Create a persistent disk from a data source

You can use a persistent disk as a boot disk for a virtual machine (VM) instance, or as a data disk that you attach to a VM. When creating a persistent disk, you can either create a blank persistent disk, or create a disk from a source so that the new disk contains data from that source.

Data sources

You can create persistent disks from the following data sources:

Existing disks: Clone an existing persistent disk. Use this option if you need an instantly attachable copy of an existing non-boot persistent disk.
Snapshots: Create a non-boot disk from a source snapshot. Use this option to restore data from a persistent disk that you've backed up using snapshots.
Images: Create a boot disk from a source image. Use this option to create a boot disk for a new VM or to create a standalone boot persistent disk.

Before you begin

If you want to use the command-line examples in this guide, do the following:
1. Install or update to the latest version of the Google Cloud CLI.
2. Set a default region and zone.
If you want to use the API examples in this guide, set up API access.

Create a disk clone from an existing disk

You can create a new persistent disk clone from an existing persistent disk, even if the existing disk is attached to a VM instance. When you clone a disk, you create a new disk that contains all the data on the source disk. You can modify properties on that clone, such as the size. You can also delete the source disk without any risk of deleting the clone.

The ability to clone disks is useful for duplicating production data to debug without disturbing production, duplicating disks while scaling out your VMs, and creating replicas for database backup verification. You can also clone disks to move non-boot disk data to a new project. For scenarios where data protection is required for additional resilience, such as backup and disaster recovery, we recommend using snapshots instead of disk clones.

Restrictions

The disk type of the clone must be the same as that of the source disk.
You cannot create a zonal disk clone from a regional disk.
You cannot create a zonal disk clone of an existing zonal disk in a different zone.
The size of the clone must be at least the size of the source disk. If you create a clone using the Google Cloud console, you cannot specify a disk size and the clone is the same size as the source disk.
If you use a customer-supplied encryption key or a customer-managed encryption key to encrypt the source disk, you must use the same key to encrypt the clone. For more information, see Creating a clone of an encrypted source disk.
You can create at most one clone of a given source disk or its clones every 30 seconds.
You can have at most 1000 simultaneous disk clones of a given source disk or its clones. Exceeding this limit returns an internalError. However, if you create a disk clone and delete it later, then the deleted disk clone is not included in this limit.
Once a disk is cloned, any subsequent clones of that disk or its clones are counted against the limit of 1000 simultaneous disk clones for the original source disk and are counted against the limit of creating at most one clone every 30 seconds.

Error messages

If you exceed the cloning frequency limits, the request fails with the following error:

RATE LIMIT: ERROR: (gcloud.compute.disks.create) Could not fetch resource:
 - Operation rate exceeded for resource RESOURCE. Too frequent operations from the source resource.

Create a disk clone

You can clone an existing disk into a new disk using either the Google Cloud console, the Google Cloud CLI, or the Compute Engine API.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.disks.create on the project
compute.disks.useReadOnly on the source disk

Console

In the Google Cloud console, go to the Disks page.

Go to Disks
In the list of zonal persistent disks, find the disk that you want to clone.
Click the menu button under Actions and select Clone disk.
In the Clone disk panel, specify a name for the new disk.
Under Properties, review other details for the new disk.
Click Save.

gcloud

In the gcloud CLI, use the disks create command command and specify the --source-disk. The following example clones the source disk to a new disk in a different project:

gcloud compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
    --description="cloned disk" \
    --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME

Replace the following:

TARGET_PROJECT_ID: the project ID for the new disk
ZONE: the zone of the source and new disk
TARGET_DISK_NAME: the name for the new disk
SOURCE_PROJECT_ID: the project ID of the source disk
SOURCE_DISK_NAME: the name of the source disk

Terraform

To create a disk clone, use the google_compute_disk resource.

compute/disk/main.tf

View on GitHub Feedback

resource "google_compute_disk" "default" {
  name  = "disk-name1"
  type  = "pd-ssd"
  zone  = "us-central1-a"
  image = "debian-11-bullseye-v20220719"
  labels = {
    environment = "dev"
  }
  physical_block_size_bytes = 4096
}

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.

API

In the API, construct a POST request to the compute.disks.insert method. In the request body, specify the name and sourceDisk parameters. The clone inherits all omitted properties from the source disk. The following example clones the source disk to a new disk in a different project:

POST https://compute.googleapis.com/compute/v1/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
}

Replace the following:

TARGET_PROJECT_ID: the project ID for the new disk
ZONE: the zone of the source and new disk
TARGET_DISK_NAME: the name for the new disk
SOURCE_PROJECT_ID: the project ID of the source disk
SOURCE_DISK_NAME: the name of the source disk

Create a regional disk clone from a zonal disk

You can create a new regional disk by cloning an existing zonal disk. To migrate a zonal disk to a regional disk, Google recommends this option instead of creating a snapshot of the zonal disk and restoring the snapshot to a new regional disk.

Restrictions

To create a regional disk clone from a source zonal disk, one of the replica zones of the clone must match the zone of the source disk.
After creation, the regional disk clone is usable within 3 minutes, on average. However, the disk might take tens of minutes to become fully replicated and reach a state where the recovery point objective (RPO) is near zero.
The rate at which you can clone disk space is limited. You can create at most 1 TB of cloned disk every 15 minutes, with a burst request limit of 257 TB.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.disks.create on the project
compute.disks.useReadOnly on the source zonal disk

Console

In the Google Cloud console, go to the Disks page.

Go to Disks
In the list of zonal persistent disks, find the disk that you want to clone.
Click the menu button under Actions and select Clone disk.
In the Clone disk panel, specify a name for the new disk.
For the Location, select Regional and select two replica zones for the new regional disk.
Under Properties, review other details for the new disk.
Click Save.

gcloud

Create a regional disk clone from a zonal disk and provide the source disk and two replica zones for the new regional disk by using the following gcloud compute disks create command. The following example assumes the source and target disks are in the same project.

gcloud compute disks create TARGET_DISK_NAME \
  --description="zonal to regional cloned disk" \
  --region=REGION_1 \
  --source-disk=SOURCE_DISK_NAME \
  --source-disk-zone=REGION_1_ZONE_1 \
  --replica-zones=REGION_1_ZONE_1,REGION_1_ZONE_2 \
  --project=PROJECT_ID

Replace the following:

TARGET_DISK_NAME: the name for the new regional disk
REGION_1: the region for the new regional disk
SOURCE_DISK_NAME: the name of the zonal disk to clone
REGION_1_ZONE_1: one of two replica zones for the new regional disk
REGION_1_ZONE_2: the other replica zone for the new regional disk
PROJECT_ID: the project ID

Terraform

To create a regional disk clone from a zonal disk, you can optionally create a snapshot of the zonal disk and then clone the snapshot. To do this, use the following resources:

compute/disk/main.tf

View on GitHub Feedback

resource "google_compute_region_disk" "regiondisk" {
  name                      = "region-disk-name"
  snapshot                  = google_compute_snapshot.snapdisk.id
  type                      = "pd-ssd"
  region                    = "us-central1"
  physical_block_size_bytes = 4096
  size                      = 11

  replica_zones = ["us-central1-a", "us-central1-f"]
}

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.

API

Provide the source disk and two replica zones for the new regional disk. The following example assumes the source and target disks are in the same project.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION_1/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/PROJECT_ID/zones/REGION_1_ZONE_1/disks/SOURCE_DISK_NAME"
  "replicaZone": "REGION_1_ZONE_1,REGION_1_ZONE_2"
}

Replace the following:

PROJECT_ID: the project ID
REGION_1: the region for the new regional disk
TARGET_DISK_NAME: the name for the new regional disk
REGION_1_ZONE_1: one of two replica zones for the new regional disk
SOURCE_DISK_NAME: the name of the zonal disk to clone
REGION_1_ZONE_2: the other replica zone for the new regional disk

Create a clone of an encrypted source disk

If you use a customer-supplied encryption key to encrypt your source disk, you must also use the same key to encrypt the clone.

Console

In the Google Cloud console, go to the Disks page.

Go to Disks
In the list of zonal persistent disks, find the disk that you want to clone.
Click the menu button under Actions and select Clone disk.
In the Clone disk panel, specify a name for the new disk.
Provide the source disk encryption key under Decryption and encryption.
Under Properties, review other details for the new disk.
Click Save.

gcloud

Provide the source disk encryption key using the --csek-key-file flag when you create the disk clone. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud beta compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
  --description="cloned disk" \
  --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME \
  --csek-key-file example-key-file.json

Replace the following:

TARGET_PROJECT_ID: the project ID for the new disk
ZONE: zone of the source and new disk
TARGET_DISK_NAME: name for the new disk
SOURCE_PROJECT_ID: the project ID of the source disk
SOURCE_DISK_NAME: name of the source disk

API

Provide the source disk encryption key using the diskEncryptionKey property.

POST https://compute.googleapis.com/compute/beta/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
  "diskEncryptionKey": {
    "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oeQ5lAbtt7bYAAHf5l+gJWw3sUfs0/Glw5fpdjT8Uggrr+RMZezGrltJEF293rvTIjWOEB3z5OHyHwQkvdrPDFcTqsLfh+8Hr8g+mf+7zVPEC8nEbqpdl3GPv3A7AwpFp7MA=="
  },
}

Replace the following:

TARGET_PROJECT_ID: the project ID for the new disk
ZONE: the zone of the source and new disk
TARGET_DISK_NAME: the name for the new disk
SOURCE_PROJECT_ID: the project ID of the source disk
SOURCE_DISK_NAME: the name of the source disk

If you use a customer-managed encryption key to encrypt your source disk, you must also use the same key to encrypt the clone.

Console

Compute Engine automatically encrypts the clone using the source disk encryption key.

gcloud

Provide the key for the source disk using the --kms-key flag when you create the disk clone. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud beta compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
  --description="cloned disk" \
  --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME \
  --kms-key projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY

Replace the following:

TARGET_PROJECT_ID: the project ID for the new disk
ZONE: the zone of the source and new disk
TARGET_DISK_NAME: the name for the new disk
SOURCE_PROJECT_ID: the project ID of the source disk
SOURCE_DISK_NAME: the name of the source disk
KMS_PROJECT_ID: the project ID for the encryption key
REGION: the region of the encryption key
KEY_RING: key ring of the encryption key
KEY: the name of the encryption key

API

Provide the key for the source disk using the kmsKeyName property when you create the disk clone.

POST https://compute.googleapis.com/compute/beta/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
  "diskEncryptionKey": {
    "kmsKeyName": "projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY"
  },
}

Replace the following:

TARGET_DISK_NAME: the name for the new disk
SOURCE_PROJECT_ID: the project ID of the source disk
ZONE: the zone of the source and new disk
SOURCE_DISK_NAME: the name of the source disk
KMS_PROJECT_ID: the project ID for the encryption key
REGION: the region of the encryption key
KEY_RING: the key ring of the encryption key
KEY: the name of the encryption key

What's next

Learn about working with persistent disks.
Learn how to regularly back up your disks using snapshots to prevent unintended data loss.
Learn about using regional persistent disks for synchronous replication between two zones.