Create an instance from a custom image

This document explains how to create a Compute Engine instance from a custom image that exists only in your project.

An instance contains a bootloader, a boot file system, and an OS image. You can create custom images from source disks, images, snapshots, or images stored in Cloud Storage and use these images to create instances. By default, a custom image belongs only to the project in which it was created.

Before you begin

  • When creating instances from images by using the Google Cloud CLI or the Compute Engine API, there's a limit of 20 instances per second. If you need to create a higher number of instances per second, request a quota adjustment for the Images resource.
  • If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

      1. After installing the Google Cloud CLI, initialize it by running the following command: 

        gcloud init

        If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

      2. Set a default region and zone.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      After installing the Google Cloud CLI, initialize it by running the following command: 

      gcloud init

      If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

    For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Required roles

To get the permissions that you need to create an instance from a custom image, ask your administrator to grant you the Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to create an instance from a custom image. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to create an instance from a custom image:

  • compute.instances.create on the project
  • To use a custom image to create the instance: compute.images.useReadOnly on the image

You might also be able to get these permissions with custom roles or other predefined roles.

Create an instance from a custom image

If you don't already have a custom image, you must first create a custom image.

To create an instance from a custom image, follow these steps:

Console

  1. In the Google Cloud console, go to the Create an instance page.

    Go to Create an instance

    If prompted, select your project and click Continue.

    The Create an instance page appears and displays the Machine configuration pane.

  2. In the Machine configuration pane, do the following:

    1. In the Name field, specify a name for your instance. For more information, see Resource naming convention.

    2. Optional: In the Zone field, select a zone for this instance.

      The default selection is Any. If you don't change this default selection, then Google automatically chooses a zone for you based on machine type and availability.

    3. Select the machine family for your instance. The Google Cloud console then displays the machine series that are available for your selected machine family. The following machine family options are available:

      • General purpose
      • Compute optimized
      • Memory optimized
      • Storage optimized
      • GPUs

    4. In the Series column, select the machine series for your instance.

      If you selected GPUs as the machine family in the previous step, then select the GPU type that you want. The machine series is then automatically selected for the selected GPU type.

    5. In the Machine type section, select the machine type for your instance.

  3. In the navigation menu, click OS and storage. In the Operating system and storage pane that appears, configure your boot disk by doing the following:

    1. Click Change. The Boot disk pane appears and displays the Public images tab.
    2. Click Custom images. The Custom images tab appears.
    3. To select the image project, click Change, and then select the project that contains the image.
    4. In the Image list, select the image that you want to import.
    5. In the Boot disk type list, select the type of the boot disk.
    6. In the Size (GB) field, specify the size of the boot disk.
    7. Optional: For Hyperdisk Balanced boot disks, specify values for the Provisioned IOPS and Provisioned throughput fields.
    8. Optional: For advanced configuration options, expand the Show advanced configurations section.
    9. To confirm your boot disk options and return to the Operating system and storage pane, click Select.

  4. In the navigation menu, click Networking. In the Networking pane that appears, do the following:

    1. Go to the Firewall section.

    2. To permit HTTP or HTTPS traffic to the instance, select Allow HTTP traffic or Allow HTTPS traffic.

      The Compute Engine adds a network tag to your instance and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the instance. For more information, see Firewall rules overview in the Cloud Next Generation Firewall documentation.

  5. Optional: Specify other configuration options. For more information, see Configuration options during instance creation.

  6. To create and start the instance, click Create.

gcloud

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. Run the gcloud compute instances create command to create an instance with a custom image:

     gcloud compute instances create VM_NAME \ --image-project IMAGE_PROJECT \ IMAGE_FLAG \ --subnet SUBNET

    Replace the following:

    • VM_NAME: the name of the VM
    • IMAGE_PROJECT: the ID of the Google Cloud project that contains the image
    • IMAGE_FLAG: specify one of the following:
      • Use the --image IMAGE_NAME flag to specify a custom image.

        For example, --image my-debian-image-v2.

      • If you created your custom images as part of a custom image family, use the --image-family IMAGE_FAMILY_NAME flag to specify that custom image family.

        This creates the VM from the most recent, non-deprecated OS image and OS version in your custom image family. For example, if you specify --image-family my-debian-family, Compute Engine creates a VM from the latest OS image in your custom my-debian-family image family.

    • SUBNET: if the subnet and instance are in the same project, replace SUBNET with the name of a subnet that is in the same region as the instance.

Terraform

To generate the Terraform code, you can use the Equivalent code component in the Google Cloud console.
  1. In the Google Cloud console, go to the VM instances page.

    Go to VM Instances

  2. Click Create instance.
  3. Specify the parameters you want.
  4. At the top or bottom of the page, click Equivalent code, and then click the Terraform tab to view the Terraform code.

Go

Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Go API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

import ( "context" "fmt" "io" compute "cloud.google.com/go/compute/apiv1" computepb "cloud.google.com/go/compute/apiv1/computepb" "google.golang.org/protobuf/proto" ) // createInstanceFromCustomImage creates a new VM instance with custom image used as its boot disk. func createInstanceFromCustomImage(w io.Writer, projectID, zone, instanceName, customImageLink string) error { // projectID := "your_project_id" // zone := "europe-central2-b" // instanceName := "your_instance_name" // customImageLink := "projects/project_name/global/images/image_name" ctx := context.Background() instancesClient, err := compute.NewInstancesRESTClient(ctx) if err != nil { return fmt.Errorf("NewInstancesRESTClient: %w", err) } defer instancesClient.Close() req := &computepb.InsertInstanceRequest{ Project: projectID, Zone: zone, InstanceResource: &computepb.Instance{ Name: proto.String(instanceName), Disks: []*computepb.AttachedDisk{ { InitializeParams: &computepb.AttachedDiskInitializeParams{ DiskSizeGb: proto.Int64(10), SourceImage: proto.String(customImageLink), DiskType: proto.String(fmt.Sprintf("zones/%s/diskTypes/pd-standard", zone)), }, AutoDelete: proto.Bool(true), Boot: proto.Bool(true), Type: proto.String(computepb.AttachedDisk_PERSISTENT.String()), }, }, MachineType: proto.String(fmt.Sprintf("zones/%s/machineTypes/n1-standard-1", zone)), NetworkInterfaces: []*computepb.NetworkInterface{ { Name: proto.String("global/networks/default"), }, }, }, } op, err := instancesClient.Insert(ctx, req) if err != nil { return fmt.Errorf("unable to create instance: %w", err) } if err = op.Wait(ctx); err != nil { return fmt.Errorf("unable to wait for the operation: %w", err) } fmt.Fprintf(w, "Instance created\n") return nil }

Java

Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Java API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

 import com.google.api.gax.longrunning.OperationFuture; import com.google.cloud.compute.v1.AttachedDisk; import com.google.cloud.compute.v1.AttachedDisk.Type; import com.google.cloud.compute.v1.AttachedDiskInitializeParams; import com.google.cloud.compute.v1.Image; import com.google.cloud.compute.v1.ImagesClient; import com.google.cloud.compute.v1.InsertInstanceRequest; import com.google.cloud.compute.v1.Instance; import com.google.cloud.compute.v1.InstancesClient; import com.google.cloud.compute.v1.NetworkInterface; import com.google.cloud.compute.v1.Operation; import java.io.IOException; import java.util.Vector; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; public class CreateInstancesAdvanced {  /**  * Create an AttachedDisk object to be used in VM instance creation. Uses an image as the source  * for the new disk.  *  * @param diskType the type of disk you want to create. This value uses the following format:  * "zones/{zone}/diskTypes/(pd-standard|pd-ssd|pd-balanced|pd-extreme)". For example:  * "zones/us-west3-b/diskTypes/pd-ssd"  * @param diskSizeGb size of the new disk in gigabytes  * @param boot boolean flag indicating whether this disk should be used as a boot disk of an  * instance  * @param sourceImage source image to use when creating this disk. You must have read access to  * this disk. This can be one of the publicly available images or an image from one of your  * projects. This value uses the following format:  * "projects/{project_name}/global/images/{image_name}"  * @return AttachedDisk object configured to be created using the specified image.  */  private static AttachedDisk diskFromImage(String diskType, int diskSizeGb, boolean boot,  String sourceImage) {  AttachedDisk disk =  AttachedDisk.newBuilder()  .setBoot(boot)  // Remember to set auto_delete to True if you want the disk to be deleted when  // you delete your VM instance.  .setAutoDelete(true)  .setType(Type.PERSISTENT.toString())  .setInitializeParams(  AttachedDiskInitializeParams.newBuilder()  .setSourceImage(sourceImage)  .setDiskSizeGb(diskSizeGb)  .setDiskType(diskType)  .build())  .build();  return disk;  }  /**  * Send an instance creation request to the Compute Engine API and wait for it to complete.  *  * @param project project ID or project number of the Cloud project you want to use.  * @param zone name of the zone to create the instance in. For example: "us-west3-b"  * @param instanceName name of the new virtual machine (VM) instance.  * @param disks a list of compute_v1.AttachedDisk objects describing the disks you want to attach  * to your new instance.  * @param machineType machine type of the VM being created. This value uses the following format:  * "zones/{zone}/machineTypes/{type_name}".  * For example: "zones/europe-west3-c/machineTypes/f1-micro"  * @param network name of the network you want the new instance to use. For example:  * "global/networks/default" represents the network named "default", which is created  * automatically for each project.  * @param subnetwork name of the subnetwork you want the new instance to use. This value uses the  * following format: "regions/{region}/subnetworks/{subnetwork_name}"  * @return Instance object.  */  private static Instance createWithDisks(String project, String zone, String instanceName,  Vector<AttachedDisk> disks, String machineType, String network, String subnetwork)  throws IOException, InterruptedException, ExecutionException, TimeoutException {  try (InstancesClient instancesClient = InstancesClient.create()) {  // Use the network interface provided in the networkName argument.  NetworkInterface networkInterface;  if (subnetwork != null) {  networkInterface = NetworkInterface.newBuilder()  .setName(network).setSubnetwork(subnetwork)  .build();  } else {  networkInterface = NetworkInterface.newBuilder()  .setName(network).build();  }  machineType = String.format("zones/%s/machineTypes/%s", zone, machineType);  // Bind `instanceName`, `machineType`, `disk`, and `networkInterface` to an instance.  Instance instanceResource =  Instance.newBuilder()  .setName(instanceName)  .setMachineType(machineType)  .addAllDisks(disks)  .addNetworkInterfaces(networkInterface)  .build();  System.out.printf("Creating instance: %s at %s ", instanceName, zone);  // Insert the instance in the specified project and zone.  InsertInstanceRequest insertInstanceRequest = InsertInstanceRequest.newBuilder()  .setProject(project)  .setZone(zone)  .setInstanceResource(instanceResource).build();  OperationFuture<Operation, Operation> operation = instancesClient.insertAsync(  insertInstanceRequest);  // Wait for the operation to complete.  Operation response = operation.get(3, TimeUnit.MINUTES);  if (response.hasError()) {  System.out.println("Instance creation failed ! ! " + response);  return null;  }  System.out.println("Operation Status: " + response.getStatus());  return instancesClient.get(project, zone, instanceName);  }  }  /**  * Create a new VM instance with custom image used as its boot disk.  *  * @param project project ID or project number of the Cloud project you want to use.  * @param zone name of the zone to create the instance in. For example: "us-west3-b"  * @param instanceName name of the new virtual machine (VM) instance.  * @param customImage link to the custom image you want to use in the form of:  * "projects/{project_name}/global/images/{image_name}"  * @return Instance object.  */  public static Instance createFromCustomImage(String project, String zone, String instanceName,  String customImage)  throws IOException, InterruptedException, ExecutionException, TimeoutException {  String diskType = String.format("zones/%s/diskTypes/pd-standard", zone);  Vector<AttachedDisk> disks = new Vector<>();  disks.add(diskFromImage(diskType, 10, true, customImage));  return createWithDisks(project, zone, instanceName, disks, "n1-standard-1",  "global/networks/default", null);  }

Node.js

Before trying this sample, follow the Node.js setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Node.js API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

/**  * TODO(developer): Uncomment and replace these variables before running the sample.  */ // const projectId = 'YOUR_PROJECT_ID'; // const zone = 'europe-central2-b'; // const instanceName = 'YOUR_INSTANCE_NAME'; // const customImageLink = 'projects/YOUR_PROJECT/global/images/YOUR_IMAGE_NAME'; const compute = require('@google-cloud/compute'); // Creates a new VM instance with custom image used as its boot disk. async function createInstanceFromCustomImage() {  const instancesClient = new compute.InstancesClient();  const [response] = await instancesClient.insert({  project: projectId,  zone,  instanceResource: {  name: instanceName,  disks: [  {  initializeParams: {  diskSizeGb: '10',  sourceImage: customImageLink,  diskType: `zones/${zone}/diskTypes/pd-standard`,  },  autoDelete: true,  boot: true,  type: 'PERSISTENT',  },  ],  machineType: `zones/${zone}/machineTypes/n1-standard-1`,  networkInterfaces: [  {  name: 'global/networks/default',  },  ],  },  });  let operation = response.latestResponse;  const operationsClient = new compute.ZoneOperationsClient();  // Wait for the create operation to complete.  while (operation.status !== 'DONE') {  [operation] = await operationsClient.wait({  operation: operation.name,  project: projectId,  zone: operation.zone.split('/').pop(),  });  }  console.log('Instance created.'); } createInstanceFromCustomImage();

Python

Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries. For more information, see the Compute Engine Python API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

from __future__ import annotations import re import sys from typing import Any import warnings from google.api_core.extended_operation import ExtendedOperation from google.cloud import compute_v1 def get_image_from_family(project: str, family: str) -> compute_v1.Image:  """  Retrieve the newest image that is part of a given family in a project.  Args:  project: project ID or project number of the Cloud project you want to get image from.  family: name of the image family you want to get image from.  Returns:  An Image object.  """ image_client = compute_v1.ImagesClient() # List of public operating system (OS) images: https://cloud.google.com/compute/docs/images/os-details newest_image = image_client.get_from_family(project=project, family=family) return newest_image def disk_from_image( disk_type: str, disk_size_gb: int, boot: bool, source_image: str, auto_delete: bool = True, ) -> compute_v1.AttachedDisk:  """  Create an AttachedDisk object to be used in VM instance creation. Uses an image as the  source for the new disk.  Args:  disk_type: the type of disk you want to create. This value uses the following format:  "zones/{zone}/diskTypes/(pd-standard|pd-ssd|pd-balanced|pd-extreme)".  For example: "zones/us-west3-b/diskTypes/pd-ssd"  disk_size_gb: size of the new disk in gigabytes  boot: boolean flag indicating whether this disk should be used as a boot disk of an instance  source_image: source image to use when creating this disk. You must have read access to this disk. This can be one  of the publicly available images or an image from one of your projects.  This value uses the following format: "projects/{project_name}/global/images/{image_name}"  auto_delete: boolean flag indicating whether this disk should be deleted with the VM that uses it  Returns:  AttachedDisk object configured to be created using the specified image.  """ boot_disk = compute_v1.AttachedDisk() initialize_params = compute_v1.AttachedDiskInitializeParams() initialize_params.source_image = source_image initialize_params.disk_size_gb = disk_size_gb initialize_params.disk_type = disk_type boot_disk.initialize_params = initialize_params # Remember to set auto_delete to True if you want the disk to be deleted when you delete # your VM instance. boot_disk.auto_delete = auto_delete boot_disk.boot = boot return boot_disk def wait_for_extended_operation( operation: ExtendedOperation, verbose_name: str = "operation", timeout: int = 300 ) -> Any:  """  Waits for the extended (long-running) operation to complete.  If the operation is successful, it will return its result.  If the operation ends with an error, an exception will be raised.  If there were any warnings during the execution of the operation  they will be printed to sys.stderr.  Args:  operation: a long-running operation you want to wait on.  verbose_name: (optional) a more verbose name of the operation,  used only during error and warning reporting.  timeout: how long (in seconds) to wait for operation to finish.  If None, wait indefinitely.  Returns:  Whatever the operation.result() returns.  Raises:  This method will raise the exception received from `operation.exception()`  or RuntimeError if there is no exception set, but there is an `error_code`  set for the `operation`.  In case of an operation taking longer than `timeout` seconds to complete,  a `concurrent.futures.TimeoutError` will be raised.  """ result = operation.result(timeout=timeout) if operation.error_code: print( f"Error during {verbose_name}: [Code: {operation.error_code}]: {operation.error_message}", file=sys.stderr, flush=True, ) print(f"Operation ID: {operation.name}", file=sys.stderr, flush=True) raise operation.exception() or RuntimeError(operation.error_message) if operation.warnings: print(f"Warnings during {verbose_name}:\n", file=sys.stderr, flush=True) for warning in operation.warnings: print(f" - {warning.code}: {warning.message}", file=sys.stderr, flush=True) return result def create_instance( project_id: str, zone: str, instance_name: str, disks: list[compute_v1.AttachedDisk], machine_type: str = "n1-standard-1", network_link: str = "global/networks/default", subnetwork_link: str = None, internal_ip: str = None, external_access: bool = False, external_ipv4: str = None, accelerators: list[compute_v1.AcceleratorConfig] = None, preemptible: bool = False, spot: bool = False, instance_termination_action: str = "STOP", custom_hostname: str = None, delete_protection: bool = False, ) -> compute_v1.Instance:  """  Send an instance creation request to the Compute Engine API and wait for it to complete.  Args:  project_id: project ID or project number of the Cloud project you want to use.  zone: name of the zone to create the instance in. For example: "us-west3-b"  instance_name: name of the new virtual machine (VM) instance.  disks: a list of compute_v1.AttachedDisk objects describing the disks  you want to attach to your new instance.  machine_type: machine type of the VM being created. This value uses the  following format: "zones/{zone}/machineTypes/{type_name}".  For example: "zones/europe-west3-c/machineTypes/f1-micro"  network_link: name of the network you want the new instance to use.  For example: "global/networks/default" represents the network  named "default", which is created automatically for each project.  subnetwork_link: name of the subnetwork you want the new instance to use.  This value uses the following format:  "regions/{region}/subnetworks/{subnetwork_name}"  internal_ip: internal IP address you want to assign to the new instance.  By default, a free address from the pool of available internal IP addresses of  used subnet will be used.  external_access: boolean flag indicating if the instance should have an external IPv4  address assigned.  external_ipv4: external IPv4 address to be assigned to this instance. If you specify  an external IP address, it must live in the same region as the zone of the instance.  This setting requires `external_access` to be set to True to work.  accelerators: a list of AcceleratorConfig objects describing the accelerators that will  be attached to the new instance.  preemptible: boolean value indicating if the new instance should be preemptible  or not. Preemptible VMs have been deprecated and you should now use Spot VMs.  spot: boolean value indicating if the new instance should be a Spot VM or not.  instance_termination_action: What action should be taken once a Spot VM is terminated.  Possible values: "STOP", "DELETE"  custom_hostname: Custom hostname of the new VM instance.  Custom hostnames must conform to RFC 1035 requirements for valid hostnames.  delete_protection: boolean value indicating if the new virtual machine should be  protected against deletion or not.  Returns:  Instance object.  """ instance_client = compute_v1.InstancesClient() # Use the network interface provided in the network_link argument. network_interface = compute_v1.NetworkInterface() network_interface.network = network_link if subnetwork_link: network_interface.subnetwork = subnetwork_link if internal_ip: network_interface.network_i_p = internal_ip if external_access: access = compute_v1.AccessConfig() access.type_ = compute_v1.AccessConfig.Type.ONE_TO_ONE_NAT.name access.name = "External NAT" access.network_tier = access.NetworkTier.PREMIUM.name if external_ipv4: access.nat_i_p = external_ipv4 network_interface.access_configs = [access] # Collect information into the Instance object. instance = compute_v1.Instance() instance.network_interfaces = [network_interface] instance.name = instance_name instance.disks = disks if re.match(r"^zones/[a-z\d\-]+/machineTypes/[a-z\d\-]+$", machine_type): instance.machine_type = machine_type else: instance.machine_type = f"zones/{zone}/machineTypes/{machine_type}" instance.scheduling = compute_v1.Scheduling() if accelerators: instance.guest_accelerators = accelerators instance.scheduling.on_host_maintenance = ( compute_v1.Scheduling.OnHostMaintenance.TERMINATE.name ) if preemptible: # Set the preemptible setting warnings.warn( "Preemptible VMs are being replaced by Spot VMs.", DeprecationWarning ) instance.scheduling = compute_v1.Scheduling() instance.scheduling.preemptible = True if spot: # Set the Spot VM setting instance.scheduling.provisioning_model = ( compute_v1.Scheduling.ProvisioningModel.SPOT.name ) instance.scheduling.instance_termination_action = instance_termination_action if custom_hostname is not None: # Set the custom hostname for the instance instance.hostname = custom_hostname if delete_protection: # Set the delete protection bit instance.deletion_protection = True # Prepare the request to insert an instance. request = compute_v1.InsertInstanceRequest() request.zone = zone request.project = project_id request.instance_resource = instance # Wait for the create operation to complete. print(f"Creating the {instance_name} instance in {zone}...") operation = instance_client.insert(request=request) wait_for_extended_operation(operation, "instance creation") print(f"Instance {instance_name} created.") return instance_client.get(project=project_id, zone=zone, instance=instance_name) def create_from_custom_image( project_id: str, zone: str, instance_name: str, custom_image_link: str ) -> compute_v1.Instance:  """  Create a new VM instance with custom image used as its boot disk.  Args:  project_id: project ID or project number of the Cloud project you want to use.  zone: name of the zone to create the instance in. For example: "us-west3-b"  instance_name: name of the new virtual machine (VM) instance.  custom_image_link: link to the custom image you want to use in the form of:  "projects/{project_name}/global/images/{image_name}"  Returns:  Instance object.  """ disk_type = f"zones/{zone}/diskTypes/pd-standard" disks = [disk_from_image(disk_type, 10, True, custom_image_link, True)] instance = create_instance(project_id, zone, instance_name, disks) return instance

REST

The process for creating an instance with a custom image in the API is the same as if you were creating an instance with a publicly available image.

To create the instance from a custom image, use the instances.insert method.

 POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances { "machineType":"zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE", "name":"VM_NAME", "disks":[ { "initializeParams":{ "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE" }, "boot":true } ], "networkInterfaces":[ { "network":"global/networks/NETWORK_NAME" } ], "shieldedInstanceConfig":{ "enableSecureBoot":"ENABLE_SECURE_BOOT" } }

Replace the following:

  • PROJECT_ID: ID of the project to create the VM in
  • ZONE: zone to create the VM in
  • MACHINE_TYPE_ZONE: zone containing the machine type to use for the new VM
  • MACHINE_TYPE: machine type, predefined or custom, for the new VM
  • VM_NAME: name of the new VM
  • IMAGE_PROJECT: name of the project that contains the custom image
  • IMAGE: specify one of the following:
    • IMAGE: name of your custom image. For example, "sourceImage": "projects/my-project-1234/global/images/my-debian-image-v2".
    • IMAGE_FAMILY: if you created your custom images as part of a custom image family, specify that custom image family.

      This creates the VM from the most recent, non-deprecated OS image in your custom image family. For example, if you specify "sourceImage": "projects/my-project-1234/global/images/family/my-debian-family", Compute Engine creates a VM from the latest version of the OS image in the custom my-debian-family image family.

  • NETWORK_NAME: the VPC network that you want to use for the VM. You can specify default to use your default network.

  • ENABLE_SECURE_BOOT: Optional: If you chose an image that supports Shielded VM features, Compute Engine, by default, enables the virtual trusted platform module (vTPM) and integrity monitoring. Compute Engine does not enable Secure Boot by default.

    If you specify true for enableSecureBoot, Compute Engine creates a VM with all three Shielded VM features enabled. After Compute Engine starts your VM, to modify Shielded VM options, you must stop the VM.

What's next