$ gcloud alpha compute instances create example-instance-1 \
    example-instance-2 example-instance-3 --zone us-central1-a

POSITIONAL ARGUMENTS

INSTANCE_NAMES [INSTANCE_NAMES ...]

Names of the instances to create.

FLAGS

--accelerator=[count=COUNT],[type=TYPE]

Attaches accelerators (e.g. GPUs) to the instances.

type

The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) of accelerator to attach to the instances. Use 'gcloud compute accelerator-types list' to learn about all available accelerator types.

count

The number of pieces of the accelerator to attach to the instances. The default value is 1.

--async

Display information about the operation in progress, without waiting for the operation to complete.

--boot-disk-auto-delete

Automatically delete boot disks when their instances are deleted. Enabled by default, use --no-boot-disk-auto-delete to disable.

--boot-disk-device-name=BOOT_DISK_DEVICE_NAME

The name the guest operating system will see for the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk).

--boot-disk-size=BOOT_DISK_SIZE

The size of the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk). The value must be a whole number followed by a size unit of KB for kilobyte, MB for megabyte, GB for gigabyte, or TB for terabyte. For example, 10GB will produce a 10 gigabyte disk. The minimum size a boot disk can have is 10 GB. Disk size must be a multiple of 1 GB. Limit your boot disk size to 2TB to account for MBR partition table limitations.

--boot-disk-type=BOOT_DISK_TYPE

The type of the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk). To get a list of available disk types, run $ gcloud compute disk-types list.

--can-ip-forward

If provided, allows the instances to send and receive packets with non-matching destination or source IP addresses.

--create-disk=[PROPERTY=VALUE,...]

Creates and attaches persistent disks to the instances.

name

Specifies the name of the disk. This option cannot be specified if more than one instance is being created.

description

Optional textual description for the disk being created.

mode

Specifies the mode of the disk. Supported options are ro for read-only and rw for read-write. If omitted, rw is used as a default.

image

Specifies the name of the image that the disk will be initialized with. A new disk will be created based on the given image. To view a list of public images and projects, run $ gcloud compute images list. It is best practice to use image when a specific version of an image is needed. If both image and image-family flags are omitted a blank disk will be created.

image-family

The family of the image that the disk will be initialized with. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use image-family when the latest version of an image is needed.

image-project

The project that the image or image family belongs to. It is best practice to define image-project.

*

If specifying one of our public images, image-project must be provided.

*

If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used.

*

If not specified and either image or image-family is provided, the current default project is used.

size

The size of the disk. The value must be a whole number followed by a size unit of KB for kilobyte, MB for megabyte, GB for gigabyte, or TB for terabyte. For example, 10GB will produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. If not specified, the default image size will be used for the new disk.

type

The type of the disk. To get a list of available disk types, run $ gcloud compute disk-types list. The default disk type is pd-standard.

device-name

An optional name that indicates the disk name the guest operating system will see. If omitted, a device name of the form persistent-disk-N will be used.

auto-delete

If yes, this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is later detached from the instance, this option won't apply. The default value for this is no.

kms-key

Fully qualified Cloud KMS cryptokey name that will protect the disk. This can either be the fully qualified path or the name. The fully qualified Cloud KMS cryptokey name format is: projects/<kms-project>/locations/<kms-location>/keyRings/<kms-keyring>/ cryptoKeys/<key-name>. If the value is not fully qualified then kms-location, kms-keyring, and optionally kms-project are required. See cloud.google.com/compute/docs/disks/customer-managed-encryption for more details.

kms-project

Project that contains the Cloud KMS cryptokey that will protect the disk. If the project is not specified then the project where the disk is being created will be used. If this flag is set then key-location, kms-keyring, and kms-key are required. See cloud.google.com/compute/docs/disks/customer-managed-encryption for more details.

kms-location

Location of the Cloud KMS cryptokey to be used for protecting the disk. All Cloud KMS cryptokeys are reside in a 'location'. To get a list of possible locations run 'gcloud kms locations list'. If this flag is set then kms-keyring and kms-key are required. See cloud.google.com/compute/docs/disks/customer-managed-encryption for more details.

kms-keyring

The keyring which contains the Cloud KMS cryptokey that will protect the disk. If this flag is set then kms-location and kms-key are required. See cloud.google.com/compute/docs/disks/customer-managed-encryption for more details.

source-snapshot

The source disk snapshot that will be used to create the disk. You can provide this as a full URL to the snapshot or just the snapshot name. For example, the following are valid values:

*

www.googleapis.com/compute/v1/projects/myproject/global/snapshots/snapshot

*

snapshot

--csek-key-file=FILE

Path to a Customer-Supplied Encryption Key (CSEK) key file, mapping Google Compute Engine resources to user managed keys to be used when creating, mounting, or snapshotting disks.
If you pass - as value of the flag the CSEK will be read from stdin. See cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details.

--deletion-protection

Enables deletion protection for the instance.

--description=DESCRIPTION

Specifies a textual description of the instances.

--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[mode=MODE],[name=NAME],[scope=SCOPE]

Attaches persistent disks to the instances. The disks specified must already exist.

name

The disk to attach to the instances. When creating more than one instance and using this property, the only valid mode for attaching the disk is read-only (see mode below).

mode

Specifies the mode of the disk. Supported options are ro for read-only and rw for read-write. If omitted, rw is used as a default. It is an error for mode to be rw when creating more than one instance because read-write disks can only be attached to a single instance.

boot

If yes, indicates that this is a boot disk. The virtual machines will use the first partition of the disk for their root file systems. The default value for this is no.

device-name

An optional name that indicates the disk name the guest operating system will see. If omitted, a device name of the form persistent-disk-N will be used.

auto-delete

If yes, this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is later detached from the instance, this option won't apply. The default value for this is no.

scope

Can be zonal or regional. If zonal, the disk is interpreted as a zonal disk in the same zone as the instance (default). If regional, the disk is interpreted as a regional disk in the same region as the instance. The default value for this is zonal.

--enable-display-device

Enable a display device for instances using a Windows image. Disabled by default.

--hostname=HOSTNAME

Specify the hostname of the instance to be created. The specified homename must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.

--labels=[KEY=VALUE,...]

List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--local-nvdimm=[size=SIZE]

Attaches a local NVDIMM to the instances.

size

Optional. Size of the NVDIMM disk. The value must be a whole number followed by a size unit of KB for kilobyte, MB for megabyte, GB for gigabyte, or TB for terabyte. For example, 3TB will produce a 3 terabyte disk. Allowed values are: 3TB and 6TB and the default is 3 TB.

--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE],[size=SIZE]

Attaches a local SSD to the instances.
This flag is currently in BETA and may change without notice.

device-name

Optional. A name that indicates the disk name the guest operating system will see. If omitted, a device name of the form local-ssd-N will be used.

interface

Optional. The kind of disk interface exposed to the VM for this SSD. Valid values are SCSI and NVME. SCSI is the default and is supported by more guest operating systems. NVME may provide higher performance.

size

Optional. Size of the SSD disk. The value must be a whole number followed by a size unit of KB for kilobyte, MB for megabyte, GB for gigabyte, or TB for terabyte. For example, 750GB will produce a 750 gigabyte disk. The size must be a multiple of 375 GB and the default is 375 GB. For Alpha API only.

--machine-type=MACHINE_TYPE

Specifies the machine type used for the instances. To get a list of available machine types, run 'gcloud compute machine-types list'. If unspecified, the default type is n1-standard-1.

--metadata=KEY=VALUE,[KEY=VALUE,...]

Metadata to be made available to the guest operating system running on the instances. Each metadata entry is a key/value pair separated by an equals sign. Metadata keys must be unique and less than 128 bytes in length. Values must be less than or equal to 32,768 bytes in length. Multiple arguments can be passed to this flag, e.g., --metadata key-1=value-1,key-2=value-2,key-3=value-3.
In images that have Compute Engine tools installed on them, such as the official images (cloud.google.com/compute/docs/images the following metadata keys have special meanings:

startup-script

Specifies a script that will be executed by the instances once they start running. For convenience, --metadata-from-file can be used to pull the value from a file.

startup-script-url

Same as startup-script except that the script contents are pulled from a publicly-accessible location on the web.

--metadata-from-file=KEY=LOCAL_FILE_PATH,[...]

Same as --metadata except that the value for the entry will be read from a local file. This is useful for values that are too large such as startup-script contents.

--min-cpu-platform=PLATFORM

When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run:

$ gcloud alpha compute zones describe ZONE \
  --format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".
CPU platform selection is available only in selected zones.
You can find more information on-line: cloud.google.com/compute/docs/instances/specify-min-cpu-platform

--network=NETWORK

Specifies the network that the instances will be part of. If --subnet is also specified subnet must be a subnetwork of network specified by --network. If neither is specified, this defaults to the "default" network.

--network-interface=[PROPERTY=VALUE,...]

Adds a network interface to the instance. Mutually exclusive with any of these flags: --address, --network, --network-tier, --subnet, --private-network-ip.
The following keys are allowed:

address

Assigns the given external address to the instance that is created. Specifying an empty string will assign an ephemeral IP. Mutually exclusive with no-address. If neither key is present the instance will get an ephemeral IP.

network

Specifies the network that the interface will be part of. If subnet is also specified it must be subnetwork of this network. If neither is specified, this defaults to the "default" network.

no-address

If specified the interface will have no external IP. Mutually exclusive with address. If neither key is present the instance will get an ephemeral IP.

network-tier

Specifies the network tier of the interface. NETWORK_TIER must be one of: PREMIUM, STANDARD. The default value is PREMIUM.

private-network-ip

Assigns the given RFC1918 IP address to the interface.

subnet

Specifies the subnet that the interface will be part of. If network key is also specified this must be a subnetwork of the specified network.

aliases

Specifies the IP alias ranges to allocate for this interface. If there are multiple IP alias ranges, they are separated by semicolons.
For example:

--aliases="10.128.1.0/24;range1:/32"

Each IP alias range consists of a range name and an IP range separated by a colon, or just the IP range. The range name is the name of the range within the network interface's subnet from which to allocate an IP alias range. If unspecified, it defaults to the primary IP range of the subnet. The IP range can be a CIDR range (e.g. 192.168.100.0/24), a single IP address (e.g. 192.168.100.1), or a netmask in CIDR format (e.g. /24). If the IP range is specified by CIDR range or single IP address, it must belong to the CIDR range specified by the range name on the subnet. If the IP range is specified by netmask, the IP allocator will pick an available range with the specified netmask and allocate it to this network interface.

--network-tier=NETWORK_TIER

Specifies the network tier that will be used to configure the instance. NETWORK_TIER must be one of: PREMIUM, STANDARD. The default value is PREMIUM.

--preemptible

If provided, instances will be preemptible and time-limited. Instances may be preempted to free up resources for standard VM instances, and will only be able to run for a limited amount of time. Preemptible instances can not be restarted and will not migrate.

--private-network-ip=PRIVATE_NETWORK_IP

Specifies the RFC1918 IP to assign to the instance. The IP should be in the subnet or legacy network IP range.

--require-csek-key-create

Refuse to create resources not protected by a user managed key in the key file when --csek-key-file is given. This behavior is enabled by default to prevent incorrect gcloud invocations from accidentally creating resources with no user managed key. Disabling the check allows creation of some resources without a matching Customer-Supplied Encryption Key in the supplied --csek-key-file. See cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details. Enabled by default, use --no-require-csek-key-create to disable.

--resource-policies=[RESOURCE_POLICY,...]

A list of resource policy names to be added to the instance. The policies must exist in the same region as the instance.

--restart-on-failure

The instances will be restarted if they are terminated by Compute Engine. This does not affect terminations performed by the user. Enabled by default, use --no-restart-on-failure to disable.

--source-instance-template=SOURCE_INSTANCE_TEMPLATE

The name of the instance template that the instance will be created from.
Users can also override machine type and labels. Values of other flags will be ignored and --source-instance-template will be used instead.

--source-machine-image=SOURCE_MACHINE_IMAGE

The name of the machine image that the instance will be created from.

--subnet=SUBNET

Specifies the subnet that the instances will be part of. If --network is also specified subnet must be a subnetwork of network specified by --network.

--tags=TAG,[TAG,...]

Specifies a list of tags to apply to the instance. These tags allow network firewall rules and routes to be applied to specified VM instances. See gcloud compute firewall-rules create(1) for more details.
To read more about configuring network tags, read this guide: cloud.google.com/vpc/docs/add-remove-network-tags
To list instances with their respective status and tags, run:

$ gcloud compute instances list \
    --format='table(name,status,tags.list())'

To list instances tagged with a specific tag, tag1, run:

$ gcloud compute instances list --filter='tags:tag1'

--zone=ZONE

Zone of the instances to create. If not specified and the compute/zone property isn't set, you may be prompted to select a zone.
To avoid prompting when this flag is omitted, you can set the compute/zone property:

$ gcloud config set compute/zone ZONE

A list of zones can be fetched by running:

$ gcloud compute zones list

To unset the property, run:

$ gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

At most one of these may be specified:

--address=ADDRESS

Assigns the given external address to the instance that is created. The address may be an IP address or the name or URI of an address resource. This option can only be used when creating a single instance.

--no-address

If provided, the instances will not be assigned external IP addresses.

Manage the configuration of desired allocation which this instance could take capacity from.

--allocation-affinity=ALLOCATION_AFFINITY; default="any"

Specifies the configuration of desired allocation which this instance could take capacity from. Choices are 'any', 'none' and 'specific', default is 'any'. ALLOCATION_AFFINITY must be one of: any, none, specific.

--allocation-label=[key=KEY],[value=VALUE]

The key and values of the label of the allocation resource. Required if the value of --allocation-affinity is specific.

key

The label key of allocation resource.

value

The label value of allocation resource.

Key resource - The Cloud KMS (Key Management Service) cryptokey that will be used to protect the disk. The arguments in this group can be used to specify the attributes of this resource.

--boot-disk-kms-key=BOOT_DISK_KMS_KEY

ID of the key or fully qualified identifier for the key. This flag must be specified if any of the other arguments in this group are specified.

--boot-disk-kms-keyring=BOOT_DISK_KMS_KEYRING

The KMS keyring of the key.

--boot-disk-kms-location=BOOT_DISK_KMS_LOCATION

The Cloud location for the key.

--boot-disk-kms-project=BOOT_DISK_KMS_PROJECT

The Cloud project for the key.

Custom machine type extensions.

--custom-cpu=CUSTOM_CPU

A whole number value indicating how many cores are desired in the custom machine type. This flag must be specified if any of the other arguments in this group are specified.

--custom-memory=CUSTOM_MEMORY

A whole number value indicating how much memory is desired in the custom machine type. A size unit should be provided (eg. 3072MB or 9GB) - if no units are specified, GB is assumed. This flag must be specified if any of the other arguments in this group are specified.

--custom-extensions

Use the extended custom machine type.

--image-project=IMAGE_PROJECT

The project against which all image and image family references will be resolved. It is best practice to define image-project.

*

If specifying one of our public images, image-project must be provided.

*

If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used.

*

If not specified and either image or image-family is provided, the current default project is used.

At most one of these may be specified:

--image=IMAGE

Specifies the boot image for the instances. For each instance, a new boot disk will be created from the given image. Each boot disk will have the same name as the instance. To view a list of public images and projects, run $ gcloud compute images list. It is best practice to use --image when a specific version of an image is needed.
When using this option, --boot-disk-device-name and --boot-disk-size can be used to override the boot disk's device name and size, respectively.

--image-family=IMAGE_FAMILY

The family of the image that the boot disk will be initialized with. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use --image-family when the latest version of an image is needed.
By default, debian-9 is assumed for this flag.

--source-snapshot=SOURCE_SNAPSHOT

The name of the source disk snapshot that the instance boot disk will be created from. You can provide this as a full URL to the snapshot or just the snapshot name. For example, the following are valid values:

---

www.googleapis.com/compute/v1/projects/myproject/global/snapshots/snapshot

---

snapshot

Maintenance Behavior. At most one of these may be specified:

--maintenance-policy=MAINTENANCE_POLICY

(DEPRECATED) Specifies the behavior of the instances when their host machines undergo maintenance. The default is MIGRATE.
The --maintenance-policy flag is now deprecated. Please use --on-host-maintenance instead. MAINTENANCE_POLICY must be one of:

MIGRATE

The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.

TERMINATE

The instances should be terminated.

--on-host-maintenance=MAINTENANCE_POLICY

Specifies the behavior of the instances when their host machines undergo maintenance. The default is MIGRATE. MAINTENANCE_POLICY must be one of:

MIGRATE

The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.

TERMINATE

The instances should be terminated.

Sole Tenancy At most one of these may be specified:

--node=NODE

The name of the node to schedule this instance on.

--node-affinity-file=NODE_AFFINITY_FILE

The JSON/YAML file containing the configuration of desired nodes onto which this instance could be scheduled. These rules filter the nodes according to their node affinity labels. A node's affinity labels come from the node template of the group the node is in.
The file should contain a list of a JSON/YAML objects with the following fields:

key

Corresponds to the node affinity label keys of the Node resource.

operator

Specifies the node selection type. Must be one of: IN: Requires Compute Engine to seek for matched nodes. NOT_IN: Requires Compute Engine to avoid certain nodes.

values

Optional. A list of values which correspond to the node affinity label values of the Node resource.

--node-group=NODE_GROUP

The name of the node group to schedule this instance on.

At most one of these may be specified:

--public-dns

Assigns a public DNS name to the instance.

--no-public-dns

If provided, the instance will not be assigned a public DNS name.

At most one of these may be specified:

--public-ptr

Creates a DNS PTR record for the external IP of the instance.

--no-public-ptr

If provided, no DNS PTR record is created for the external IP of the instance. Mutually exclusive with public-ptr-domain.

At most one of these may be specified:

--public-ptr-domain=PUBLIC_PTR_DOMAIN

Assigns a custom PTR domain for the external IP of the instance. Mutually exclusive with no-public-ptr.

--no-public-ptr-domain

If both this flag and --public-ptr are specified, creates a DNS PTR record for the external IP of the instance with the PTR domain name being the DNS name of the instance.

At most one of these may be specified:

--scopes=[SCOPE,...]

If not provided, the instance will be assigned the default scopes, described below. However, if neither --scopes nor --no-scopes are specified and the project has no default service account, then the instance will be created with no scopes.
SCOPE can be either the full URI of the scope or an alias. default scopes are assigned to all instances. Available aliases are:

Alias	URI
bigquery	www.googleapis.com/auth/bigquery
cloud-platform	www.googleapis.com/auth/cloud-platform
cloud-source-repos	www.googleapis.com/auth/source.full_control
cloud-source-repos-ro	www.googleapis.com/auth/source.read_only
compute-ro	www.googleapis.com/auth/compute.readonly
compute-rw	www.googleapis.com/auth/compute
datastore	www.googleapis.com/auth/datastore
default	www.googleapis.com/auth/devstorage.read_only
	www.googleapis.com/auth/logging.write
	www.googleapis.com/auth/monitoring.write
	www.googleapis.com/auth/pubsub
	www.googleapis.com/auth/service.management.readonly
	www.googleapis.com/auth/servicecontrol
	www.googleapis.com/auth/trace.append
gke-default	www.googleapis.com/auth/devstorage.read_only
	www.googleapis.com/auth/logging.write
	www.googleapis.com/auth/monitoring
	www.googleapis.com/auth/service.management.readonly
	www.googleapis.com/auth/servicecontrol
	www.googleapis.com/auth/trace.append
logging-write	www.googleapis.com/auth/logging.write
monitoring	www.googleapis.com/auth/monitoring
monitoring-write	www.googleapis.com/auth/monitoring.write
pubsub	www.googleapis.com/auth/pubsub
service-control	www.googleapis.com/auth/servicecontrol
service-management	www.googleapis.com/auth/service.management.readonly
sql (deprecated)	www.googleapis.com/auth/sqlservice
sql-admin	www.googleapis.com/auth/sqlservice.admin
storage-full	www.googleapis.com/auth/devstorage.full_control
storage-ro	www.googleapis.com/auth/devstorage.read_only
storage-rw	www.googleapis.com/auth/devstorage.read_write
taskqueue	www.googleapis.com/auth/taskqueue
trace	www.googleapis.com/auth/trace.append
userinfo-email	www.googleapis.com/auth/userinfo.email

DEPRECATION WARNING: www.googleapis.com/auth/sqlservice account scope and sql alias do not provide SQL instance management capabilities and have been deprecated. Please, use www.googleapis.com/auth/sqlservice.admin or sql-admin to manage your Google SQL Service instances.

--no-scopes

Create instance without scopes

At most one of these may be specified:

--service-account=SERVICE_ACCOUNT

A service account is an identity attached to the instance. Its access tokens can be accessed through the instance metadata server and are used to authenticate applications on the instance. The account can be set using an email address corresponding to the required service account. You can explicitly specify the Compute Engine default service account using the 'default' alias.
If not provided, the instance will get project's default service account.

--no-service-account

Create instance without service account

Shielded Instance Integrity Monitoring. At most one of these may be specified:

--shielded-integrity-monitoring

Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using --shielded-vm-learn-integrity-policy.

--shielded-vm-integrity-monitoring

(DEPRECATED) Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using --shielded-vm-learn-integrity-policy.
The --shielded-vm-integrity-monitoring flag is now deprecated. Please use --shielded-integrity-monitoring instead.

Shielded Instance Secure Boot. At most one of these may be specified:

--shielded-secure-boot

The instance will boot with secure boot enabled.

--shielded-vm-secure-boot

(DEPRECATED) The instance will boot with secure boot enabled.
The --shielded-vm-secure-boot flag is now deprecated. Please use --shielded-secure-boot instead.

Shielded Instance vTPM. At most one of these may be specified:

--shielded-vm-vtpm

(DEPRECATED) The instance will boot with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption and sealing of keys.
The --shielded-vm-vtpm flag is now deprecated. Please use --shielded-vtpm instead.

--shielded-vtpm

The instance will boot with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption and sealing of keys.

GCLOUD WIDE FLAGS

EXAMPLES

$ gcloud alpha compute instances create example-instance \
    --image-family rhel-7 --image-project rhel-cloud \
    --zone us-central1-a

NOTES

$ gcloud compute instances create $ gcloud beta compute instances create