- NAME
- 
- gcloud alpha compute instances create - create Compute Engine virtual machine instances
 
- SYNOPSIS
- 
- 
gcloud alpha compute instances createINSTANCE_NAMES[INSTANCE_NAMES…] [--accelerator=[count=COUNT],[type=TYPE]] [--async] [--availability-domain=AVAILABILITY_DOMAIN] [--no-boot-disk-auto-delete] [--boot-disk-device-name=BOOT_DISK_DEVICE_NAME] [--boot-disk-interface=BOOT_DISK_INTERFACE] [--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS] [--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT] [--boot-disk-size=BOOT_DISK_SIZE] [--boot-disk-type=BOOT_DISK_TYPE] [--can-ip-forward] [--create-disk=[PROPERTY=VALUE,…]] [--csek-key-file=FILE] [--deletion-protection] [--description=DESCRIPTION] [--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP] [--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[force-attach=FORCE-ATTACH],[interface=INTERFACE],[mode=MODE],[name=NAME],[scope=SCOPE]] [--enable-display-device] [--[no-]enable-nested-virtualization] [--[no-]enable-uefi-networking] [--enable-watchdog-timer] [--erase-windows-vss-signature] [--external-ipv6-address=EXTERNAL_IPV6_ADDRESS] [--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH] [--graceful-shutdown] [--graceful-shutdown-max-duration=GRACEFUL_SHUTDOWN_MAX_DURATION] [--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS] [--hostname=HOSTNAME] [--instance-termination-action=INSTANCE_TERMINATION_ACTION] [--internal-ipv6-address=INTERNAL_IPV6_ADDRESS] [--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH] [--ipv6-address=IPV6_ADDRESS] [--ipv6-network-tier=IPV6_NETWORK_TIER] [--ipv6-prefix-length=IPV6_PREFIX_LENGTH] [--ipv6-public-ptr-domain=IPV6_PUBLIC_PTR_DOMAIN] [--key-revocation-action-type=POLICY] [--labels=[KEY=VALUE,…]] [--local-nvdimm=[size=SIZE]] [--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE],[size=SIZE]] [--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT] [--machine-type=MACHINE_TYPE] [--maintenance-freeze-duration=MAINTENANCE_FREEZE_DURATION] [--maintenance-interval=MAINTENANCE_INTERVAL] [--max-run-duration=MAX_RUN_DURATION] [--metadata=KEY=VALUE,[KEY=VALUE,…]] [--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]] [--min-cpu-platform=PLATFORM] [--min-node-cpu=MIN_NODE_CPU] [--network=NETWORK] [--network-performance-configs=[PROPERTY=VALUE,…]] [--network-tier=NETWORK_TIER] [--node-project=NODE_PROJECT] [--numa-node-count=NUMA_NODE_COUNT] [--partner-metadata=[NAMESPACE/KEY=VALUE,…]] [--partner-metadata-from-file=LOCAL_FILE_PATH] [--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT] [--post-key-revocation-action-type=POLICY] [--preemptible] [--preemption-notice-duration=PREEMPTION_NOTICE_DURATION] [--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE] [--private-network-ip=PRIVATE_NETWORK_IP] [--provisioning-model=PROVISIONING_MODEL] [--request-valid-for-duration=REQUEST_VALID_FOR_DURATION] [--no-require-csek-key-create] [--resource-manager-tags=[KEY=VALUE,…]] [--resource-policies=[RESOURCE_POLICY,…]] [--no-restart-on-failure] [--secure-tags=SECURE_TAG,[SECURE_TAG,…]] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--[no-]skip-guest-os-shutdown] [--source-instance-template=SOURCE_INSTANCE_TEMPLATE] [--source-machine-image=SOURCE_MACHINE_IMAGE] [--source-machine-image-csek-key-file=FILE] [--stack-type=STACK_TYPE] [--subnet=SUBNET] [--tags=TAG,[TAG,…]] [--termination-time=TERMINATION_TIME] [--threads-per-core=THREADS_PER_CORE] [--turbo-mode=TURBO_MODE] [--visible-core-count=VISIBLE_CORE_COUNT] [--zone=ZONE] [--address=ADDRESS|--no-address] [--boot-disk-kms-key=BOOT_DISK_KMS_KEY:--boot-disk-kms-keyring=BOOT_DISK_KMS_KEYRING--boot-disk-kms-location=BOOT_DISK_KMS_LOCATION--boot-disk-kms-project=BOOT_DISK_KMS_PROJECT] [--confidential-compute|--confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE] [--custom-cpu=CUSTOM_CPU--custom-memory=CUSTOM_MEMORY:--custom-extensions--custom-vm-type=CUSTOM_VM_TYPE] [--image-family-scope=IMAGE_FAMILY_SCOPE--image-project=IMAGE_PROJECT--source-snapshot-region=SOURCE_SNAPSHOT_REGION--image=IMAGE|--image-family=IMAGE_FAMILY|--source-instant-snapshot=SOURCE_INSTANT_SNAPSHOT|--source-snapshot=SOURCE_SNAPSHOT] [--instance-kms-key=INSTANCE_KMS_KEY:--instance-kms-keyring=INSTANCE_KMS_KEYRING--instance-kms-location=INSTANCE_KMS_LOCATION--instance-kms-project=INSTANCE_KMS_PROJECT] [--maintenance-policy=MAINTENANCE_POLICY|--on-host-maintenance=MAINTENANCE_POLICY] [--network-interface=[PROPERTY=VALUE,…] |--network-interface-from-file=KEY=LOCAL_FILE_PATH|--network-interface-from-json-string=NETWORK_INTERFACE_JSON_STRING] [--node=NODE|--node-affinity-file=PATH_TO_FILE|--node-group=NODE_GROUP] [--public-dns|--no-public-dns] [--public-ptr|--no-public-ptr] [--public-ptr-domain=PUBLIC_PTR_DOMAIN|--no-public-ptr-domain] [--reservation=RESERVATION--reservation-affinity=RESERVATION_AFFINITY; default="any"] [--scopes=[SCOPE,…] |--no-scopes] [--service-account=SERVICE_ACCOUNT|--no-service-account] [GCLOUD_WIDE_FLAG …]
 
- 
- DESCRIPTION
- 
(ALPHA)gcloud alpha compute instances createfacilitates the creation of Compute Engine virtual machines.When an instance is in RUNNING state and the system begins to boot, the instance creation is considered finished, and the command returns with a list of new virtual machines. Note that you usually cannot log into a new instance until it finishes booting. Check the progress of an instance using gcloud compute instances get-serial-port-output.For more examples, refer to the EXAMPLESsection below.
- EXAMPLES
- 
To create an instance with the latest 'Red Hat Enterprise Linux 8' image
available, run:
gcloud alpha compute instances create example-instance --image-family=rhel-8 --image-project=rhel-cloud --zone=us-central1-aTo create instances called 'example-instance-1', 'example-instance-2', and 'example-instance-3' in the 'us-central1-a' zone, run: gcloud alpha compute instances create example-instance-1 example-instance-2 example-instance-3 --zone=us-central1-aTo create an instance called 'instance-1' from a source snapshot called 'instance-snapshot' in zone 'us-central1-a' and attached regional disk 'disk-1', run: gcloud alpha compute instances create instance-1 --source-snapshot=https://compute.googleapis.com/compute/v1/projects/myproject/global/snapshots/instance-snapshot --zone=us-central1-a --disk=name=disk1,scope=regionalTo create an instance called instance-1 as a Shielded VM instance with Secure Boot, virtual trusted platform module (vTPM) enabled and integrity monitoring, run: gcloud alpha compute instances create instance-1 --zone=us-central1-a --shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoringTo create a preemptible instance called 'instance-1', run: gcloud alpha compute instances create instance-1 --machine-type=n1-standard-1 --zone=us-central1-b --preemptible --no-restart-on-failure --maintenance-policy=terminate
- POSITIONAL ARGUMENTS
- 
- INSTANCE_NAMES[- INSTANCE_NAMES…]
- Names of the instances to create. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances
 
- FLAGS
- 
- --accelerator=[- count=- COUNT],[- type=- TYPE]
- 
Attaches accelerators (e.g. GPUs) to the instances.
- type
- The specific type (e.g. nvidia-tesla-t4 for NVIDIA T4) of accelerator to attach to the instances. Use 'gcloud compute accelerator-types list' to learn about all available accelerator types.
- count
- Number of accelerators to attach to each instance. The default value is 1.
 
- --async
- Return immediately, without waiting for the operation in progress to complete.
- --availability-domain=- AVAILABILITY_DOMAIN
- 
Specifies the availability domain that this VM instance should be scheduled on.
The number of availability domains that a VM can be scheduled on is specified
when you create the spread placement policy.
Specify a value from 1 to the number of domains that are available in your placement policy. 
- --boot-disk-auto-delete
- 
Automatically delete boot disks when their instances are deleted. Enabled by
default, use --no-boot-disk-auto-deleteto disable.
- --boot-disk-device-name=- BOOT_DISK_DEVICE_NAME
- The name the guest operating system will see for the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk).
- --boot-disk-interface=- BOOT_DISK_INTERFACE
- 
Indicates the interface to use for the boot disk. The value must be one of the
following:
- SCSI
- NVME
 
- --boot-disk-provisioned-iops=- BOOT_DISK_PROVISIONED_IOPS
- Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.
- --boot-disk-provisioned-throughput=- BOOT_DISK_PROVISIONED_THROUGHPUT
- Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
- --boot-disk-size=- BOOT_DISK_SIZE
- 
The size of the boot disk. This option can only be specified if a new boot disk
is being created (as opposed to mounting an existing persistent disk). The value
must be a whole number followed by a size unit of
KBMBGBTB10GBGB
- --boot-disk-type=- BOOT_DISK_TYPE
- 
The type of the boot disk. This option can only be specified if a new boot disk
is being created (as opposed to mounting an existing persistent disk). To get a
list of available disk types, run $ gcloud compute disk-types list.
- --can-ip-forward
- If provided, allows the instances to send and receive packets with non-matching destination or source IP addresses.
- --create-disk=[- PROPERTY=- VALUE,…]
- 
Creates and attaches persistent disks to the instances.
- name
- Specifies the name of the disk. This option cannot be specified if more than one instance is being created.
- description
- Optional textual description for the disk being created.
- mode
- 
Specifies the mode of the disk. Supported options are
rorwrw
- image
- 
Specifies the name of the image that the disk will be initialized with. A new
disk will be created based on the given image. To view a list of public images
and projects, run $ gcloud compute images list. It is best practice to use image when a specific version of an image is needed. If both image and image-family flags are omitted a blank disk will be created.
- image-family
- The image family for the operating system that the boot disk will be initialized with. Compute Engine offers multiple Linux distributions, some of which are available as both regular and Shielded VM images. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use --image-family when the latest version of an image is needed.
- image-project
- 
The Google Cloud project against which all image and image family references
will be resolved. It is best practice to define image-project. A full list of
available image projects can be generated by running gcloud compute images list.- If specifying one of our public images, image-project must be provided.
- If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used.
- If not specified and either image or image-family is provided, the current default project is used.
 
- size
- 
The size of the disk. The value must be a whole number followed by a size unit
of KBMBGBTB10GB
- type
- 
The type of the disk. To get a list of available disk types, run $ gcloud compute disk-types
list. The default disk type is
pd-standard
- device-name
- 
An optional name to display the disk name in the guest operating system. If
omitted, a device name of the form persistent-disk-Nis used.
- provisioned-iops
- Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Value must be between 10,000 and 120,000.
- provisioned-throughput
- Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
- disk-resource-policy
- 
Resource policy to apply to the disk. Specify a full or partial URL. For
example:
- 
https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy
- 
projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy
 For more information, see the following docs: 
- 
- auto-delete
- 
If yesyes
- architecture
- Specifies the architecture or processor type that this disk can support. For available processor types on Compute Engine, see https://cloud.google.com/compute/docs/cpu-platforms.
- storage-pool
- The name of the storage pool in which the new disk is created. The new disk and the storage pool must be in the same location.
- interface
- 
The interface to use with the disk. The value must be one of the following:
- SCSI
- NVME
 
- boot
- 
If yesno
- kms-key
- 
Fully qualified Cloud KMS cryptokey name that will protect the disk.
This can either be the fully qualified path or the name. The fully qualified Cloud KMS cryptokey name format is: projects/<kms-project>/locations/<kms-location>/keyRings/<kms-keyring>/ cryptoKeys/<key-name>If the value is not fully qualified then kms-location, kms-keyring, and optionally kms-project are required. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. 
- kms-project
- 
Project that contains the Cloud KMS cryptokey that will protect the disk.
If the project is not specified then the project where the disk is being created will be used. If this flag is set then key-location, kms-keyring, and kms-key are required. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. 
- kms-location
- 
Location of the Cloud KMS cryptokey to be used for protecting the disk.
All Cloud KMS cryptokeys are reside in a 'location'. To get a list of possible locations run 'gcloud kms locations list'. If this flag is set then kms-keyring and kms-key are required. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. 
- kms-keyring
- 
The keyring which contains the Cloud KMS cryptokey that will protect the disk.
If this flag is set then kms-location and kms-key are required. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. 
- source-snapshot
- The source disk snapshot that will be used to create the disk. You can provide this as a full URL to the snapshot or just the snapshot name. For example, the following are valid values:
- source-snapshot-csek-required
- 
The CSK protected source disk snapshot that will be used to create the disk.
This can be provided as a full URL to the snapshot or just the snapshot name.
Must be specified with source-snapshot-csek-key-file. The following are valid values:
- source-snapshot-csek-key-file
- 
Path to a Customer-Supplied Encryption Key (CSEK) key file for the source
snapshot. Must be specified with source-snapshot-csek-required.
- source-instant-snapshot
- The source disk instant snapshot that will be used to create the disk. You can provide this as a full URL to the instant snapshot. For example, the following is a valid value:
- image-csek-required
- 
Specifies the name of the CSK protected image that the disk will be initialized
with. A new disk will be created based on the given image. To view a list of
public images and projects, run $ gcloud compute images list. It is best practice to use image when a specific version of an image is needed. If both image and image-family flags are omitted a blank disk will be created. Must be specified withimage-csek-key-file.
- image-csek-key-file
- 
Path to a Customer-Supplied Encryption Key (CSEK) key file for the image. Must
be specified with image-csek-required.
- multi-writer
- 
If yesno
- confidential-compute
- 
If yesno
- replica-zones
- Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone.
- labels
- 
List of label KEY=VALUE pairs separated by :character to add to the disk.Example: Key1=Value1:Key2=Value2:Key3=Value3. Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- source-snapshot-region
- The region of the source snapshot that will be used to create the disk. You can provide region name to use scoped snapshot as the source snapshot.
 
- --csek-key-file=- FILE
- 
Path to a Customer-Supplied Encryption Key (CSEK) key file that maps Compute
Engine resources to user managed keys to be used when creating, mounting, or
taking snapshots of disks.
If you pass -as value of the flag, the CSEK is read from stdin. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details.
- --deletion-protection
- Enables deletion protection for the instance.
- --description=- DESCRIPTION
- Specifies a textual description of the instances.
- --discard-local-ssds-at-termination-timestamp=- DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP
- 
Required to be set to trueand only allowed for VMs that have one or more local SSDs, use --instance-termination-action=STOP, and use either --max-run-duration or --termination-time.This flag indicates the value that you want Compute Engine to use for the --discard-local-ssdflag in the automaticgcloud compute instances stopcommand. This flag only supports thetruevalue, which discards local SSD data when automatically stopping this VM during itsterminationTimestamp.For more information about the --discard-local-ssdflag, see https://cloud.google.com/compute/docs/disks/local-ssd#stop_instance.
- --disk=[- auto-delete=- AUTO-DELETE],[- boot=- BOOT],[- device-name=- DEVICE-NAME],[- force-attach=- FORCE-ATTACH],[- interface=- INTERFACE],[- mode=- MODE],[- name=- NAME],[- scope=- SCOPE]
- 
Attaches an existing disk to the instances.
- name
- 
The disk to attach to the instances. If you create more than one instance, you
can only attach a disk in read-only mode. By default, you attach a zonal disk
located in the same zone of the instance. If you want to attach a regional disk,
you must specify the disk using its URI; for example,
projects/myproject/regions/us-central1/disks/my-regional-disk
- mode
- 
The mode of the disk. Supported options are
rorwrwrw
- boot
- 
If set to yesno
- device-name
- 
An optional name to display the disk name in the guest operating system. If
omitted, a device name of the form persistent-disk-Nis used.
- auto-delete
- 
If set to yesyes
- interface
- 
The interface to use for the disk. The value must be one of the following:
- SCSI
- NVME
 
- scope
- 
Can be zonalorregional. Ifzonalregionalzonal
- force-attach
- 
If yes
 
- --enable-display-device
- Enable a display device on VM instances. Disabled by default.
- --[no-]enable-nested-virtualization
- 
If set to true, enables nested virtualization for the instance. Use
--enable-nested-virtualizationto enable and--no-enable-nested-virtualizationto disable.
- --[no-]enable-uefi-networking
- 
If set to true, enables UEFI networking for the instance creation. Use
--enable-uefi-networkingto enable and--no-enable-uefi-networkingto disable.
- --enable-watchdog-timer
- Enable a watchdog timer device on VM instances. Disabled by default.
- --erase-windows-vss-signature
- Specifies whether the disk restored from source snapshots or source machine image should erase Windows specific VSS signature. See https://cloud.google.com/sdk/gcloud/reference/compute/disks/snapshot#--guest-flush
- --external-ipv6-address=- EXTERNAL_IPV6_ADDRESS
- Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
- --external-ipv6-prefix-length=- EXTERNAL_IPV6_PREFIX_LENGTH
- 
The prefix length of the external IPv6 address range. This field should be used
together with --external-ipv6-address. Only the /96 IP address range is supported, and the default value is 96.
- --graceful-shutdown
- Enables graceful shutdown for the instance.
- --graceful-shutdown-max-duration=- GRACEFUL_SHUTDOWN_MAX_DURATION
- Specifies the maximum time for the graceful shutdown. After this time, the instance is set to STOPPING even if tasks are still running. Specify the time as the number of hours, minutes, or seconds followed by h, m, and s respectively. For example, specify 30m for 30 minutes or 20m10s for 20 minutes and 10 seconds. The value must be between 1 second and 1 hour.
- --host-error-timeout-seconds=- HOST_ERROR_TIMEOUT_SECONDS
- The timeout in seconds for host error detection. The value must be set with 30 second increments, with a range of 90 to 330 seconds. If unset, the default behavior of the host error recovery is used.
- --hostname=- HOSTNAME
- Specify the hostname of the instance to be created. The specified hostname must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.
- --instance-termination-action=- INSTANCE_TERMINATION_ACTION
- 
Specifies the termination action that will be taken upon VM preemption
(--provisioning-model=SPOT) or automatic instance termination
(--max-run-duration or --termination-time).
INSTANCE_TERMINATION_ACTIONmust be one of:- DELETE
- Permanently delete the VM.
- STOP
- Default only for Spot VMs. Stop the VM without preserving memory. The VM can be restarted later.
 
- --internal-ipv6-address=- INTERNAL_IPV6_ADDRESS
- Assigns the given internal IPv6 address or range to the instance that is created. The address must be the first IP address in the range or from a /96 IP address range. This option can be used only when creating a single instance.
- --internal-ipv6-prefix-length=- INTERNAL_IPV6_PREFIX_LENGTH
- Optional field that indicates the prefix length of the internal IPv6 address range. It should be used together with --internal-ipv6-address. Only /96 IP address range is supported and the default value is 96. If not set, either the prefix length from --internal-ipv6-address will be used or the default value of 96 will be assigned.
- --ipv6-address=- IPV6_ADDRESS
- Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
- --ipv6-network-tier=- IPV6_NETWORK_TIER
- 
Specifies the IPv6 network tier that will be used to configure the instance
network interface IPv6 access config. IPV6_NETWORK_TIERmust be (only one value is supported):- PREMIUM
- High quality, Google-grade network tier.
 
- --ipv6-prefix-length=- IPV6_PREFIX_LENGTH
- 
The prefix length of the external IPv6 address range. This field should be used
together with --ipv6-address. Only the /96 IP address range is supported, and the default value is 96.
- --ipv6-public-ptr-domain=- IPV6_PUBLIC_PTR_DOMAIN
- 
Assigns a custom PTR domain for the external IPv6 in the IPv6 access
configuration of instance. If unspecified or specified to be an empty string,
the default PTR record will be used. This option can only be specified for the
default network interface, nic0
- --key-revocation-action-type=- POLICY
- 
Specifies the behavior of the instance when the KMS key of one of its attached
disks is revoked. The default is none. POLICYmust be one of:- none
- No operation is performed.
- stop
- The instance is stopped when the KMS key of one of its attached disks is revoked.
 
- --labels=[- KEY=- VALUE,…]
- 
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens ( -), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- --local-nvdimm=[- size=- SIZE]
- 
Attaches a local NVDIMM to the instances.
- size
- 
Optional. Size of the NVDIMM disk. The value must be a whole number followed by
a size unit of KBMBGBTB3TB
 
- --local-ssd=[- device-name=- DEVICE-NAME],[- interface=- INTERFACE],[- size=- SIZE]
- 
Attaches a local SSD to the instances.
- device-name
- 
Optional. A name that indicates the disk name the guest operating system will
see. Can only be specified if interfaceisSCSI. If omitted, a device name of the formlocal-ssd-N
- interface
- 
Optional. The kind of disk interface exposed to the VM for this SSD. Valid
values are SCSINVME
- size
- 
Optional. The only valid value is 375GB--local-ssd375GB9TB
 
- --local-ssd-recovery-timeout=- LOCAL_SSD_RECOVERY_TIMEOUT
- Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour.
- --machine-type=- MACHINE_TYPE
- Specifies the machine type used for the instances. To get a list of available machine types, run 'gcloud compute machine-types list'. If unspecified, the default type is n1-standard-1.
- --maintenance-freeze-duration=- MAINTENANCE_FREEZE_DURATION
- 
Specifies the amount of hours after instance creation where the instance won't
be scheduled for maintenance, e.g. 4h,2d6h. See $ gcloud topic datetimes for information on duration formats.
- --maintenance-interval=- MAINTENANCE_INTERVAL
- 
Specifies how infrastructure upgrades should be applied to the VM.
MAINTENANCE_INTERVALmust be one of:- PERIODIC
- VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. Security updates will still be applied as soon as they are available.
- RECURRENT
- VMs receive infrastructure and hypervisor updates on a periodic basis, minimizing the number of maintenance operations (live migrations or terminations) on an individual VM. This may mean a VM will take longer to receive an update than if it was configured for AS_NEEDED. Security updates will still be applied as soonas they are available. RECURRENT is used for GEN3 and Sliceof Hardware VMs.
 
- --max-run-duration=- MAX_RUN_DURATION
- 
Limits how long this VM instance can run, specified as a duration relative to
the last time when the VM began running. Format the duration, MAX_RUN_DURATION,
as the number of days, hours, minutes, and seconds followed by d, h, m, and s
respectively. For example, specify 30mfor a duration of 30 minutes or specify1d2h3m4sfor a duration of 1 day, 2 hours, 3 minutes, and 4 seconds. Alternatively, to specify a timestamp, use --termination-time instead.If neither --max-run-duration nor --termination-time is specified (default), the VM instance runs until prompted by a user action or system event. If either is specified, the VM instance is scheduled to be automatically terminated at the VM's termination timestamp ( terminationTimestamp) using the action specified by --instance-termination-action.Note: The terminationTimestampis removed whenever the VM is stopped or suspended and redefined whenever the VM is rerun. For --max-run-duration specifically, theterminationTimestampis the sum of MAX_RUN_DURATION and the time when the VM last entered theRUNNINGstate, which changes whenever the VM is rerun.
- --metadata=- KEY=- VALUE,[- KEY=- VALUE,…]
- 
Metadata to be made available to the guest operating system running on the
instances. Each metadata entry is a key/value pair separated by an equals sign.
Each metadata key must be unique and have a max of 128 bytes in length. Each
value must have a max of 256 KB in length. Multiple arguments can be passed to
this flag, e.g., --metadata key-1=value-1,key-2=value-2,key-3=value-3In images that have Compute Engine tools installed on them, such as the official images, the following metadata keys have special meanings: - startup-script
- 
Specifies a script that will be executed by the instances once they start
running. For convenience,
--metadata-from-file
- startup-script-url
- 
Same as startup-scriptwindows-startup-script-urlwindows-startup-script-cmdwindows-startup-script-batwindows-startup-script-ps1sysprep-specialize-script-urlsysprep-specialize-script-cmdsysprep-specialize-script-batsysprep-specialize-script-ps1
 
- --metadata-from-file=- KEY=- LOCAL_FILE_PATH,[…]
- 
Same as --metadatastartup-script
- --min-cpu-platform=- PLATFORM
- 
When specified, the VM will be scheduled on host with specified CPU architecture
or a newer one. To list available CPU platforms in given zone, run:
gcloud alpha compute zones describe ZONE --format="value(availableCpuPlatforms)"Default setting is "AUTOMATIC". CPU platform selection is available only in selected zones. You can find more information on-line: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform 
- --min-node-cpu=- MIN_NODE_CPU
- Minimum number of virtual CPUs this instance will consume when running on a sole-tenant node.
- --network=- NETWORK
- 
Specifies the network that the VM instances are a part of. If
--subnetis also specified, subnet must be a subnetwork of the network specified by this--networkflag. If neither is specified, the default network is used.
- --network-performance-configs=[- PROPERTY=- VALUE,…]
- 
Configures network performance settings for the instance. If this flag is not
specified, the instance will be created with its default network performance
configuration.
- total-egress-bandwidth-tier
- Total egress bandwidth is the available outbound bandwidth from a VM, regardless of whether the traffic is going to internal IP or external IP destinations. The following tier values are allowed: [DEFAULT,TIER_1]
 
- --network-tier=- NETWORK_TIER
- 
Specifies the network tier that will be used to configure the instance.
NETWORK_TIERPREMIUM,STANDARD. The default value isPREMIUM.
- --node-project=- NODE_PROJECT
- The name of the project with shared sole tenant node groups to create an instance in.
- --numa-node-count=- NUMA_NODE_COUNT
- The number of virtual NUMA nodes for the instance. Valid values are: 0, 1, 2, 4 or 8. Setting NUMA node count to 0 means using the default setting.
- --partner-metadata=[- NAMESPACE/- KEY=- VALUE,…]
- Partner metadata specifying namespace and its entries. The entries can be key-value pairs or in json format.
- --partner-metadata-from-file=- LOCAL_FILE_PATH
- Path to a local json file containing partner metadata. Use a full or relative path to a local file containing the value of partner_metadata.
- --performance-monitoring-unit=- PERFORMANCE_MONITORING_UNIT
- 
The type of performance monitoring counters (PMCs) to enable in the instance.
PERFORMANCE_MONITORING_UNITmust be one of:- architectural
- This enables architecturally defined non-last level cache (LLC) events.
- enhanced
- This enables most documented core/L2 and LLC events.
- standard
- This enables most documented core/L2 events.
 
- --post-key-revocation-action-type=- POLICY
- 
Specifies the behavior of the instance when the KMS key of one of its attached
disks is revoked. The default is noop. POLICYmust be one of:- noop
- No operation is performed.
- shutdown
- The instance is shut down when the KMS key of one of its attached disks is revoked.
 
- --preemptible
- If provided, instances will be preemptible and time-limited. Instances might be preempted to free up resources for standard VM instances, and will only be able to run for a limited amount of time. Preemptible instances can not be restarted and will not migrate.
- --preemption-notice-duration=- PREEMPTION_NOTICE_DURATION
- Specifies the metadata preemption notice duration before the ACPI G2 soft off signal is triggered for Spot VMs. e.g. 120s.
- --private-ipv6-google-access-type=- PRIVATE_IPV6_GOOGLE_ACCESS_TYPE
- 
The private IPv6 Google access type for the VM.
PRIVATE_IPV6_GOOGLE_ACCESS_TYPEmust be one of:enable-bidirectional-access,enable-outbound-vm-access,inherit-subnetwork.
- --private-network-ip=- PRIVATE_NETWORK_IP
- Specifies the RFC1918 IP to assign to the instance. The IP should be in the subnet or legacy network IP range.
- --provisioning-model=- PROVISIONING_MODEL
- 
Specifies the provisioning model for your VM instances. This choice affects the
price, availability, and how long your VM instances can run.
PROVISIONING_MODELmust be one of:- FLEX_START
- The VM instance is provisioned using the Flex Start provisioning model and has a limited runtime.
- RESERVATION_BOUND
- The VM instances run for the entire duration of their associated reservation. You can only specify this provisioning model if you want your VM instances to consume a specific reservation with either a calendar reservation mode or a dense deployment type.
- SPOT
- Compute Engine may stop a Spot VM instance whenever it needs capacity. Because Spot VM instances don't have a guaranteed runtime, they come at a discounted price.
- STANDARD
- The default option. The STANDARD provisioning model gives you full control over your VM instances' runtime.
 
- --request-valid-for-duration=- REQUEST_VALID_FOR_DURATION
- 
When you create an instance by using the FLEX_START provisioning model, you can
specify the duration to wait for available resources. If the instance creation
request is still pending after this duration, then the request fails. You
specify a duration by using numbers followed by h,m, andsfor hours, minutes, and seconds, respectively. For example, specify30mfor a duration of 30 minutes, or1h2m3sfor 1 hour, 2 minutes, and 3 seconds. Longer durations give you higher chances that your instance creation request succeeds when resources are in high demand.
- --require-csek-key-create
- 
Refuse to create resources not protected by a user managed key in the key file
when --csek-key-file is given. This behavior is enabled by default to prevent
incorrect gcloud invocations from accidentally creating resources with no user
managed key. Disabling the check allows creation of some resources without a
matching Customer-Supplied Encryption Key in the supplied --csek-key-file. See
https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
for more details. Enabled by default, use
--no-require-csek-key-createto disable.
- Specifies a list of resource manager tags to apply to the instance.
- --resource-policies=[- RESOURCE_POLICY,…]
- A list of resource policy names to be added to the instance. The policies must exist in the same region as the instance.
- --restart-on-failure
- 
The instances will be restarted if they are terminated by Compute Engine. This
does not affect terminations performed by the user. Enabled by default, use
--no-restart-on-failureto disable.
- 
Specifies a list of secure tags to apply to the instance. These tags allow
network firewall rules and routes to be applied to specified VM instances. See
gcloud compute network firewall-policies rules create(1) for more details.
- --shielded-integrity-monitoring
- 
Enables monitoring and attestation of the boot integrity of the instance. The
attestation is performed against the integrity policy baseline. This baseline is
initially derived from the implicitly trusted boot image when the instance is
created. This baseline can be updated by using gcloud compute instances update --shielded-learn-integrity-policy. On Shielded VM instances, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. For information about monitoring integrity on Shielded VM instances, see https://cloud.google.com/compute/docs/instances/integrity-monitoring."
- --shielded-secure-boot
- The instance boots with secure boot enabled. On Shielded VM instances, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm.
- --shielded-vtpm
- The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VM instances, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm.
- --[no-]skip-guest-os-shutdown
- 
If enabled, then, when the instance is stopped or deleted, the instance is
immediately stopped without giving time to the guest OS to cleanly shut down.
Use --skip-guest-os-shutdownto enable and--no-skip-guest-os-shutdownto disable.
- --source-instance-template=- SOURCE_INSTANCE_TEMPLATE
- 
The name of the instance template that the instance will be created from. An
instance template can be a global/regional resource.
Users can override instance properties using other flags. 
- --source-machine-image=- SOURCE_MACHINE_IMAGE
- The name of the machine image that the instance will be created from.
- --source-machine-image-csek-key-file=- FILE
- Path to a Customer-Supplied Encryption Key (CSEK) key file, mapping resources to user managed keys which were used to encrypt the source machine-image. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details.
- --stack-type=- STACK_TYPE
- 
Specifies whether IPv6 is enabled on the default network interface. If not
specified, IPV4_ONLY will be used. STACK_TYPEmust be one of:- IPV4_IPV6
- The network interface can have both IPv4 and IPv6 addresses
- IPV4_ONLY
- The network interface will be assigned IPv4 addresses
- IPV6_ONLY
- The network interface will be assigned IPv6 addresses
 
- --subnet=- SUBNET
- 
Specifies the subnet that the VM instances are a part of. If
--networkis also specified, subnet must be a subnetwork of the network specified by the--networkflag.
- 
Specifies a list of tags to apply to the instance. These tags allow network
firewall rules and routes to be applied to specified VM instances. See gcloud compute firewall-rules create(1) for more details.To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags To list instances with their respective status and tags, run: gcloud compute instances list --format='table(name,status,tags.list())'To list instances tagged with a specific tag, tag1, run:gcloud compute instances list --filter='tags:tag1'
- --termination-time=- TERMINATION_TIME
- 
Limits how long this VM instance can run, specified as a time. Format the time,
TERMINATION_TIME, as a RFC 3339 timestamp. For more information, see https://tools.ietf.org/html/rfc3339.
Alternatively, to specify a duration, use --max-run-duration instead.
If neither --termination-time nor --max-run-duration is specified (default), the VM instance runs until prompted by a user action or system event. If either is specified, the VM instance is scheduled to be automatically terminated at the VM's termination timestamp ( terminationTimestamp) using the action specified by --instance-termination-action.Note: The terminationTimestampis removed whenever the VM is stopped or suspended and redefined whenever the VM is rerun. For --termination-time specifically, theterminationTimestampremains the same whenever the VM is rerun, but any requests to rerun the VM fail if the specified timestamp is in the past.
- --threads-per-core=- THREADS_PER_CORE
- 
The number of visible threads per physical core. To disable simultaneous
multithreading (SMT) set this to 1. Valid values are: 1 or 2.
For more information about configuring SMT, see: https://cloud.google.com/compute/docs/instances/configuring-simultaneous-multithreading. 
- --turbo-mode=- TURBO_MODE
- 
Turbo mode to use for the instance. Supported modes include:
- ALL_CORE_MAX
 To achieve all-core-turbo frequency for more consistent CPU performance, set the field to ALL_CORE_MAX. The field is unset by default, which results in maximum performance single-core boosting. 
- --visible-core-count=- VISIBLE_CORE_COUNT
- The number of physical cores to expose to the instance's guest operating system. The number of virtual CPUs visible to the instance's guest operating system is this number of cores multiplied by the instance's count of visible threads per physical core.
- --zone=- ZONE
- 
Zone of the instances to create. If not specified and the
compute/zoneTo avoid prompting when this flag is omitted, you can set the compute/zonegcloud config set compute/zone ZONEA list of zones can be fetched by running: gcloud compute zones listTo unset the property, run: gcloud config unset compute/zoneAlternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE
- 
At most one of these can be specified:
- --address=- ADDRESS
- Assigns the given external address to the instance that is created. The address might be an IP address or the name or URI of an address resource. This option can only be used when creating a single instance.
- --no-address
- If provided, the instances are not assigned external IP addresses. To pull container images, you must configure private Google access if using Container Registry or configure Cloud NAT for instances to access container images directly. For more information, see:
 
- 
Key resource - The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the disk. The 'Compute Engine Service Agent' service account
must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in
this group can be used to specify the attributes of this resource.
- --boot-disk-kms-key=- BOOT_DISK_KMS_KEY
- 
ID of the key or fully qualified identifier for the key.
To set the kms-keyattribute:- 
provide the argument --boot-disk-kms-keyon the command line.
 This flag argument must be specified if any of the other arguments in this group are specified. 
- 
provide the argument 
- --boot-disk-kms-keyring=- BOOT_DISK_KMS_KEYRING
- 
The KMS keyring of the key.
To set the kms-keyringattribute:- 
provide the argument --boot-disk-kms-keyon the command line with a fully specified name;
- 
provide the argument --boot-disk-kms-keyringon the command line.
 
- 
provide the argument 
- --boot-disk-kms-location=- BOOT_DISK_KMS_LOCATION
- 
The Google Cloud location for the key.
To set the kms-locationattribute:- 
provide the argument --boot-disk-kms-keyon the command line with a fully specified name;
- 
provide the argument --boot-disk-kms-locationon the command line.
 
- 
provide the argument 
- --boot-disk-kms-project=- BOOT_DISK_KMS_PROJECT
- 
The Google Cloud project for the key.
To set the kms-projectattribute:- 
provide the argument --boot-disk-kms-keyon the command line with a fully specified name;
- 
provide the argument --boot-disk-kms-projecton the command line;
- 
set the property core/project.
 
- 
provide the argument 
 
- 
At most one of these can be specified:
- --confidential-compute
- 
(DEPRECATED) The instance boots with Confidential Computing enabled.
Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMD
virtualization feature for running confidential instances.
The --confidential-compute flag will soon be deprecated. Please use --confidential-compute-type=SEVinstead
- --confidential-compute-type=- CONFIDENTIAL_COMPUTE_TYPE
- 
The instance boots with Confidential Computing enabled. Confidential Computing
can be based on Secure Encrypted Virtualization (SEV) or Secure Encrypted
Virtualization - Secure Nested Paging (SEV-SNP), both of which are AMD
virtualization features for running confidential instances. Trust Domain
eXtension based on Intel virtualization features for running confidential
instances is also supported. CONFIDENTIAL_COMPUTE_TYPEmust be one of:- SEV
- Secure Encrypted Virtualization
- SEV_SNP
- Secure Encrypted Virtualization - Secure Nested Paging
- TDX
- Trust Domain eXtension
 
 
- 
Custom machine type extensions.
- --custom-cpu=- CUSTOM_CPU
- 
A whole number value specifying the number of cores that are needed in the
custom machine type.
For some machine types, shared-core values can also be used. For example, for E2 machine types, you can specify micro,small, ormedium.This flag argument must be specified if any of the other arguments in this group are specified. 
- --custom-memory=- CUSTOM_MEMORY
- 
A whole number value indicating how much memory is desired in the custom machine
type. A size unit should be provided (eg. 3072MB or 9GB) - if no units are
specified, GB is assumed.
This flag argument must be specified if any of the other arguments in this group are specified. 
- --custom-extensions
- Use the extended custom machine type.
- --custom-vm-type=- CUSTOM_VM_TYPE
- 
Specifies a custom machine type. The default is n1. For more information about custom machine types, see: https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types
 
- --image-family-scope=- IMAGE_FAMILY_SCOPE
- 
Sets the scope for the --image-familyflag. By default, when specifying an image family in a public image project, the zonal image family scope is used. All other projects default to the global image. Use this flag to override this behavior.IMAGE_FAMILY_SCOPEmust be one of:zonal,global.
- --image-project=- IMAGE_PROJECT
- 
The Google Cloud project against which all image and image family references
will be resolved. It is best practice to define image-project. A full list of
available projects can be generated by running gcloud projects list.- If specifying one of our public images, image-project must be provided.
- If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used.
- If not specified and either image or image-family is provided, the current default project is used.
 
- --source-snapshot-region=- SOURCE_SNAPSHOT_REGION
- 
Sets the region for the --source-snapshotflag. By default, when specifying a snapshot, the global snapshot scope is used. Use this flag to override this behavior to use regionally scoped snapshots.
- 
At most one of these can be specified:
- --image=- IMAGE
- 
Specifies the boot image for the instances. For each instance, a new boot disk
will be created from the given image. Each boot disk will have the same name as
the instance. To view a list of public images and projects, run $ gcloud compute images list. It is best practice to use--imagewhen a specific version of an image is needed.When using this option, --boot-disk-device-name--boot-disk-size
- --image-family=- IMAGE_FAMILY
- 
The image family for the operating system that the boot disk will be initialized
with. Compute Engine offers multiple Linux distributions, some of which are
available as both regular and Shielded VM images. When a family is specified
instead of an image, the latest non-deprecated image associated with that family
is used. It is best practice to use --image-familywhen the latest version of an image is needed.By default, debian-12
- --source-instant-snapshot=- SOURCE_INSTANT_SNAPSHOT
- The name of the source disk instant snapshot that the instance boot disk will be created from. You can provide this as a full URL to the instant snapshot. For example, the following is a valid value:
- --source-snapshot=- SOURCE_SNAPSHOT
- The name of the source disk snapshot that the instance boot disk will be created from. You can provide this as a full URL to the snapshot or just the snapshot name. For example, the following are valid values:
 
- 
Key resource - The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the instance. The 'Compute Engine Service Agent' service account
must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in
this group can be used to specify the attributes of this resource.
- --instance-kms-key=- INSTANCE_KMS_KEY
- 
ID of the key or fully qualified identifier for the key.
To set the kms-keyattribute:- 
provide the argument --instance-kms-keyon the command line.
 This flag argument must be specified if any of the other arguments in this group are specified. 
- 
provide the argument 
- --instance-kms-keyring=- INSTANCE_KMS_KEYRING
- 
The KMS keyring of the key.
To set the kms-keyringattribute:- 
provide the argument --instance-kms-keyon the command line with a fully specified name;
- 
provide the argument --instance-kms-keyringon the command line.
 
- 
provide the argument 
- --instance-kms-location=- INSTANCE_KMS_LOCATION
- 
The Google Cloud location for the key.
To set the kms-locationattribute:- 
provide the argument --instance-kms-keyon the command line with a fully specified name;
- 
provide the argument --instance-kms-locationon the command line.
 
- 
provide the argument 
- --instance-kms-project=- INSTANCE_KMS_PROJECT
- 
The Google Cloud project for the key.
To set the kms-projectattribute:- 
provide the argument --instance-kms-keyon the command line with a fully specified name;
- 
provide the argument --instance-kms-projecton the command line;
- 
set the property core/project.
 
- 
provide the argument 
 
- 
Maintenance Behavior.
At most one of these can be specified: - --maintenance-policy=- MAINTENANCE_POLICY
- 
(DEPRECATED) Specifies the behavior of the VMs when their host machines undergo
maintenance. The default is MIGRATE. For more information, see https://cloud.google.com/compute/docs/instances/host-maintenance-options.
The --maintenance-policy flag is now deprecated. Please use --on-host-maintenanceinstead.MAINTENANCE_POLICYmust be one of:- MIGRATE
- The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.
- TERMINATE
- The instances should be terminated.
 
- --on-host-maintenance=- MAINTENANCE_POLICY
- 
Specifies the behavior of the VMs when their host machines undergo maintenance.
The default is MIGRATE. For more information, see https://cloud.google.com/compute/docs/instances/host-maintenance-options.
MAINTENANCE_POLICYmust be one of:- MIGRATE
- The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.
- TERMINATE
- The instances should be terminated.
 
 
- 
At most one of these can be specified:
- --network-interface=[- PROPERTY=- VALUE,…]
- 
Adds a network interface to the instance. Mutually exclusive with any of these
flags: --address,--network,--network-tier,--subnet,--private-network-ip,--stack-type,--ipv6-network-tier,--internal-ipv6-address,--internal-ipv6-prefix-length,--ipv6-address,--ipv6-prefix-length,--external-ipv6-address,--external-ipv6-prefix-length,--ipv6-public-ptr-domain. This flag can be repeated to specify multiple network interfaces.The following keys are allowed: - address
- Assigns the given external address to the instance that is created. Specifying an empty string will assign an ephemeral IP. Mutually exclusive with no-address. If neither key is present the instance will get an ephemeral IP.
- network
- Specifies the network that the interface will be part of. If subnet is also specified it must be subnetwork of this network. If neither is specified, this defaults to the "default" network.
- no-address
- If specified the interface will have no external IP. Mutually exclusive with address. If neither key is present the instance will get an ephemeral IP.
- network-tier
- 
Specifies the network tier of the interface.
NETWORK_TIERPREMIUM,STANDARD. The default value isPREMIUM.
- private-network-ip
- Assigns the given RFC1918 IP address to the interface.
- subnet
- Specifies the subnet that the interface will be part of. If network key is also specified this must be a subnetwork of the specified network.
- nic-type
- 
Specifies the Network Interface Controller (NIC) type for the interface.
NIC_TYPEGVNIC,VIRTIO_NET.
- queue-count
- Specifies the networking queue count for this interface. Both Rx and Tx queues will be set to this number. If it's not specified, a default queue count will be assigned. See https://cloud.google.com/compute/docs/network-bandwidth#rx-tx for more details.
- stack-type
- 
Specifies whether IPv6 is enabled on the interface.
STACK_TYPEIPV4_ONLY,IPV4_IPV6,IPV6_ONLY. The default value isIPV4_ONLY.
- ipv6-network-tier
- 
Specifies the IPv6 network tier that will be used to configure the instance
network interface IPv6 access config.
IPV6_NETWORK_TIERPREMIUM(currently only one value is supported).
- internal-ipv6-address
- Assigns the given internal IPv6 address or range to the instance that is created. The address must be the first IP address in the range or from a /96 IP address range. This option can be used only when creating a single instance.
- internal-ipv6-prefix-length
- Optional field that indicates the prefix length of the internal IPv6 address range. It should be used together with internal-ipv6-address. Only /96 IP address range is supported and the default value is 96. If not set, either the prefix length from --internal-ipv6-address will be used or the default value of 96 will be assigned.
- external-ipv6-address
- Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
- external-ipv6-prefix-length
- The prefix length of the external IPv6 address range. This field should be used together with external-ipv6-address. Only the /96 IP address range is supported, and the default value is 96.
- ipv6-public-ptr-domain
- 
Assigns a custom PTR domain for the external IPv6 in the IPv6 access
configuration of instance. If its value is not specified, the default PTR record
will be used. This option can only be specified for the default network
interface, nic0.
- aliases
- 
Specifies the IP alias ranges to allocate for this interface. If there are
multiple IP alias ranges, they are separated by semicolons.
For example: --aliases="10.128.1.0/24;range1:/32" 192.168.100.0/24), a single IP address (e.g.192.168.100.1), or a netmask in CIDR format (e.g./24). If the IP range is specified by CIDR range or single IP address, it must belong to the CIDR range specified by the range name on the subnet. If the IP range is specified by netmask, the IP allocator will pick an available range with the specified netmask and allocate it to this network interface.
- network-attachment
- 
Specifies the network attachment that this interface should connect to. Mutually
exclusive with --networkand--subnetflags.
- enable-vpc-scoped-dns
- If specified with network_attachment, DNS resolution will be enabled over this interface.
- vlan
- VLAN ID of a Dynamic Network Interface, must be an integer in the range from 2 to 255 inclusively.
- igmp-query
- 
Determines if the Compute Engine Instance can receive and respond to IGMP query
packets on the specified network interface.
IGMP_QUERYIGMP_QUERY_V2,IGMP_QUERY_DISABLED. It is disabled by default.
 
- --network-interface-from-file=- KEY=- LOCAL_FILE_PATH
- 
Same as --network-interface except that the value for the entry will be read
from a local file. This is used in case subinterfaces need to be specified. All
field names in the json follow lowerCamelCase.
The following additional key is allowed: subinterfaces Specifies the list of subinterfaces assigned to this network interface of the instance. The following keys are allowed: subnetwork: Specifies the subnet that the subinterface will be part of. The subnet should have l2-enable set and VLAN tagged. vlan: Specifies the VLAN of the subinterface. Can have a value between 2-4094. This should be the same VLAN as the subnet. VLAN tag within a network interface is unique. ipAddress: Optional. Specifies the ip address of the subinterface. If not specified, an ip address will be allocated from subnet ip range. An example json looks like: [ { "network":"global/networks/network-example", "subnetwork":"projects/example-project/regions/us-central1/subnetworks/untagged-subnet", "subinterfaces":[ { "subnetwork":"projects/example-project/regions/us-central1/subnetworks/tagged-subnet", "vlan":2, "ipAddress":"111.11.11.1" } ] } ]. Use a full or relative path to a local file containing the value of network_interface. 
- --network-interface-from-json-string=- NETWORK_INTERFACE_JSON_STRING
- Same as --network-interface-from-file except that the value for the entry will be a json string. This can also be used in case subinterfaces need to be specified. All field names in the json follow lowerCamelCase.
 
- 
Sole Tenancy.
At most one of these can be specified: - --node=- NODE
- The name of the node to schedule this instance on.
- --node-affinity-file=- PATH_TO_FILE
- 
The JSON/YAML file containing the configuration of desired nodes onto which this
instance could be scheduled. These rules filter the nodes according to their
node affinity labels. A node's affinity labels come from the node template of
the group the node is in.
The file should contain a list of a JSON/YAML objects. For an example, see https://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#configure_node_affinity_labels. The following list describes the fields: - key
- Corresponds to the node affinity label keys of the Node resource.
- operator
- 
Specifies the node selection type. Must be one of: IN: Requires Compute Engine to seek for matched nodes.NOT_IN: Requires Compute Engine to avoid certain nodes.
- values
- 
Optional. A list of values which correspond to the node affinity label values of
the Node resource.
Use a full or relative path to a local file containing the value of node_affinity_file. 
 
- --node-group=- NODE_GROUP
- The name of the node group to schedule this instance on.
 
- 
At most one of these can be specified:
- --public-dns
- Assigns a public DNS name to the instance.
- --no-public-dns
- If provided, the instance will not be assigned a public DNS name.
 
- 
At most one of these can be specified:
- --public-ptr
- Creates a DNS PTR record for the external IP of the instance.
- --no-public-ptr
- If provided, no DNS PTR record is created for the external IP of the instance. Mutually exclusive with public-ptr-domain.
 
- 
At most one of these can be specified:
- --public-ptr-domain=- PUBLIC_PTR_DOMAIN
- Assigns a custom PTR domain for the external IP of the instance. Mutually exclusive with no-public-ptr.
- --no-public-ptr-domain
- If both this flag and --public-ptr are specified, creates a DNS PTR record for the external IP of the instance with the PTR domain name being the DNS name of the instance.
 
- 
Specifies the reservation for the instance.
- --reservation=- RESERVATION
- 
The name of the reservation, required when --reservation-affinityis one of:specific,specific-then-any-reservationorspecific-then-no-reservation.
- --reservation-affinity=- RESERVATION_AFFINITY; default="any"
- 
The type of reservation for the instance.
RESERVATION_AFFINITYmust be one of:- any
- Consume any available, matching reservation.
- none
- Do not consume from any reserved capacity.
- specific
- Must consume from a specific reservation.
- specific-then-any-reservation
- Prefer to consume from a specific reservation, but still consume any available matching reservation if the specified reservation is not available or exhausted.
- specific-then-no-reservation
- Prefer to consume from a specific reservation, but still consume from the on-demand pool if the specified reservation is not available or exhausted.
 
 
- 
At most one of these can be specified:
- --scopes=[- SCOPE,…]
- 
If not provided, the instance will be assigned the default scopes, described
below. However, if neither --scopesnor--no-scopesare specified and the project has no default service account, then the instance will be created with no scopes. Note that the level of access that a service account has is determined by a combination of access scopes and IAM roles so you must configure both access scopes and IAM roles for the service account to work properly.SCOPE can be either the full URI of the scope or an alias. Defaultscopes are assigned to all instances. Available aliases are:
 DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope andAlias URI bigquery https://www.googleapis.com/auth/bigquery cloud-platform https://www.googleapis.com/auth/cloud-platform cloud-source-repos https://www.googleapis.com/auth/source.full_control cloud-source-repos-ro https://www.googleapis.com/auth/source.read_only compute-ro https://www.googleapis.com/auth/compute.readonly compute-rw https://www.googleapis.com/auth/compute datastore https://www.googleapis.com/auth/datastore default https://www.googleapis.com/auth/devstorage.read_only https://www.googleapis.com/auth/logging.write https://www.googleapis.com/auth/monitoring.write https://www.googleapis.com/auth/pubsub https://www.googleapis.com/auth/service.management.readonly https://www.googleapis.com/auth/servicecontrol https://www.googleapis.com/auth/trace.append gke-default https://www.googleapis.com/auth/devstorage.read_only https://www.googleapis.com/auth/logging.write https://www.googleapis.com/auth/monitoring https://www.googleapis.com/auth/service.management.readonly https://www.googleapis.com/auth/servicecontrol https://www.googleapis.com/auth/trace.append logging-write https://www.googleapis.com/auth/logging.write monitoring https://www.googleapis.com/auth/monitoring monitoring-read https://www.googleapis.com/auth/monitoring.read monitoring-write https://www.googleapis.com/auth/monitoring.write pubsub https://www.googleapis.com/auth/pubsub service-control https://www.googleapis.com/auth/servicecontrol service-management https://www.googleapis.com/auth/service.management.readonly sql (deprecated) https://www.googleapis.com/auth/sqlservice sql-admin https://www.googleapis.com/auth/sqlservice.admin storage-full https://www.googleapis.com/auth/devstorage.full_control storage-ro https://www.googleapis.com/auth/devstorage.read_only storage-rw https://www.googleapis.com/auth/devstorage.read_write taskqueue https://www.googleapis.com/auth/taskqueue trace https://www.googleapis.com/auth/trace.append userinfo-email https://www.googleapis.com/auth/userinfo.email sqlalias do not provide SQL instance management capabilities and have been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin orsql-adminto manage your Google SQL Service instances.
- --no-scopes
- Create instance without scopes
 
- 
At most one of these can be specified:
- --service-account=- SERVICE_ACCOUNT
- 
A service account is an identity attached to the instance. Its access tokens can
be accessed through the instance metadata server and are used to authenticate
applications on the instance. The account can be set using an email address
corresponding to the required service account.
If not provided, the instance will use the project's default service account. 
- --no-service-account
- Create instance without service account
 
 
- GCLOUD WIDE FLAGS
- 
These flags are available to all commands: --access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run $ gcloud helpfor details.
- NOTES
- 
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud compute instances creategcloud beta compute instances create
      gcloud alpha compute instances create
  
  
  Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-30 UTC.