Creating and starting a VM instance

This document explains how to create a virtual machine (VM) instance by using a boot disk image, a boot disk snapshot, or a container image. Some images support Shielded VM features, which offer security features such as UEFI-compliant firmware, Secure Boot, and vTPM-protected Measured Boot. On Shielded VMs, vTPM and integrity monitoring are enabled by default.

While creating your VM, you can create one or more disks for it. You can also add more disks to the VM after it's created. Compute Engine automatically starts the VM instance after you create it.

While creating a VM, you can also add multiple network interfaces. To mitigate your VM's exposure to threats on the internet, you can omit the external IP address when you add a network interface to the instance. In such cases, the VM is accessible only from other VMs in the same VPC network or a linked network unless you configure Cloud NAT.

For more specific or complicated VM creation, see the following resources:

If you are bringing an existing license, see Bringing your own license with sole-tenant nodes.

Before you begin

If you want to use the command-line examples in this guide, do the following:
1. Install or update to the latest version of the gcloud command-line tool.
2. Set a default region and zone.
If you want to use the API examples in this guide, set up API access.
When creating VMs from images or disks by using the gcloud command-line tool or the Compute Engine API, there's a limit of 20 VM instances per second. If you need to create a higher number of VMs per second, request a higher quota limit for the Images resource.

Create a VM instance from an image

This section explains how to create a VM from a public OS image or a custom image. A VM contains a bootloader, a boot file system, and an OS image.

View a list of public images available on Compute Engine

Before you create a VM by using a public image, review the list of public images that are available on Compute Engine.

For more information about the features available with each public image, see Feature support by operating system.

Console

In the Google Cloud Console, go to the Images page.

Go to Images

gcloud

Run the following command:
```
gcloud compute images list
```
Make a note of the name of the image or image family and the name of the project containing the image.
Optional: To determine whether the image supports Shielded VM features, run the following command:
```
gcloud compute images describe IMAGE_NAME \
    --project=IMAGE_PROJECT
```
Replace the following:
- IMAGE_NAME: name of the image to check for support of Shielded VM features
- IMAGE_PROJECT: project containing the image
If the image supports Shielded VM features, the following line appears in the output: type: UEFI_COMPATIBLE.

API

Run the following command:

GET https://compute.googleapis.com/compute/v1/projects/IMAGE_PROJECT/global/images/

Make a note of the name of the image or image family and the name of the project containing the image.
Optional: To determine whether the image supports Shielded VM features, run the following command:
```
GET https://compute.googleapis.com/compute/v1/projects/IMAGE_PROJECT/global/images/IMAGE_NAME
```
Replace the following:
- IMAGE_PROJECT: project containing the image
- IMAGE_NAME: name of the image to check for support of Shielded VM features
If the image supports Shielded VM features, the following line appears in the output: type: UEFI_COMPATIBLE.

Create a VM instance from a public image

Google, open source communities, and third-party vendors provide and maintain public OS images. By default, all Google Cloud projects can create VMs from public OS images. However, if your Cloud project has a defined list of trusted images, you can use only the images on that list to create a VM.

If you create a Shielded VM image with a local SSD, you can't shield data with integrity monitoring or the virtual platform trusted module (vTPM).

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

Console

In the Google Cloud Console, go to the VM instances page.

Go to VM instances
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
Select a Machine configuration for your VM.
In the Boot disk section, click Change to configure your boot disk. Unless you explicitly choose a different boot disk, if the name of the new VM matches the name of an existing persistent disk, then the existing persistent disk automatically attaches to the new VM as the boot disk.
In the Public images tab, choose the following:
- Operating system
- OS version
- Boot disk type
- Boot disk size
Click Save to confirm your boot disk options.
Select Allow HTTP traffic or Allow HTTPS traffic to permit HTTP or HTTPS traffic to the VM. When you select one of these, Compute Engine adds a network tag to your VM, which associates the firewall rule with the VM. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS).
Optional: If you chose an OS image that supports Shielded VM features, you can modify the Shielded VM settings. To modify shielded VM settings, click the Security tab in the Management, security, disks, networking, sole tenancy section and do the following, as required:
- To enable Secure Boot, select Turn on Secure Boot. Secure Boot is disabled by default.
- To disable vTPM, clear Turn on vTPM. vTPM is enabled by default. Disabling vTPM also disables integrity monitoring because integrity monitoring relies on data gathered by Measured Boot.
- To disable integrity monitoring, clear the Turn on Integrity Monitoring checkbox. Integrity monitoring is enabled by default.
Click Create to create and start the VM.

gcloud

Select a public image. Make a note of the name of the image or image family and the name of the project containing the image.
Use the gcloud compute instances create command to create a VM from an image family or from a specific version of an OS image.

If you specify the optional --shielded-secure-boot flag, Compute Engine creates a VM with all three of the Shielded VM features enabled:
After Compute Engine starts your VM, you must stop the VM to modify Shielded VM options.
```
gcloud compute instances create VM_NAME \
    [--image=IMAGE | --image-family=IMAGE_FAMILY] \
    --image-project=IMAGE_PROJECT
    --machine-type=MACHINE_TYPE
```
Replace the following:
- VM_NAME: name of the new VM
- IMAGE or IMAGE_FAMILY: specify one of the following:
  - IMAGE: a specific version of a public image
    
    For example, --image=debian-10-buster-v20200309.
  - IMAGE_FAMILY: an image family.
    
    This creates the VM from the most recent, non-deprecated OS image. For example, if you specify --image-family=debian-10, Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.
- IMAGE_PROJECT: project containing the image
- MACHINE_TYPE: machine type, predefined or custom, for the new VM
  
  To get a list of the machine types available in a zone, use the gcloud compute machine-types list command with the --zones flag.
Verify that Compute Engine created the VM:
```
gcloud compute instances describe VM_NAME
```
Replace VM_NAME with the name of the VM.

API

Select a public image. Make a note of the name of the image or image family and the name of the project containing the image.
Use the instances.insert method to create a VM from an image family or from a specific version of an OS image:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
 "machineType": "zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
 "name": "VM_NAME",
 "disks": [
   {
     "initializeParams": {
       "sourceImage": "projects/IMAGE_PROJECT/global/images/IMAGE"
     },
     "boot": true
   }
 ],
 "shieldedInstanceConfig": {
   "enableSecureBoot": ENABLE_SECURE_BOOT
 }
}
```
Replace the following:
- PROJECT_ID: ID of the project to create the VM in
- ZONE: zone to create the VM in
- MACHINE_TYPE_ZONE: zone containing the machine type to use for the new VM
- MACHINE_TYPE: machine type, predefined or custom, for the new VM
- VM_NAME: name of the new VM
- IMAGE_PROJECT: project containing the image
  
  For example, if you specify debian-10 as the image family, specify debian-cloud as the image project.
- IMAGE or IMAGE_FAMILY: specify one of the following:
  - IMAGE: a specific version of a public image
    
    For example, "sourceImage": "projects/debian-cloud/global/images/debian-10-buster-v20200309"
  - IMAGE_FAMILY: an image family
    
    This creates the VM from the most recent, non-deprecated OS image. For example, if you specify "sourceImage": "projects/debian-cloud/global/images/family/debian-10", Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.
- ENABLE_SECURE_BOOT: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.
  
  If you specify true for enableSecureBoot, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.

Python

compute/api/create_instance.py

View on GitHub

def create_instance(compute, project, zone, name, bucket):
    # Get the latest Debian Jessie image.
    image_response = compute.images().getFromFamily(
        project='debian-cloud', family='debian-9').execute()
    source_disk_image = image_response['selfLink']

    # Configure the machine
    machine_type = "zones/%s/machineTypes/n1-standard-1" % zone
    startup_script = open(
        os.path.join(
            os.path.dirname(__file__), 'startup-script.sh'), 'r').read()
    image_url = "http://storage.googleapis.com/gce-demo-input/photo.jpg"
    image_caption = "Ready for dessert?"

    config = {
        'name': name,
        'machineType': machine_type,

        # Specify the boot disk and the image to use as a source.
        'disks': [
            {
                'boot': True,
                'autoDelete': True,
                'initializeParams': {
                    'sourceImage': source_disk_image,
                }
            }
        ],

        # Specify a network interface with NAT to access the public
        # internet.
        'networkInterfaces': [{
            'network': 'global/networks/default',
            'accessConfigs': [
                {'type': 'ONE_TO_ONE_NAT', 'name': 'External NAT'}
            ]
        }],

        # Allow the instance to access cloud storage and logging.
        'serviceAccounts': [{
            'email': 'default',
            'scopes': [
                'https://www.googleapis.com/auth/devstorage.read_write',
                'https://www.googleapis.com/auth/logging.write'
            ]
        }],

        # Metadata is readable from the instance and allows you to
        # pass configuration from deployment scripts to instances.
        'metadata': {
            'items': [{
                # Startup script is automatically executed by the
                # instance upon startup.
                'key': 'startup-script',
                'value': startup_script
            }, {
                'key': 'url',
                'value': image_url
            }, {
                'key': 'text',
                'value': image_caption
            }, {
                'key': 'bucket',
                'value': bucket
            }]
        }
    }

    return compute.instances().insert(
        project=project,
        zone=zone,
        body=config).execute()

Create a VM from a custom image

A custom image belongs only to your project. To create a VM with a custom image, you must first create a custom image if you don't already have one.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

Console

Go to the VM instances page.

Go to VM instances
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
Select a Machine configuration for your VM.
In the Boot disk section, click Change to configure your boot disk. Then, do the following:
1. Select the Custom Images tab.
2. Select your project from the Show images from drop-down list.
3. Select the image you want from the Images drop-down list.
4. Select a boot disk type.
5. Specify the size.
6. Click Select.
To permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.

The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
Click Create to create and start the VM.

gcloud

Run the gcloud compute instances create command to create a VM with a custom image:

gcloud compute instances create VM_NAME \
    --image-project IMAGE_PROJECT \
    [--image IMAGE | --image-family IMAGE_FAMILY]

Replace the following:

VM_NAME: name of the VM
IMAGE_PROJECT: name of the project that contains the image
IMAGE or IMAGE_FAMILY: specify one of the following:
- IMAGE: name of your custom image
  For example, --image=my-debian-image-v2.
- IMAGE_FAMILY: if you created your custom images as part of a custom image family, specify that custom image family.
  This creates the VM from the most recent, non-deprecated OS image and OS version in your custom image family. For example, if you specify --image-family=my-debian-family, Compute Engine creates a VM from the latest OS image in your custom my-debian-family image family.
Note: Compute Engine uses the default image family and project if you don't specify an image. The default image family and project are debian-10 and debian-cloud, respectively.

API

The process for creating a VM with a custom image in the API is the same as if you were creating a VM with a publicly available image.

To create the VM from a custom image, use the instances.insert method.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
 "machineType": "zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
 "name": "VM_NAME",
 "disks": [
   {
     "initializeParams": {
       "sourceImage": "projects/IMAGE_PROJECT/global/images/IMAGE"
     },
     "boot": true
   }
 ],
 .....
}

Replace the following:

PROJECT_ID: ID of the project to create the VM in
ZONE: zone to create the VM in
MACHINE_TYPE_ZONE: zone containing the machine type to use for the new VM
MACHINE_TYPE: machine type, predefined or custom, for the new VM
VM_NAME: name of the new VM
IMAGE_PROJECT: name of the project that contains the custom image
IMAGE or IMAGE_FAMILY: specify one of the following:
- IMAGE: name of your custom image
  
  For example, "sourceImage": "projects/my-project-1234/global/images/my-debian-image-v2".
- IMAGE_FAMILY: if you created your custom images as part of a custom image family, specify that custom image family.
  
  This creates the VM from the most recent, non-deprecated OS image in your custom image family. For example, if you specify "sourceImage": "projects/my-project-1234/global/images/family/my-debian-family", Compute Engine creates a VM from the latest version of the OS image in the custom my-debian-family image family.

Create a VM instance with additional non-boot disks

Console

In the Google Cloud Console, go to the VM instances page.

Go to VM instances
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
Select a Machine configuration for your VM.
In the Boot disk section, click Change to configure your boot disk. Unless you explicitly choose a different boot disk, if the name of the new VM matches the name of an existing persistent disk, then the existing persistent disk automatically attaches to the new VM as the boot disk.
In the Public images tab, choose the following and click Save:
- Operating system
- OS version
- Boot disk type
- Boot disk size
Select Allow HTTP traffic or Allow HTTPS traffic to permit HTTP or HTTPS traffic to the VM. When you select one of these, Compute Engine adds a network tag to your VM, which associates the firewall rule with the VM. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS).
To add non-boot disks to your VM:
1. Click the Management, security, disks, networking, sole tenancy section.
2. Click the Disks tab.
3. Under Additional disks, click Add new disk.
4. Specify a disk Name, Type, Source type, Mode, and Deletion rule. For more information about adding new disks, see Creating and attaching a disk.
5. Click Done.
Click Create to create and start the VM.

gcloud

Run the gcloud compute instances create command to create a VM with additional non-boot disks.

You can add up to 128 non-boot disks while you're creating your VM. Specify the --create-disk flag for each non-boot disk you create.

To create non-boot disks from a public or stock image, specify the image or image-family and image-project properties with the --create-disk flag. To create a blank disk, don't include these properties. You can optionally include properties for the disk size and type.

gcloud compute instances create VM_NAME \
    [--image=IMAGE | --image-family=IMAGE_FAMILY] \
    --image-project=IMAGE_PROJECT \
    --create-disk [image=DISK_IMAGE | image-family=DISK_IMAGE_FAMILY ],image-project=DISK_IMAGE_PROJECT,size=SIZE_GB,type=DISK_TYPE

Replace the following:

VM_NAME: name of the new VM
IMAGE or IMAGE_FAMILY. Specify one of the following:
- IMAGE: a specific version of a public image
  
  For example, --image=debian-10-buster-v20200309.
- IMAGE_FAMILY: an image family
  
  This creates the VM from the most recent, non-deprecated OS image. For example, if you specify --image-family=debian-10, Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.
IMAGE_PROJECT: project containing the image
For additional disks, replace the following:
- DISK_IMAGE or DISK_IMAGE_FAMILY: Specify one of the following:
  - DISK_IMAGE: name of the image that you want to use as a non-boot disk
  - DISK_IMAGE_FAMILY: an image family to use as a non-boot disk
- DISK_IMAGE_PROJECT: an image project to which the disk image belongs
- SIZE_GB: Optional: size of the non-boot disk
- DISK_TYPE: Optional: full or partial URL for the type of the persistent disk
  
  For example, https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/diskTypes/pd-ssd. To view the available disk types, run the gcloud compute disk-types list command.
For blank disks, don't specify the DISK_IMAGE, DISK_IMAGE_FAMILY, or DISK_IMAGE_PROJECT parameters.

API

You can create up to 128 non-boot disks at the time you create a VM by using the initializeParams property for each additional disk. Create additional disks with a public or private image. To add a blank disk, define the initializeParams entry with no sourceImage value.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
 "machineType": "zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
 "name": "VM_NAME",
 "disks": [
   {
     "initializeParams": {
       "sourceImage": "projects/IMAGE_PROJECT/global/images/IMAGE"
     },
     "boot": true
   },
   {
     "initializeParams": {
       "diskSizeGb": "SIZE_GB",
       "sourceImage": "projects/DISK_IMAGE_PROJECT/global/images/DISK_IMAGE",
       "diskType": "DISK_TYPE"
   },
   {
     "initializeParams": {
     "diskSizeGb": "SIZE_GB",
     "diskType": "DISK_TYPE"
   }
    }...]

Replace the following:

PROJECT_ID: ID of the project to create the VM in
ZONE: zone to create the VM in
MACHINE_TYPE_ZONE: zone containing the machine type to use for the new VM
MACHINE_TYPE: machine type, predefined or custom, for the new VM
VM_NAME: name of the new VM
IMAGE_PROJECT: name of the project that contains the custom image
IMAGE or IMAGE_FAMILY: specify one of the following:
- IMAGE: name of your custom image
  
  For example, "sourceImage": "projects/my-project-1234/global/images/my-debian-image-v2".
- IMAGE_FAMILY: if you created your custom images as part of a custom image family, specify that custom image family.
  
  This creates the VM from the most recent, non-deprecated OS image OS version in your custom image family. For example, if you specify "sourceImage": "projects/my-project-1234/global/images/family/my-debian-family", Compute Engine creates a VM from the latest version of the OS image in the custom my-debian-family image family.
For additional disks, replace the following:
- SIZE_GB: disk size
- DISK_IMAGE or DISK_IMAGE_FAMILY: Specify either a source image or image family for the non-boot disk:
  - DISK_IMAGE: name of the image that you want to use as a non-boot disk
    
    For example, "sourceImage": "projects/DISK_IMAGE_PROJECT/global/images/DISK_IMAGE".
  - DISK_IMAGE_FAMILY: an image family to use as a non-boot disk
    
    For example, "sourceImage": "projects/DISK_IMAGE_PROJECT/global/images/family/DISK_IMAGE_FAMILY".
- DISK_TYPE: full or partial URL for the type of the persistent disk
For example, https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/diskTypes/pd-ssd.

For blank disks, don't specify the DISK_IMAGE, DISK_IMAGE_FAMILY, or DISK_IMAGE_PROJECT parameters.

Format and mount the disks before using them.

Create a VM instance from a shared image

If another user has shared an image with you, you can use the image to create a VM.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

Console

Go to the VM instances page.

Go to VM instances
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Optional: change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
Select a Machine configuration for your VM.
In the Boot disk section, click Change to configure your boot disk. Then, follow these steps:
1. Select the Custom Images tab.
2. Select the image project from the Show images from drop-down list.
3. Select the image you want from the Images drop-down list.
4. Click Select.
To permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.

The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
Click Create to create and start the VM.

gcloud

Create a VM by using the gcloud compute instances create command, and use the --image and --image-project flags to specify the image name and the project where the image resides:

 gcloud compute instances create VM_NAME \
        --image=IMAGE \
        --image-project=IMAGE_PROJECT

Replace the following:

VM_NAME: name for the new VM
IMAGE: name of the image
IMAGE_PROJECT: project to which the image belongs

If the command is successful, gcloud responds with the properties of the new VM:

    Created [https://compute.googleapis.com/compute/v1/projects/myproject/zones/us-central1-b/instances/example-instance].
    NAME                 ZONE           MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP    STATUS
    example-instance     us-central1-b  e2-standard-2               10.240.0.4   104.198.53.60  RUNNING

API

Follow the API instructions to create a VM from a public image, but specify the image field in the request body. To add blank disks, don't specify an image source. You can optionally specify the diskSizeGb, diskType, and labels properties.

    [...
    image: "projects/PROJECT_ID/global/images/IMAGE_NAME
    {
     "initializeParams": {
        "diskSizeGb": "SIZE_GB",
        "sourceImage": "IMAGE"
           }
     }
     ...]

Replace the following:

PROJECT_ID: project containing the image
IMAGE_NAME: source image
SIZE_GB: disk size
IMAGE: source image for the non-boot disk

For blank disks, don't specify an image source.

Create a VM instance from a snapshot

If you backed up a boot persistent disk with a snapshot, you can use that snapshot to create a VM.

To quickly create more than one VM with the same boot disk, create a custom image and, then create VMs from that image rather than from the snapshot.

Create a VM instance boot disk from a snapshot

You can restore a snapshot of a boot disk to a new boot disk when you create a VM.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

Console

Go to the VM instances page.

Go to VM instances
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
Select a Machine configuration for your VM.
In the Boot disk section, click Change to configure your boot disk. Then, do the following:
1. Click the Snapshots tab and choose a snapshot from the list.
2. Click Select.
To permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.

The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
Click Create to create and start the VM.

gcloud

Use the gcloud compute instances create command and include the --source-snapshot flag:

gcloud compute instances create VM_NAME \
    --source-snapshot=BOOT_SNAPSHOT_NAME \
    --boot-disk-size=BOOT_DISK_SIZE \
    --boot-disk-type=BOOT_DISK_TYPE \
    --boot-disk-device-name=BOOT_DISK_NAME

Replace the following:

VM_NAME: name for the new VM
BOOT_SNAPSHOT_NAME: name of the boot disk snapshot that you want to restore to the boot disk of the new VM.
BOOT_DISK_SIZE: Optional: size, in gigabytes, of the new boot disk

The size must be equal to or larger than the size of the source disk from which the snapshot was made.
BOOT_DISK_TYPE: Optional: type of the boot persistent disk

For example, pd-ssd.
BOOT_DISK_NAME: name of the new boot disk for this VM

API

When you use the API to create a VM from a snapshot, the following restrictions apply:

Only one persistent disk can be used as the boot persistent disk.
You must attach the boot persistent disk as the first disk for that VM.
If you specify the source property, you cannot also specify the initializeParams property. Providing a source indicates that the boot persistent disk exists already, but the initializeParams property indicates that Compute Engine should create a new boot persistent disk.

To create a VM from a boot disk snapshot, specify the sourceSnapshot field under the disks property. Optional: specify the diskSizeGb and diskType properties for the new boot disk:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
{
  "name": "VM_NAME",
  "machineType": "machineTypes/MACHINE_TYPE"
  "networkInterfaces": [{
    "accessConfigs": [{
      "type": "ONE_TO_ONE_NAT",
      "name": "External NAT"
    }],
    "network": "global/networks/default"
  }],
  "disks": [{
     "boot": true,
     "initializeParams": {
       "sourceSnapshot": "global/snapshots/BOOT_SNAPSHOT_NAME",
       "diskSizeGb": "BOOT_DISK_SIZE",
       "diskType": "BOOT_DISK_TYPE"
    }
   }],
 }

Replace the following:

PROJECT_ID: your project ID
ZONE: zone where you want to create the new VM
VM_NAME: name of the VM that you want to restore a snapshot to
MACHINE_TYPE: machine type of the VM
BOOT_SNAPSHOT_NAME: name of the snapshot that you want to use to create the boot disk of a new VM
BOOT_DISK_SIZE: Optional: size, in gigabytes, for the new boot disk

The size must be equal to or larger than the size of the source disk from which the snapshot was made.
BOOT_DISK_TYPE: Optional: type of the boot disk

For example, pd-ssd.

Restore non-boot snapshots to a new VM instance

Non-boot snapshots are backups of secondary persistent disks that your VM uses only for data storage. You can restore non-boot snapshots to new disks whenever you create a VM. Alternatively, you can also restore non-boot snapshots to an existing VM.

To restore non-boot snapshots to a new VM, follow these additional steps when you create a VM.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

Console

When restoring non-boot snapshots to a new VM from the console, first create a disk from each snapshot. Then, attach the new disks when you create the VM.

Restore each non-boot snapshot to a new disk.
1. In the Google Cloud Console, go to the Disks page.
  
  Go to Disks
2. Click Create disk.
3. Specify a Name for your disk. See Resource naming convention.
4. Select the Region and Zone for this disk. The disk and VM must be in the same zone.
5. Select a disk Type.
6. Under Source type, select Snapshot.
7. Under the new Source snapshot field, select a non-boot snapshot that you want to restore to the new disk.
8. Click Create to create the disk.
Repeat these steps to create a disk from each snapshot that you want to restore. When creating a VM, you can add up to 15 non-boot disks.
In the Google Cloud Console, go to the VM instances page.

Go to VM instances
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Select the Region and Zone for this VM. The disk and VM must be in the same zone.
Select a Machine type for your VM.
If you want to allow incoming external traffic, change the Firewall rules for the VM.
To attach disks to the VM:
1. Click Management, security, disks, networking, sole tenancy.
2. Select the Disks tab.
3. Under Additional disks, click Attach existing disk.
4. Under the new Disk field, select a disk to attach to this VM.
5. Specify a Mode and Deletion rule for the disk.
6. Click Done.
Repeat these steps for each disk that you want to attach. When creating a VM, you can add up to 15 non-boot disks.
Click Create to create and start the VM.

gcloud

Create a VM by using the gcloud compute instances create command. For each non-boot snapshot that you want to restore, include the --create-disk flag, and specify a source-snapshot. When creating a VM, you can add up to 15 non-boot disks.

For example, to restore two non-boot snapshots to a new VM, use the following command:

gcloud compute instances create VM_NAME \
    --create-disk source-snapshot=SNAPSHOT_1_NAME,name=DISK_1_NAME,size=DISK_1_SIZE,type=DISK_1_TYPE \
    --create-disk source-snapshot=SNAPSHOT_2_NAME,name=DISK_2_NAME,size=DISK_2_SIZE,type=DISK_2_TYPE

Replace the following:

VM_NAME: name for the new VM
SNAPSHOT_1_NAME and SNAPSHOT_2_NAME: names of non-boot snapshots that you want to restore
DISK_1_NAME and DISK_2_NAME: names of the new non-boot disks for this VM
DISK_1_SIZE and DISK_2_SIZE: Optional: sizes, in gigabytes, of each new non-boot disk

The sizes must be equal to or larger than the sizes of the source disks from which the snapshot was made.
DISK_1_TYPE and DISK_2_TYPE: Optional: types of the persistent disks

For example, https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/diskTypes/pd-ssd.

API

When using the API to restore a non-boot snapshot to a new VM, the following restrictions apply:

Only one persistent disk can be the boot persistent disk.
You must attach the boot persistent disk as the first disk for that VM.
If you specify the source property, you can't also specify the initializeParams property. Providing a source indicates that the boot persistent disk exists already, but the initializeParams property indicates that Compute Engine should create a new boot persistent disk.

Using the beta API, specify the sourceSnapshot field under the initializeParams property. You can add up to 15 non-boot disks by repeating the initializeParams property for every non-boot disk that you want to create. You can optionally specify the diskSizeGb and diskType properties for any of the disks that you create.

For example, to restore two non-boot snapshots to a new VM, make the following request:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
{
  "name": "VM_NAME",
  "machineType": "machineTypes/MACHINE_TYPE"
  "networkInterfaces": [{
    "accessConfigs": [{
      "type": "ONE_TO_ONE_NAT",
      "name": "External NAT"
    }],
    "network": "global/networks/default"
  }],
  "disks": [{
     "autoDelete": "true",
     "boot": "true",
     "type": "PERSISTENT",
     "diskSizeGb": "DISK_SIZE",
     "diskType": "DISK_TYPE"
   },
   {
     "initializeParams": {
        "sourceSnapshot": "global/snapshots/SNAPSHOT_1_NAME",
        "diskSizeGb": "DISK_SIZE",
        "diskType": "DISK_TYPE"
     }
   },
   {
     "initializeParams": {
        "sourceSnapshot": "global/snapshots/SNAPSHOT_2_NAME",
        "diskSizeGb": "DISK_SIZE",
        "diskType": "DISK_TYPE"
     }
  }]
 }

Replace the following:

PROJECT_ID: your project ID
ZONE: zone where you want to create the VM
VM_NAME: name of the VM that you want to restore a snapshot to
MACHINE_TYPE: machine type of the VM
DISK_SIZE: Optional: size, in gigabytes, of the corresponding disk

When provided, this property must be equal to or larger than the size of the source disk from which the snapshot was made.
DISK_TYPE: Optional: full or partial URL for the type of the corresponding persistent disk

For example, https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/diskTypes/pd-ssd.
SNAPSHOT_1_NAME and SNAPSHOT_2_NAME: names of non-boot snapshots that you want to restore to new, non-boot disks on the new VM

Create a VM instance from a container image

To deploy and launch a container on a Compute Engine VM, specify a container image name and optional configuration parameters when you create the VM. Compute Engine creates the VM by using the latest version of the Container-optimized OS public image, which has Docker installed. Then, Compute Engine launches the container when the VM starts. For more information, see Deploying containers on VMs.

To create a VM from a container image, you must use the Cloud Console or gcloud.

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

Console

In the Google Cloud Console, go to the VM instances page.

Go to VM instances
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
In the Container section, select the Deploy a container image to this VM instance checkbox.
Specify the Container image to use. For example:
- To select an NGINX 1.12 container image from Cloud Launcher:
  
  gcr.io/cloud-marketplace/google/nginx1:1.12
- To deploy an Apache container image from Docker Hub, always specify the full Docker image name:
  
  docker.io/httpd:2.4
Optional: Click Advanced container options. For more information, see Configuring options to run your container.
Click Create to create the VM, boot the VM, and launch the container.

gcloud

Run the gcloud compute instances create-with-container command:

gcloud compute instances create-with-container VM_NAME \
    --container-image=CONTAINER_IMAGE

Replace the following:

VM_NAME: name for the new VM.
CONTAINER_IMAGE: name of the container image.

For example, the following command creates a VM named nginx-vm, which launches and runs the container image:

gcr.io/cloud-marketplace/google/nginx1:1.12

gcloud compute instances create-with-container nginx-vm \
    --container-image=gcr.io/cloud-marketplace/google/nginx1:1.12

To deploy an Apache container image from Docker Hub, always specify the full Docker image name:

docker.io/httpd:2.4.

Create a VM instance with access to other Google Cloud Services

If you plan to run an application on your VM that needs access to other Google Cloud services, create a service account before creating the VM, and then set up the VM to run as a service account. A service account is a special account whose credentials you can use in your application code to access other Google Cloud services.

For more information, see Service accounts.

Create a VM instance in a specific subnet

Permissions required for this task

To perform this task, you must have the following permissions:

compute.instances.create on the project
compute.instances.updateShieldedVmConfig if you plan to create a Shielded VM instance and you want to be able to change any of the Shielded VM settings
compute.networks.use on the project if using a legacy network
compute.subnetworks.use either on the whole project or on the chosen subnet (VPC networks)
compute.networks.useExternalIp on the project if you need to assign an external IP address (either ephemeral or static) to the instance using a legacy network
compute.subnetworks.useExternalIp either on the whole project or on the chosen subnet if you need to assign an external IP address (either ephemeral or static) to the instance using a VPC network
compute.addresses.use on the project if specifying a static address in the project
compute.instances.setMetadata if setting metadata
compute.instances.setTags on the instance if setting tags
compute.instances.setLabels on the instance if setting labels
compute.images.useReadOnly on the image if creating a new root persistent disk
compute.disks.create on the project if creating a new root persistent disk with this instance
compute.disks.useReadOnly on the disk if attaching an existing persistent disk in read-only mode
compute.disks.use on the disk if attaching an existing disk in read/write mode
compute.disks.setLabels on the disk if setting labels
compute.snapshots.create on the project to create a new snapshot if creating an instance from a snapshot
compute.snapshots.useReadOnly on the snapshot if creating an instance from a snapshot

By default, Google Cloud creates an auto mode VPC network called default for each project. To use a different network or a subnet that you manually created in an auto mode or custom mode VPC network, you must specify the subnet when you create the VM.

While creating a VM in a subnet, consider these rules:

If you don't specify a network or subnet, Compute Engine uses the default VPC network and the auto subnet that's in the same region as the VM.
If you don't specify a network, Compute Engine infers the network from the subnet specified.
If you specify a network, you must specify a subnet and it must belong to the same network. Otherwise, VM creation fails.

Console

In the Google Cloud Console, go to the VM instances page.

Go to VM instances
Select your project and click Continue.
Click Create instance.
Specify a Name for your VM. See Resource naming convention.
Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
To permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.

The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
Expand the Management, security, disks, networking, sole tenancy section.
Click the Networking tab. Under Network interfaces, specify the network details.
1. In the Network field, select the VPC network that contains the subnet you created.
2. In the Subnet field, select the subnet for the VM to use.
Click Create to create and start the VM.

gcloud

Using the gcloud command-line tool, follow the same instructions to create a VM from an image or a snapshot, and add the --subnet=SUBNET_NAME and --zone=ZONE flags when you run the gcloud compute instances create command:

gcloud compute instances create VM_NAME \
    --network=NETWORK_NAME \
    --subnet=SUBNET_NAME \
    --zone=ZONE

Replace the following:

VM_NAME: name of the VM
NETWORK_NAME: Optional: name of the network
SUBNET_NAME: name of the subnet

To view a list of subnets in the network, use the gcloud compute networks subnets list command.
ZONE: zone where the VM is created, such as europe-west1-b

The VM's region is inferred from the zone.

API

Follow the API instructions to create a VM from an image or a snapshot, but specify the subnet field in the request body. To add blank disks, do not add a source image. You can optionally specify the diskSizeGb, diskType, and labels properties.

...
"networkInterfaces": [
{
  "network": "global/networks/NETWORK_NAME",
  "subnetwork": "regions/REGION/subnetworks/SUBNET_NAME",
  "accessConfigs":
    {
      "name": "External NAT",
      "type": "ONE_TO_ONE_NAT"
    }
    {
      "initializeParams": {
         "diskSizeGb": "SIZE_GB",
         "sourceImage": "IMAGE"
    {
      "initializeParams": {
      "diskSizeGb": "SIZE_GB"
     }
 }...]

Replace the following:

NETWORK_NAME: Optional: name of the network
REGION: region where the specified subnet exists
SUBNET_NAME: name of the subnet
SIZE_GB: disk size
IMAGE: source image for the non-boot disk

For blank disks, don't specify an image source.

Troubleshooting

To find methods for resolving common VM creation errors, see Troubleshooting VM creation.

What's next?

Check the status of the VM to see when it's ready to use.
Learn how to use snapshots to back up your persistent disks.
Learn more about images.
Learn more about containers.
Create and attach a non-boot storage disk to your VM to store your data separately from the boot disk.
Create and start Windows Server or SQL Server instances.
Refer to the gcloud compute instances create command.
Learn how to reserve resources in a specific zone.
Connect to your VM instance.

Try it for yourself

If you're new to Google Cloud, create an account to evaluate how Compute Engine performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Try Compute Engine free