you create a VM, you can also create and attach additional non-boot disks to the VM at the same time.
However, if you want to create a disk in multi-writer mode, you can't create the disk at the same time that you create the VM. You must create the disk first, then you can attach it to the VM.
Console
In the Google Cloud console, go to the VM instances page.
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. For more information, see Resource naming convention.
Optional: Change the Zone for this VM. If you select Any, Google automatically chooses a zone for you based on machine type and availability.
Select a Machine configuration for your VM.
In the Boot disk section, click Change, and then do the following:
- In the Public images tab, choose the following:
- Operating system
- OS version
- Boot disk type
- Boot disk size
- Optional: For advanced configuration options, click Show advanced configuration.
- To confirm your boot disk options, click Select.
- In the Public images tab, choose the following:
In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic. When you select one of these, Compute Engine adds a network tag to your VM, which associates the firewall rule with the VM. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on
tcp:80
(HTTP) ortcp:443
(HTTPS).To add non-boot disks to your VM, expand the Advanced options section, and then do the following:
- Expand the Disks section.
- Click Add new disk, and then do the following:
- Specify a disk Name, Type, Source type, and Size.
- In the Attachment settings section, select disk's attachment Mode and the Deletion rule. For more information about adding new disks, see Add a persistent disk to your VM.
- Click Save.
To create and start the VM, click Create.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
Run the
gcloud compute instances create
command to create a VM with additional non-boot disks.You can add up to 127 non-boot disks while you're creating your VM. Specify the
--create-disk
flag for each non-boot disk you create.To create non-boot disks from a public or stock image, specify the
image
orimage-family
andimage-project
properties with the--create-disk
flag. To create a blank disk, don't include these properties. You can optionally include properties for the disksize
andtype
. Include the propertyreplica-zones
to create regional persistent disks.gcloud compute instances create VM_NAME \ --zone=ZONE \ [--image=IMAGE | --image-family=IMAGE_FAMILY] \ --image-project=IMAGE_PROJECT \ --create-disk [image=DISK_IMAGE | image-family=DISK_IMAGE_FAMILY ], \ image-project=DISK_IMAGE_PROJECT,size=SIZE_GB,type=DISK_TYPE \ --create-disk device-name=DISK_NAME, \ replica-zones=^:^ZONE:REMOTE-ZONE,boot=false
Replace the following:
VM_NAME
: name of the new VMZONE
: zone to create the VM inIMAGE
orIMAGE_FAMILY
. Specify one of the following:IMAGE
: a specific version of a public imageFor example,
--image=debian-10-buster-v20200309
.IMAGE_FAMILY
: an image familyThis creates the VM from the most recent, non-deprecated OS image. For example, if you specify
--image-family=debian-10
, Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.
IMAGE_PROJECT
: project containing the imageFor additional disks, replace the following:
DISK_IMAGE
orDISK_IMAGE_FAMILY
: Specify one of the following:DISK_IMAGE
: name of the image that you want to use as a non-boot diskDISK_IMAGE_FAMILY
: an image family to use as a non-boot disk
DISK_IMAGE_PROJECT
: an image project to which the disk image belongsSIZE_GB
: Optional: size of the non-boot diskDISK_TYPE
: Optional: full or partial URL for the type of the persistent diskFor example,
https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/diskTypes/pd-ssd
. To view the available disk types, run thegcloud compute disk-types list
command.DISK_NAME
: Optional: the disk name displayed to the guest OS after the VM is created.REMOTE_ZONE
: the zone where the disk should be replicated to
For blank disks, don't specify the
DISK_IMAGE
,DISK_IMAGE_FAMILY
, orDISK_IMAGE_PROJECT
parameters.For zonal disks, don't specify the disk property
replica-zones
.
Terraform
To generate the Terraform code, you can use the Equivalent code component in the Google Cloud console.- In the Google Cloud console, go to the VM instances page.
- Click Create instance.
- Specify the parameters you want.
- At the top or bottom of the page, click Equivalent code, and then click the Terraform tab to view the Terraform code.
Go
Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Go API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Java
Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Java API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Node.js
Before trying this sample, follow the Node.js setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Node.js API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Python API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
REST
You can create up to 127 non-boot disks at the time you create a
VM by using the initializeParams
property for each additional
disk. Create additional disks with a public or private image.
To add a blank disk, define the initializeParams
entry with no
sourceImage
value. Include the disk property replicaZones
to create
regional persistent disks.
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID
/zones/ZONE
/instances { "machineType":"zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name":"VM_NAME
", "disks":[ { "initializeParams":{ "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE" }, "boot":true }, { "initializeParams":{ "diskSizeGb":"SIZE_GB", "sourceImage":"projects/DISK_IMAGE_PROJECT/global/images/DISK_IMAGE", "diskType":"DISK_TYPE" } }, { "initializeParams":{ "diskSizeGb":"SIZE_GB", "diskType":"DISK_TYPE" }, }, { "boot": false, "deviceName":"DISK_NAME", "initializeParams": { "diskType": "DISK_TYPE", "replicaZones": [ "projects/PROJECT_ID/zones/ZONE", "projects/PROJECT_ID/zones/REMOTE_ZONE" ] } } ], "networkInterfaces":[ { "network":"global/networks/NETWORK_NAME" } ], "shieldedInstanceConfig":{ "enableSecureBoot":"ENABLE_SECURE_BOOT" } }
Replace the following:
PROJECT_ID
: ID of the project to create the VM inZONE
: zone to create the VM inMACHINE_TYPE_ZONE
: zone containing the machine type to use for the new VMMACHINE_TYPE
: machine type, predefined or custom, for the new VMVM_NAME
: name of the new VMIMAGE_PROJECT
: project containing the image
For example, if you specifydebian-10
as the image family, specifydebian-cloud
as the image project.IMAGE or IMAGE_FAMILY
: specify one of the following:IMAGE
: a specific version of a public image
For example,"sourceImage": "projects/debian-cloud/global/images/debian-10-buster-v20200309"
IMAGE_FAMILY
: an image family
This creates the VM from the most recent, non-deprecated OS image. For example, if you specify"sourceImage": "projects/debian-cloud/global/images/family/debian-10"
, Compute Engine creates a VM from the latest version of the OS image in theDebian 10
image family.
- For additional disks, replace the following:
SIZE_GB
: disk sizeDISK_IMAGE
orDISK_IMAGE_FAMILY
: Specify either a source image or image family for the non-boot disk:DISK_IMAGE
: name of the image that you want to use as a non-boot disk For example,"sourceImage": "projects/DISK_IMAGE_PROJECT/global/images/DISK_IMAGE"
.DISK_IMAGE_FAMILY
: an image family to use as a non-boot disk For example,"sourceImage": "projects/DISK_IMAGE_PROJECT/global/images/family/DISK_IMAGE_FAMILY"
.
DISK_TYPE
: full or partial URL for the type of the persistent disk. For example,https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/diskTypes/pd-ssd
.DISK_NAME
: Optional. The disk name displayed to the guest OS after the VM is created.REMOTE_ZONE
: the zone to replicate the regional disk to
For blank disks, don't specify the
sourceImage
property. For zonal disks, don't specify thereplicaZones
property. NETWORK_NAME
: the VPC network that you want to use for the VM. You can specifydefault
to use your default network.ENABLE_SECURE_BOOT
: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.If you specify
true
forenableSecureBoot
, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.
Format and mount the disks before using them.
Create a VM instance from a shared image
If another user has shared an image with you, you can use the image to create a VM.
Console
In the Google Cloud console, go to the Create an instance page.
- Specify a Name for your VM. For more information, see Resource naming convention.
- Optional: Change the Zone for this VM. If you select Any, Google automatically chooses a zone for you based on machine type and availability.
- Select a Machine configuration for your VM.
- In the Boot disk section, click Change to configure your boot disk, and then do the following:
- Select the Custom Images tab.
- To select the image project, click Select a project, and then do the following:
- Select the project that contains the image.
- Click Open.
- In the Image list, click the image that you want to import.
- Select the type and size of your boot disk.
- To confirm your boot disk options, click Select.
To permit HTTP or HTTPS traffic to the VM, in the Firewall section, select Allow HTTP traffic or Allow HTTPS traffic.
The Google Cloud console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on
tcp:80
(HTTP) ortcp:443
(HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Cloud Next Generation Firewall documentation.- To start and create a VM, click Create.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
-
Create a VM by using the
gcloud compute instances create command
, and use the--image
and--image-project
flags to specify the image name and the project where the image resides:gcloud compute instances create VM_NAME \ --image=IMAGE \ --image-project=IMAGE_PROJECT
Replace the following:
VM_NAME
: name for the new VMIMAGE
: name of the imageIMAGE_PROJECT
: project to which the image belongs
If the command is successful,
gcloud
responds with the properties of the new VM:Created [https://compute.googleapis.com/compute/v1/projects/myproject/zones/us-central1-b/instances/example-instance]. NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS example-instance us-central1-b e2-standard-2 10.240.0.4 104.198.53.60 RUNNING
Terraform
The process for creating a VM with a shared image in Terraform is the same as if you were creating a VM with a publicly available image.
- In the Google Cloud console, go to the VM instances page.
- Click Create instance.
- Specify the parameters you want.
- At the top or bottom of the page, click Equivalent code, and then click the Terraform tab to view the Terraform code.
REST
The process for creating a VM with a shared image in the API is the same as if you were
creating a VM with a publicly available image.
To create the VM from a shared image, use the
instances.insert
method.
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID
/zones/ZONE
/instances { "machineType":"zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name":"VM_NAME
", "disks":[ { "initializeParams":{ "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE" }, "boot":true } ], "networkInterfaces":[ { "network":"global/networks/NETWORK_NAME" } ], "shieldedInstanceConfig":{ "enableSecureBoot":"ENABLE_SECURE_BOOT" } }
Replace the following:
PROJECT_ID
: ID of the project to create the VM inZONE
: zone to create the VM inMACHINE_TYPE_ZONE
: zone containing the machine type to use for the new VMMACHINE_TYPE
: machine type, predefined or custom, for the new VMVM_NAME
: name of the new VMIMAGE_PROJECT
: name of the project that contains the shared imageIMAGE
orIMAGE_FAMILY
: specify one of the following:IMAGE
: name of the shared image. For example,"sourceImage": "projects/finance-project-1234/global/images/finance-debian-image-v2"
.IMAGE_FAMILY
: if the shared image is created as part of a custom image family, specify that custom image family.This creates the VM from the most recent, non-deprecated OS image in your custom image family. For example, if you specify
"sourceImage": "projects/finance-project-1234/global/images/family/finance-debian-family"
, Compute Engine creates a VM from the latest version of the OS image in the customfinance-debian-family
image family.
NETWORK_NAME
: the VPC network that you want to use for the VM. You can specifydefault
to use your default network.ENABLE_SECURE_BOOT
: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.If you specify
true
forenableSecureBoot
, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.
Create a VM from a snapshot
You can create a new VM from a snapshot in the following ways:
Restoring a VM boot disk: If you backed up a VM's boot disk with a snapshot, you can use that snapshot to create a new VM. For instructions, see Restoring a boot disk snapshot to a new VM.
Restoring a non-boot disk: If you backed up a non-boot disk with a snapshot, you can restore the snapshot to a new non-boot disk when you create a VM. For instructions, see Creating a VM with a non-boot disk based on a snapshot.
To quickly create more than one VM with the same boot disk, create a custom image, then create VMs from that image instead of using a snapshot.
Create a VM instance from a container image
To deploy and launch a container on a Compute Engine VM, specify a container image name and optional configuration parameters when you create the VM. Compute Engine creates the VM by using the latest version of the Container-optimized OS public image, which has Docker installed. Then, Compute Engine launches the container when the VM starts. For more information, see Deploying containers on VMs.
To create a VM from a container image, you must use the Google Cloud console or gcloud
.
Console
In the Google Cloud console, go to the VM instances page.
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. For more information, see Resource naming convention.
In the Container section, click Deploy container.
Specify the Container image to use. For example:
To select an NGINX 1.12 container image from Cloud Launcher:
gcr.io/cloud-marketplace/google/nginx1:1.12
To deploy an Apache container image from Docker Hub, always specify the full Docker image name:
docker.io/httpd:2.4
Optional: Click Advanced container options. For more information, see Configuring options to run your container.
To create the VM, boot the VM, and launch the container, click Create.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
Run the
gcloud compute instances create-with-container
command:gcloud compute instances create-with-container VM_NAME \ --container-image=CONTAINER_IMAGE
Replace the following:
VM_NAME
: name for the new VM.CONTAINER_IMAGE
: name of the container image.
For example, the following command creates a VM named
nginx-vm
, which launches and runs the container image:gcr.io/cloud-marketplace/google/nginx1:1.12
gcloud compute instances create-with-container nginx-vm \ --container-image=gcr.io/cloud-marketplace/google/nginx1:1.12
To deploy an Apache container image from Docker Hub, always specify the full Docker image name:
docker.io/httpd:2.4
.
Create a VM instance in a specific subnet
By default, Google Cloud creates an
auto mode VPC network called default
for each
project. To use a different network or a subnet that you manually created in an
auto mode or custom mode VPC network, you must specify the subnet when you
create the VM.
While creating a VM in a subnet, consider these rules:
- If you don't specify a network or subnet, Compute Engine uses the default VPC network and the auto subnet that's in the same region as the VM.
- If you don't specify a network, Compute Engine infers the network from the subnet specified.
- If you specify a network, you must specify a subnet and it must belong to the same network. Otherwise, VM creation fails.
Console
In the Google Cloud console, go to the VM instances page.
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. For more information, see Resource naming convention.
Optional: Change the Zone for this VM. If you select Any, Google automatically chooses a zone for you based on machine type and availability.
In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.
The Google Cloud console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on
tcp:80
(HTTP) ortcp:443
(HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Cloud NGFW documentation.Expand the Advanced options section.
- Expand the Networking section.
- For Network interfaces, specify the network details:
- In the Network field, select the VPC network that contains the subnet you created.
- In the Subnet field, select the subnet for the VM to use.
- Click Done.
To create and start the VM, click Create.
gcloud
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
Using the Google Cloud CLI, follow the same instructions to create a VM from an image or a snapshot, and add the
--subnet=SUBNET_NAME
and--zone=ZONE
flags when you run thegcloud compute instances create
command:gcloud compute instances create VM_NAME \ --network=NETWORK_NAME \ --subnet=SUBNET_NAME \ --zone=ZONE
Replace the following:
VM_NAME
: name of the VMNETWORK_NAME
: Optional: name of the networkSUBNET_NAME
: name of the subnetTo view a list of subnets in the network, use the
gcloud compute networks subnets list
command.ZONE
: zone where the VM is created, such aseurope-west1-b
The VM's region is inferred from the zone.
Terraform
To create a VM in a specific subnet, you can use the google_compute_instance
resource.
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
The process for creating a VM with a shared image in Terraform is the same as if you were creating a VM with a publicly available image.
- In the Google Cloud console, go to the VM instances page.
- Click Create instance.
- Specify the parameters you want.
- At the top or bottom of the page, click Equivalent code, and then click the Terraform tab to view the Terraform code.
Go
Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Go API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Java
Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Java API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Node.js
Before trying this sample, follow the Node.js setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Node.js API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
Python
Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Python API reference documentation.
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.
REST
Follow the API instructions to
create a VM from an image or a
snapshot, but specify the subnet
field in the request
body. To add blank disks, don't add a source image. You can optionally
specify the diskSizeGb
, diskType
, and
labels
properties.
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID
/zones/ZONE
/instances { "machineType":"zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name":"VM_NAME
", "disks":[ { "initializeParams":{ "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE" }, "boot":true } ], "networkInterfaces":[ { "network":"global/networks/NETWORK_NAME", "subnetwork":"regions/REGION/subnetworks/SUBNET_NAME", "accessConfigs":{ "name":"External NAT", "type":"ONE_TO_ONE_NAT" } } ], "shieldedInstanceConfig":{ "enableSecureBoot":"ENABLE_SECURE_BOOT" } }
Replace the following:
PROJECT_ID
: ID of the project to create the VM inZONE
: zone to create the VM inMACHINE_TYPE_ZONE
: zone containing the machine type to use for the new VMMACHINE_TYPE
: machine type, predefined or custom, for the new VMVM_NAME
: name of the new VMIMAGE_PROJECT
: project containing the image
For example, if you specifydebian-10
as the image family, specifydebian-cloud
as the image project.IMAGE or IMAGE_FAMILY
: specify one of the following:IMAGE
: a specific version of a public image
For example,"sourceImage": "projects/debian-cloud/global/images/debian-10-buster-v20200309"
IMAGE_FAMILY
: an image family
This creates the VM from the most recent, non-deprecated OS image. For example, if you specify"sourceImage": "projects/debian-cloud/global/images/family/debian-10"
, Compute Engine creates a VM from the latest version of the OS image in theDebian 10
image family.
NETWORK_NAME
: the VPC network that you want to use for the VM. You can specifydefault
to use your default network.REGION
: region where the specified subnet existsSUBNET_NAME
: name of the subnetENABLE_SECURE_BOOT
: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.If you specify
true
forenableSecureBoot
, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.
Create a VM that's configured for Ops Agent monitoring and logging
The Ops Agent collects telemetry data for VMs that you can then use for troubleshooting and performance tuning. You can install Ops Agent while creating a VM or on existing VMs as described in the following topics:
Install the Ops Agent when you create a VM using the Google Cloud console: Enable automatic installation of Ops Agent by selecting the Install the Ops Agent for Monitoring and Logging checkbox on the Create an instance page. This option enables VM Manager in limited functionality mode and it creates an OS policy assignment for installing Ops Agent on the VM. For more information, see Install Ops Agent during VM creation.
Install the Ops Agent on existing VMs: Use the Google Cloud console, the gcloud CLI, or an automation tool to install Ops Agent on a fleet of VMs or on individual VMs. For instructions, see Install the Ops Agent.
Troubleshooting
To find methods for resolving common VM creation errors, see Troubleshooting VM creation.
What's next?
Check the status of the VM to see when it's ready to use.
Learn how to use snapshots to back up your persistent disks.
Learn how to create and attach a non-boot storage disk to your VM to store your data separately from the boot disk.
Learn how to connect to your VM.
Learn how to scale out your VM into a group of VMs.
Try it for yourself
If you're new to Google Cloud, create an account to evaluate how Compute Engine performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
Try Compute Engine free