gcloud compute instances create <INSTANCE_NAMES...>

Create Compute Engine virtual machine instances

Arguments

NameDescription
INSTANCE_NAMESNames of the instances to create. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances

Options

NameDescription
--accelerator <ACCELERATOR>Attaches accelerators (e.g. GPUs) to the instances. + *type*::: The specific type (e.g. nvidia-tesla-k80 for nVidia Tesla K80) of accelerator to attach to the instances. Use 'gcloud compute accelerator-types list' to learn about all available accelerator types. + *count*::: Number of accelerators to attach to each instance. The default value is 1
--account <ACCOUNT>Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation
--address <ADDRESS>Assigns the given external address to the instance that is created. The address may be an IP address or the name or URI of an address resource. This option can only be used when creating a single instance
--asyncReturn immediately, without waiting for the operation in progress to complete
--billing-project <BILLING_PROJECT>The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project`
--boot-disk-auto-deleteAutomatically delete boot disks when their instances are deleted. Enabled by default, use *--no-boot-disk-auto-delete* to disable
--boot-disk-device-name <BOOT_DISK_DEVICE_NAME>The name the guest operating system will see for the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk)
--boot-disk-kms-key <BOOT_DISK_KMS_KEY>ID of the key or fully qualified identifier for the key
--boot-disk-kms-keyring <BOOT_DISK_KMS_KEYRING>The KMS keyring of the key
--boot-disk-kms-location <BOOT_DISK_KMS_LOCATION>The Cloud location for the key
--boot-disk-kms-project <BOOT_DISK_KMS_PROJECT>The Cloud project for the key
--boot-disk-size <BOOT_DISK_SIZE>The size of the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk). The value must be a whole number followed by a size unit of ``KB'' for kilobyte, ``MB'' for megabyte, ``GB'' for gigabyte, or ``TB'' for terabyte. For example, ``10GB'' will produce a 10 gigabyte disk. The minimum size a boot disk can have is 10 GB. Disk size must be a multiple of 1 GB. Limit boot disk size to 2 TB to account for MBR partition table limitations. Default size unit is ``GB''
--boot-disk-type <BOOT_DISK_TYPE>The type of the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk). To get a list of available disk types, run `$ gcloud compute disk-types list`
--can-ip-forwardIf provided, allows the instances to send and receive packets with non-matching destination or source IP addresses
--confidential-computeThe instance will boot with Confidential Computing enabled. Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMD virtualization feature for running confidential instances
--configuration <CONFIGURATION>The configuration to use for this command invocation. For more information on how to use configurations, run: `gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment variable to set the equivalent of this flag for a terminal session
--create-disk <PROPERTY=VALUE>Creates and attaches persistent disks to the instances. + *name*::: Specifies the name of the disk. This option cannot be specified if more than one instance is being created. + *description*::: Optional textual description for the disk being created. + *mode*::: Specifies the mode of the disk. Supported options are ``ro'' for read-only and ``rw'' for read-write. If omitted, ``rw'' is used as a default. + *image*::: Specifies the name of the image that the disk will be initialized with. A new disk will be created based on the given image. To view a list of public images and projects, run `$ gcloud compute images list`. It is best practice to use image when a specific version of an image is needed. If both image and image-family flags are omitted a blank disk will be created. + *image-family*::: The image family for the operating system that the boot disk will be initialized with. Compute Engine offers multiple Linux distributions, some of which are available as both regular and Shielded VM images. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use --image-family when the latest version of an image is needed. + *image-project*::: The Google Cloud project against which all image and image family references will be resolved. It is best practice to define image-project. A full list of available projects can be generated by running `gcloud projects list`. + * If specifying one of our public images, image-project must be provided. * If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used. * If not specified and either image or image-family is provided, the current default project is used. + *size*::: The size of the disk. The value must be a whole number followed by a size unit of ``KB'' for kilobyte, ``MB'' for megabyte, ``GB'' for gigabyte, or ``TB'' for terabyte. For example, ``10GB'' will produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. If not specified, the default image size will be used for the new disk. + *type*::: The type of the disk. To get a list of available disk types, run $ gcloud compute disk-types list. The default disk type is ``pd-standard''. + *device-name*::: An optional name that indicates the disk name the guest operating system will see. If omitted, a device name of the form `persistent-disk-N` will be used. + *auto-delete*::: If ``yes'', this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is later detached from the instance, this option won't apply. The default value for this is ``yes''. + *boot*::: If ``yes'', indicates that this is a boot disk. The instance will use the first partition of the disk for its root file system. The default value for this is ``no''. + *kms-key*::: Fully qualified Cloud KMS cryptokey name that will protect the disk. + This can either be the fully qualified path or the name. + The fully qualified Cloud KMS cryptokey name format is: ``projects/<kms-project>/locations/<kms-location>/keyRings/<kms-keyring>/ cryptoKeys/<key-name>''. + If the value is not fully qualified then kms-location, kms-keyring, and optionally kms-project are required. + See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. + *kms-project*::: Project that contains the Cloud KMS cryptokey that will protect the disk. + If the project is not specified then the project where the disk is being created will be used. + If this flag is set then key-location, kms-keyring, and kms-key are required. + See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. + *kms-location*::: Location of the Cloud KMS cryptokey to be used for protecting the disk. + All Cloud KMS cryptokeys are reside in a 'location'. To get a list of possible locations run 'gcloud kms locations list'. If this flag is set then kms-keyring and kms-key are required. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. + *kms-keyring*::: The keyring which contains the Cloud KMS cryptokey that will protect the disk. + If this flag is set then kms-location and kms-key are required. + See https://cloud.google.com/compute/docs/disks/customer-managed-encryption for more details. + *source-snapshot*::: The source disk snapshot that will be used to create the disk. You can provide this as a full URL to the snapshot or just the snapshot name. For example, the following are valid values: + * https://compute.googleapis.com/compute/v1/projects/myproject/global/snapshots/snapshot * snapshot
--csek-key-file <FILE>Path to a Customer-Supplied Encryption Key (CSEK) key file that maps Compute Engine resources to user managed keys to be used when creating, mounting, or taking snapshots of disks. + If you pass `-` as value of the flag, the CSEK is read from stdin. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details
--custom-cpu <CUSTOM_CPU>A whole number value indicating how many cores are desired in the custom machine type
--custom-extensionsUse the extended custom machine type
--custom-memory <CUSTOM_MEMORY>A whole number value indicating how much memory is desired in the custom machine type. A size unit should be provided (eg. 3072MB or 9GB) - if no units are specified, GB is assumed
--custom-vm-type <CUSTOM_VM_TYPE>Specifies VM type. n1 - VMs with CPU platforms Skylake and older, n2 - VMs with CPU platform Cascade Lake. n2 offers flexible sizing from 2 to 80 vCPUs, and 1 to 640GBs of memory. It also features a number of performance enhancements including exposing a more accurate NUMA topology to the guest OS. The default is `n1`
--deletion-protectionEnables deletion protection for the instance
--description <DESCRIPTION>Specifies a textual description of the instances
--disk <DISK>Attaches persistent disks to the instances. The disks specified must already exist. + *name*::: The disk to attach to the instances. When creating more than one instance and using this property, the only valid mode for attaching the disk is read-only (see *mode* below). + *mode*::: Specifies the mode of the disk. Supported options are ``ro'' for read-only and ``rw'' for read-write. If omitted, ``rw'' is used as a default. It is an error for mode to be ``rw'' when creating more than one instance because read-write disks can only be attached to a single instance. + *boot*::: If ``yes'', indicates that this is a boot disk. The virtual machines will use the first partition of the disk for their root file systems. The default value for this is ``no''. + *device-name*::: An optional name that indicates the disk name the guest operating system will see. If omitted, a device name of the form `persistent-disk-N` will be used. + *auto-delete*::: If ``yes'', this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is later detached from the instance, this option won't apply. The default value for this is ``yes''. + *scope*::: Can be `zonal` or `regional`. If ``zonal'', the disk is interpreted as a zonal disk in the same zone as the instance (default). If ``regional'', the disk is interpreted as a regional disk in the same region as the instance. The default value for this is ``zonal''
--enable-display-deviceEnable a display device on VM instances. Disabled by default
--flags-file <YAML_FILE>A YAML or JSON file that specifies a *--flag*:*value* dictionary. Useful for specifying complex flag values with special characters that work with any command interpreter. Additionally, each *--flags-file* arg is replaced by its constituent flags. See $ gcloud topic flags-file for more information
--flatten <KEY>Flatten _name_[] output resource slices in _KEY_ into separate records for each item in each slice. Multiple keys and slices may be specified. This also flattens keys for *--format* and *--filter*. For example, *--flatten=abc.def* flattens *abc.def[].ghi* references to *abc.def.ghi*. A resource record containing *abc.def[]* with N elements will expand to N records in the flattened output. This flag interacts with other flags that are applied in this order: *--flatten*, *--sort-by*, *--filter*, *--limit*
--format <FORMAT>Set the format for printing command output resources. The default is a command-specific human-friendly output format. The supported formats are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats
--helpDisplay detailed help
--hostname <HOSTNAME>Specify the hostname of the instance to be created. The specified hostname must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS
--image <IMAGE>Specifies the boot image for the instances. For each instance, a new boot disk will be created from the given image. Each boot disk will have the same name as the instance. To view a list of public images and projects, run `$ gcloud compute images list`. It is best practice to use `--image` when a specific version of an image is needed. + When using this option, ``--boot-disk-device-name'' and ``--boot-disk-size'' can be used to override the boot disk's device name and size, respectively
--image-family <IMAGE_FAMILY>The image family for the operating system that the boot disk will be initialized with. Compute Engine offers multiple Linux distributions, some of which are available as both regular and Shielded VM images. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use `--image-family` when the latest version of an image is needed. + By default, ``debian-10'' is assumed for this flag
--image-project <IMAGE_PROJECT>The Google Cloud project against which all image and image family references will be resolved. It is best practice to define image-project. A full list of available projects can be generated by running `gcloud projects list`. * If specifying one of our public images, image-project must be provided. * If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used. * If not specified and either image or image-family is provided, the current default project is used
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL>For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation
--labels <KEY=VALUE>List of label KEY=VALUE pairs to add. + Keys must start with a lowercase character and contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers. Values must contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers
--local-ssd <LOCAL_SSD>Attaches a local SSD to the instances. + *device-name*::: Optional. A name that indicates the disk name the guest operating system will see. Can only be specified if `interface` is `SCSI`. If omitted, a device name of the form ``local-ssd-N'' will be used. + *interface*::: Optional. The kind of disk interface exposed to the VM for this SSD. Valid values are ``SCSI'' and ``NVME''. SCSI is the default and is supported by more guest operating systems. NVME may provide higher performance
--log-httpLog all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation
--machine-type <MACHINE_TYPE>Specifies the machine type used for the instances. To get a list of available machine types, run 'gcloud compute machine-types list'. If unspecified, the default type is n1-standard-1
--maintenance-policy <MAINTENANCE_POLICY>Specifies the behavior of the instances when their host machines undergo maintenance. The default is MIGRATE. _MAINTENANCE_POLICY_ must be one of: + *MIGRATE*::: The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event. *TERMINATE*::: The instances should be terminated. ::: +
--metadata <KEY=VALUE>Metadata to be made available to the guest operating system running on the instances. Each metadata entry is a key/value pair separated by an equals sign. Each metadata key must be unique and have a max of 128 bytes in length. Each value must have a max of 256 KB in length. Multiple arguments can be passed to this flag, e.g., ``--metadata key-1=value-1,key-2=value-2,key-3=value-3''. The combined total size for all metadata entries is 512 KB. + In images that have Compute Engine tools installed on them, such as the link:https://cloud.google.com/compute/docs/images[official images], the following metadata keys have special meanings: + *startup-script*::: Specifies a script that will be executed by the instances once they start running. For convenience, ``--metadata-from-file'' can be used to pull the value from a file. + *startup-script-url*::: Same as ``startup-script'' except that the script contents are pulled from a publicly-accessible location on the web
--metadata-from-file <KEY=LOCAL_FILE_PATH>Same as ``--metadata'' except that the value for the entry will be read from a local file. This is useful for values that are too large such as ``startup-script'' contents
--min-cpu-platform <PLATFORM>When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run: + $ gcloud compute zones describe ZONE --format="value(availableCpuPlatforms)" + Default setting is "AUTOMATIC". + CPU platform selection is available only in selected zones. + You can find more information on-line: [](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
--min-node-cpu <MIN_NODE_CPU>Minimum number of virtual CPUs this instance will consume when running on a sole-tenant node
--network <NETWORK>Specifies the network that the instances will be part of. If --subnet is also specified subnet must be a subnetwork of network specified by --network. If neither is specified, this defaults to the "default" network
--network-interface <PROPERTY=VALUE>Adds a network interface to the instance. Mutually exclusive with any of these flags: *--address*, *--network*, *--network-tier*, *--subnet*, *--private-network-ip*. This flag can be repeated to specify multiple network interfaces. + The following keys are allowed: *address*::: Assigns the given external address to the instance that is created. Specifying an empty string will assign an ephemeral IP. Mutually exclusive with no-address. If neither key is present the instance will get an ephemeral IP. + *network*::: Specifies the network that the interface will be part of. If subnet is also specified it must be subnetwork of this network. If neither is specified, this defaults to the "default" network. + *no-address*::: If specified the interface will have no external IP. Mutually exclusive with address. If neither key is present the instance will get an ephemeral IP. + *network-tier*::: Specifies the network tier of the interface. ``NETWORK_TIER'' must be one of: `PREMIUM`, `STANDARD`. The default value is `PREMIUM`. + *private-network-ip*::: Assigns the given RFC1918 IP address to the interface. + *subnet*::: Specifies the subnet that the interface will be part of. If network key is also specified this must be a subnetwork of the specified network. + *aliases*::: Specifies the IP alias ranges to allocate for this interface. If there are multiple IP alias ranges, they are separated by semicolons. + For example: + --aliases="10.128.1.0/24;range1:/32" + Each IP alias range consists of a range name and an IP range separated by a colon, or just the IP range. The range name is the name of the range within the network interface's subnet from which to allocate an IP alias range. If unspecified, it defaults to the primary IP range of the subnet. The IP range can be a CIDR range (e.g. `192.168.100.0/24`), a single IP address (e.g. `192.168.100.1`), or a netmask in CIDR format (e.g. `/24`). If the IP range is specified by CIDR range or single IP address, it must belong to the CIDR range specified by the range name on the subnet. If the IP range is specified by netmask, the IP allocator will pick an available range with the specified netmask and allocate it to this network interface
--network-tier <NETWORK_TIER>Specifies the network tier that will be used to configure the instance. ``NETWORK_TIER'' must be one of: `PREMIUM`, `STANDARD`. The default value is `PREMIUM`
--no-addressIf provided, the instances are not assigned external IP addresses. To pull container images, you must configure private Google access if using Container Registry or configure Cloud NAT for instances to access container images directly. For more information, see: * https://cloud.google.com/vpc/docs/configure-private-google-access * https://cloud.google.com/nat/docs/using-nat
--no-public-ptrIf provided, no DNS PTR record is created for the external IP of the instance. Mutually exclusive with public-ptr-domain
--no-public-ptr-domainIf both this flag and --public-ptr are specified, creates a DNS PTR record for the external IP of the instance with the PTR domain name being the DNS name of the instance
--no-scopesCreate instance without scopes
--no-service-accountCreate instance without service account
--node <NODE>The name of the node to schedule this instance on
--node-affinity-file <NODE_AFFINITY_FILE>The JSON/YAML file containing the configuration of desired nodes onto which this instance could be scheduled. These rules filter the nodes according to their node affinity labels. A node's affinity labels come from the node template of the group the node is in. + The file should contain a list of a JSON/YAML objects with the following fields: + *key*::: Corresponds to the node affinity label keys of the Node resource. *operator*::: Specifies the node selection type. Must be one of: `IN`: Requires Compute Engine to seek for matched nodes. `NOT_IN`: Requires Compute Engine to avoid certain nodes. *values*::: Optional. A list of values which correspond to the node affinity label values of the Node resource
--node-group <NODE_GROUP>The name of the node group to schedule this instance on
--preemptibleIf provided, instances will be preemptible and time-limited. Instances may be preempted to free up resources for standard VM instances, and will only be able to run for a limited amount of time. Preemptible instances can not be restarted and will not migrate
--private-ipv6-google-access-type <PRIVATE_IPV6_GOOGLE_ACCESS_TYPE>The private IPv6 Google access type for the VM. _PRIVATE_IPV6_GOOGLE_ACCESS_TYPE_ must be one of: *enable-bidirectional-access*, *enable-outbound-vm-access*, *inherit-subnetwork*
--private-network-ip <PRIVATE_NETWORK_IP>Specifies the RFC1918 IP to assign to the instance. The IP should be in the subnet or legacy network IP range
--project <PROJECT_ID>The Google Cloud Platform project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using `gcloud config list --format='text(core.project)'` and can be set using `gcloud config set project PROJECTID`. + `--project` and its fallback `core/project` property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use `--billing-project` or `billing/quota_project` property
--public-ptrCreates a DNS PTR record for the external IP of the instance
--public-ptr-domain <PUBLIC_PTR_DOMAIN>Assigns a custom PTR domain for the external IP of the instance. Mutually exclusive with no-public-ptr
--quietDisable all interactive prompts when running gcloud commands. If input is required, defaults will be used, or an error will be raised. Overrides the default core/disable_prompts property value for this command invocation. This is equivalent to setting the environment variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1
--require-csek-key-createRefuse to create resources not protected by a user managed key in the key file when --csek-key-file is given. This behavior is enabled by default to prevent incorrect gcloud invocations from accidentally creating resources with no user managed key. Disabling the check allows creation of some resources without a matching Customer-Supplied Encryption Key in the supplied --csek-key-file. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details. Enabled by default, use *--no-require-csek-key-create* to disable
--reservation <RESERVATION>The name of the reservation, required when `--reservation-affinity=specific`
--reservation-affinity <RESERVATION_AFFINITY>The type of reservation for the instance. _RESERVATION_AFFINITY_ must be one of: *any*, *none*, *specific*
--resource-policies <RESOURCE_POLICY>A list of resource policy names to be added to the instance. The policies must exist in the same region as the instance
--restart-on-failureThe instances will be restarted if they are terminated by Compute Engine. This does not affect terminations performed by the user. Enabled by default, use *--no-restart-on-failure* to disable
--scopes <SCOPE>If not provided, the instance will be assigned the default scopes, described below. However, if neither `--scopes` nor `--no-scopes` are specified and the project has no default service account, then the instance will be created with no scopes. Note that the level of access that a service account has is determined by a combination of access scopes and IAM roles so you must configure both access scopes and IAM roles for the service account to work properly. + SCOPE can be either the full URI of the scope or an alias. *default* scopes are assigned to all instances. Available aliases are: + Alias | URI --- | --- bigquery | https://www.googleapis.com/auth/bigquery cloud-platform | https://www.googleapis.com/auth/cloud-platform cloud-source-repos | https://www.googleapis.com/auth/source.full_control cloud-source-repos-ro | https://www.googleapis.com/auth/source.read_only compute-ro | https://www.googleapis.com/auth/compute.readonly compute-rw | https://www.googleapis.com/auth/compute datastore | https://www.googleapis.com/auth/datastore default | https://www.googleapis.com/auth/devstorage.read_only | https://www.googleapis.com/auth/logging.write | https://www.googleapis.com/auth/monitoring.write | https://www.googleapis.com/auth/pubsub | https://www.googleapis.com/auth/service.management.readonly | https://www.googleapis.com/auth/servicecontrol | https://www.googleapis.com/auth/trace.append gke-default | https://www.googleapis.com/auth/devstorage.read_only | https://www.googleapis.com/auth/logging.write | https://www.googleapis.com/auth/monitoring | https://www.googleapis.com/auth/service.management.readonly | https://www.googleapis.com/auth/servicecontrol | https://www.googleapis.com/auth/trace.append logging-write | https://www.googleapis.com/auth/logging.write monitoring | https://www.googleapis.com/auth/monitoring monitoring-read | https://www.googleapis.com/auth/monitoring.read monitoring-write | https://www.googleapis.com/auth/monitoring.write pubsub | https://www.googleapis.com/auth/pubsub service-control | https://www.googleapis.com/auth/servicecontrol service-management | https://www.googleapis.com/auth/service.management.readonly sql (deprecated) | https://www.googleapis.com/auth/sqlservice sql-admin | https://www.googleapis.com/auth/sqlservice.admin storage-full | https://www.googleapis.com/auth/devstorage.full_control storage-ro | https://www.googleapis.com/auth/devstorage.read_only storage-rw | https://www.googleapis.com/auth/devstorage.read_write taskqueue | https://www.googleapis.com/auth/taskqueue trace | https://www.googleapis.com/auth/trace.append userinfo-email | https://www.googleapis.com/auth/userinfo.email + DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope and `sql` alias do not provide SQL instance management capabilities and have been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin or `sql-admin` to manage your Google SQL Service instances. +
--service-account <SERVICE_ACCOUNT>A service account is an identity attached to the instance. Its access tokens can be accessed through the instance metadata server and are used to authenticate applications on the instance. The account can be set using an email address corresponding to the required service account. + If not provided, the instance will use the project's default service account. +
--shielded-integrity-monitoringEnables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using `--shielded-vm-learn-integrity-policy`. On Shielded VMs, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm
--shielded-secure-bootThe instance boots with secure boot enabled. On Shielded VMs, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm
--shielded-vtpmThe instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VMs, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm
--source-instance-template <SOURCE_INSTANCE_TEMPLATE>The name of the instance template that the instance will be created from. + Users can also override machine type and labels. Values of other flags will be ignored and `--source-instance-template` will be used instead
--source-snapshot <SOURCE_SNAPSHOT>The name of the source disk snapshot that the instance boot disk will be created from. You can provide this as a full URL to the snapshot or just the snapshot name. For example, the following are valid values: + * https://compute.googleapis.com/compute/v1/projects/myproject/global/snapshots/snapshot * snapshot
--subnet <SUBNET>Specifies the subnet that the instances will be part of. If --network is also specified subnet must be a subnetwork of network specified by --network
--tags <TAG>Specifies a list of tags to apply to the instance. These tags allow network firewall rules and routes to be applied to specified VM instances. See gcloud_compute_firewall-rules_create(1) for more details. + To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags + To list instances with their respective status and tags, run: + $ gcloud compute instances list --format='table(name,status,tags.list())' + To list instances tagged with a specific tag, `tag1`, run: + $ gcloud compute instances list --filter='tags:tag1'
--trace-token <TRACE_TOKEN>Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation
--user-output-enabledPrint user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable
--verbosity <VERBOSITY>Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none*
--zone <ZONE>Zone of the instances to create. If not specified and the ``compute/zone'' property isn't set, you may be prompted to select a zone. + To avoid prompting when this flag is omitted, you can set the ``compute/zone'' property: + $ gcloud config set compute/zone ZONE + A list of zones can be fetched by running: + $ gcloud compute zones list + To unset the property, run: + $ gcloud config unset compute/zone + Alternatively, the zone can be stored in the environment variable ``CLOUDSDK_COMPUTE_ZONE''