gcloud compute instances create - create Compute Engine virtual machine instances

gcloud compute instances createINSTANCE_NAMES[INSTANCE_NAMES …][--accelerator=[count=COUNT],[type=TYPE]][--async][--availability-domain=AVAILABILITY_DOMAIN][--no-boot-disk-auto-delete][--boot-disk-device-name=BOOT_DISK_DEVICE_NAME][--boot-disk-interface=BOOT_DISK_INTERFACE][--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS][--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT][--boot-disk-size=BOOT_DISK_SIZE][--boot-disk-type=BOOT_DISK_TYPE][--can-ip-forward][--create-disk=[PROPERTY=VALUE,…]][--csek-key-file=FILE][--deletion-protection][--description=DESCRIPTION][--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP][--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[force-attach=FORCE-ATTACH],[interface=INTERFACE],[mode=MODE],[name=NAME],[scope=SCOPE]][--enable-display-device][--[no-]enable-nested-virtualization][--[no-]enable-uefi-networking][--erase-windows-vss-signature][--external-ipv6-address=EXTERNAL_IPV6_ADDRESS][--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH][--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS][--hostname=HOSTNAME][--instance-termination-action=INSTANCE_TERMINATION_ACTION][--internal-ipv6-address=INTERNAL_IPV6_ADDRESS][--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH][--ipv6-network-tier=IPV6_NETWORK_TIER][--ipv6-public-ptr-domain=IPV6_PUBLIC_PTR_DOMAIN][--key-revocation-action-type=POLICY][--labels=[KEY=VALUE,…]][--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE],[size=SIZE]][--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT][--machine-type=MACHINE_TYPE][--maintenance-policy=MAINTENANCE_POLICY][--max-run-duration=MAX_RUN_DURATION][--metadata=KEY=VALUE,[KEY=VALUE,…]][--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]][--min-cpu-platform=PLATFORM][--min-node-cpu=MIN_NODE_CPU][--network=NETWORK][--network-interface=[PROPERTY=VALUE,…]][--network-performance-configs=[PROPERTY=VALUE,…]][--network-tier=NETWORK_TIER][--node-project=NODE_PROJECT][--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT][--preemptible][--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE][--private-network-ip=PRIVATE_NETWORK_IP][--provisioning-model=PROVISIONING_MODEL][--request-valid-for-duration=REQUEST_VALID_FOR_DURATION][--no-require-csek-key-create][--resource-manager-tags=[KEY=VALUE,…]][--resource-policies=[RESOURCE_POLICY,…]][--no-restart-on-failure][--shielded-integrity-monitoring][--shielded-secure-boot][--shielded-vtpm][--[no-]skip-guest-os-shutdown][--source-instance-template=SOURCE_INSTANCE_TEMPLATE][--source-machine-image=SOURCE_MACHINE_IMAGE][--source-machine-image-csek-key-file=FILE][--stack-type=STACK_TYPE][--subnet=SUBNET][--tags=TAG,[TAG,…]][--termination-time=TERMINATION_TIME][--threads-per-core=THREADS_PER_CORE][--turbo-mode=TURBO_MODE][--visible-core-count=VISIBLE_CORE_COUNT][--zone=ZONE][--address=ADDRESS    |--no-address][--boot-disk-kms-key=BOOT_DISK_KMS_KEY :--boot-disk-kms-keyring=BOOT_DISK_KMS_KEYRING--boot-disk-kms-location=BOOT_DISK_KMS_LOCATION--boot-disk-kms-project=BOOT_DISK_KMS_PROJECT][--confidential-compute    |--confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE][--custom-cpu=CUSTOM_CPU--custom-memory=CUSTOM_MEMORY :--custom-extensions--custom-vm-type=CUSTOM_VM_TYPE][--image-family-scope=IMAGE_FAMILY_SCOPE--image-project=IMAGE_PROJECT--image=IMAGE    |--image-family=IMAGE_FAMILY    |--source-snapshot=SOURCE_SNAPSHOT][--instance-kms-key=INSTANCE_KMS_KEY :--instance-kms-keyring=INSTANCE_KMS_KEYRING--instance-kms-location=INSTANCE_KMS_LOCATION--instance-kms-project=INSTANCE_KMS_PROJECT][--node=NODE    |--node-affinity-file=PATH_TO_FILE    |--node-group=NODE_GROUP][--public-ptr    |--no-public-ptr][--public-ptr-domain=PUBLIC_PTR_DOMAIN    |--no-public-ptr-domain][--reservation=RESERVATION--reservation-affinity=RESERVATION_AFFINITY; default="any"][--scopes=[SCOPE,…]    |--no-scopes][--service-account=SERVICE_ACCOUNT    |--no-service-account][GCLOUD_WIDE_FLAG …]

When an instance is in RUNNING state and the system begins to boot, the instancecreation is considered finished, and the command returns with a list of newvirtual machines. Note that you usually cannot log into a new instance until itfinishes booting. Check the progress of an instance usinggcloudcompute instances get-serial-port-output.

For more examples, refer to theEXAMPLES section below.

gcloudcomputeinstancescreateexample-instance--image-family=rhel-8--image-project=rhel-cloud--zone=us-central1-a

To create instances called 'example-instance-1', 'example-instance-2', and'example-instance-3' in the 'us-central1-a' zone, run:

gcloudcomputeinstancescreateexample-instance-1example-instance-2example-instance-3--zone=us-central1-a

To create an instance called 'instance-1' from a source snapshot called'instance-snapshot' in zone 'us-central1-a' and attached regional disk 'disk-1',run:

gcloudcomputeinstancescreateinstance-1--source-snapshot=https://compute.googleapis.com/compute/v1/projects/myproject/global/snapshots/instance-snapshot--zone=us-central1-a--disk=name=disk1,scope=regional

To create an instance called instance-1 as a Shielded VM instance with SecureBoot, virtual trusted platform module (vTPM) enabled and integrity monitoring,run:

gcloudcomputeinstancescreateinstance-1--zone=us-central1-a--shielded-secure-boot--shielded-vtpm--shielded-integrity-monitoring

To create a preemptible instance called 'instance-1', run:

gcloudcomputeinstancescreateinstance-1--machine-type=n1-standard-1--zone=us-central1-b--preemptible--no-restart-on-failure--maintenance-policy=terminate

INSTANCE_NAMES [INSTANCE_NAMES …]

Names of the instances to create. For details on valid instance names, refer tothe criteria documented under the field 'name' at:https://cloud.google.com/compute/docs/reference/rest/v1/instances

--accelerator=[count=COUNT],[type=TYPE]

Attaches accelerators (e.g. GPUs) to the instances.

type

The specific type (e.g. nvidia-tesla-t4 for NVIDIA T4) of accelerator to attachto the instances. Use 'gcloud compute accelerator-types list' to learn about allavailable accelerator types.

count

Number of accelerators to attach to each instance. The default value is 1.

--async

Return immediately, without waiting for the operation in progress to complete.

--availability-domain=AVAILABILITY_DOMAIN

Specifies the availability domain that this VM instance should be scheduled on.The number of availability domains that a VM can be scheduled on is specifiedwhen you create the spread placement policy.

Specify a value from 1 to the number of domains that are available in yourplacement policy.

--boot-disk-auto-delete

Automatically delete boot disks when their instances are deleted. Enabled bydefault, use--no-boot-disk-auto-delete to disable.

--boot-disk-device-name=BOOT_DISK_DEVICE_NAME

The name the guest operating system will see for the boot disk. This option canonly be specified if a new boot disk is being created (as opposed to mounting anexisting persistent disk).

--boot-disk-interface=BOOT_DISK_INTERFACE

Indicates the interface to use for the boot disk. The value must be one of thefollowing:

• SCSI
• NVME

--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS

Indicates how many IOPS to provision for the disk. This sets the number of I/Ooperations per second that the disk can handle.

--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT

Indicates how much throughput to provision for the disk. This sets the number ofthroughput mb per second that the disk can handle.

--boot-disk-size=BOOT_DISK_SIZE

The size of the boot disk. This option can only be specified if a new boot diskis being created (as opposed to mounting an existing persistent disk). The valuemust be a whole number followed by a size unit ofKB for kilobyte,MB for megabyte,GB for gigabyte, orTB for terabyte. For example,10GB will produce a 10 gigabyte disk. Disksize must be a multiple of 1 GB. Default size unit isGB.

--boot-disk-type=BOOT_DISK_TYPE

The type of the boot disk. This option can only be specified if a new boot diskis being created (as opposed to mounting an existing persistent disk). To get alist of available disk types, run$gcloud compute disk-typeslist.

--can-ip-forward

If provided, allows the instances to send and receive packets with non-matchingdestination or source IP addresses.

--create-disk=[PROPERTY=VALUE,…]

Creates and attaches persistent disks to the instances.

name

Specifies the name of the disk. This option cannot be specified if more than oneinstance is being created.

description

Optional textual description for the disk being created.

mode

Specifies the mode of the disk. Supported options arero for read-only andrw for read-write. If omitted,rw is used as a default.

image

Specifies the name of the image that the disk will be initialized with. A newdisk will be created based on the given image. To view a list of public imagesand projects, run$gcloud compute imageslist. It is best practice to use image when a specific version of animage is needed. If both image and image-family flags are omitted a blank diskwill be created.

image-family

The image family for the operating system that the boot disk will be initializedwith. Compute Engine offers multiple Linux distributions, some of which areavailable as both regular and Shielded VM images. When a family is specifiedinstead of an image, the latest non-deprecated image associated with that familyis used. It is best practice to use --image-family when the latest version of animage is needed.

image-project

The Google Cloud project against which all image and image family referenceswill be resolved. It is best practice to define image-project. A full list ofavailable image projects can be generated by runninggcloud compute imageslist.

• If specifying one of our public images, image-project must be provided.
• If there are several of the same image-family value in multiple projects,image-project must be specified to clarify the image to be used.
• If not specified and either image or image-family is provided, the currentdefault project is used.

size

The size of the disk. The value must be a whole number followed by a size unitofKB for kilobyte,MB for megabyte,GB for gigabyte, orTB for terabyte. For example,10GB will produce a 10 gigabyte disk. Disksize must be a multiple of 1 GB. If not specified, the default image size willbe used for the new disk.

type

The type of the disk. To get a list of available disk types, run $gcloud compute disk-typeslist. The default disk type ispd-standard.

device-name

An optional name to display the disk name in the guest operating system. Ifomitted, a device name of the formpersistent-disk-N is used.

provisioned-iops

Indicates how many IOPS to provision for the disk. This sets the number of I/Ooperations per second that the disk can handle. Value must be between 10,000 and120,000.

provisioned-throughput

Indicates how much throughput to provision for the disk. This sets the number ofthroughput mb per second that the disk can handle.

disk-resource-policy

Resource policy to apply to the disk. Specify a full or partial URL. Forexample:

• https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy
• projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy

For more information, see the following docs:

• https://cloud.google.com/sdk/gcloud/reference/beta/compute/resource-policies/
• https://cloud.google.com/compute/docs/disks/scheduled-snapshots

auto-delete

Ifyes, this persistent disk will beautomatically deleted when the instance is deleted. However, if the disk islater detached from the instance, this option won't apply. The default value forthis isyes.

architecture

Specifies the architecture or processor type that this disk can support. Foravailable processor types on Compute Engine, seehttps://cloud.google.com/compute/docs/cpu-platforms.

storage-pool

The name of the storage pool in which the new disk is created. The new disk andthe storage pool must be in the same location.

interface

The interface to use with the disk. The value must be one of the following:

• SCSI
• NVME

boot

Ifyes, indicates that this is a boot disk.The instance will use the first partition of the disk for its root file system.The default value for this isno.

kms-key

Fully qualified Cloud KMS cryptokey name that will protect the disk.

This can either be the fully qualified path or the name.

The fully qualified Cloud KMS cryptokey name format is:projects/<kms-project>/locations/<kms-location>/keyRings/<kms-keyring>/cryptoKeys/<key-name>.

If the value is not fully qualified then kms-location, kms-keyring, andoptionally kms-project are required.

Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

kms-project

Project that contains the Cloud KMS cryptokey that will protect the disk.

If the project is not specified then the project where the disk is being createdwill be used.

If this flag is set then key-location, kms-keyring, and kms-key are required.

Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

kms-location

Location of the Cloud KMS cryptokey to be used for protecting the disk.

All Cloud KMS cryptokeys are reside in a 'location'. To get a list of possiblelocations run 'gcloud kms locations list'. If this flag is set then kms-keyringand kms-key are required. Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

kms-keyring

The keyring which contains the Cloud KMS cryptokey that will protect the disk.

If this flag is set then kms-location and kms-key are required.

Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

source-snapshot

The source disk snapshot that will be used to create the disk. You can providethis as a full URL to the snapshot or just the snapshot name. For example, thefollowing are valid values:

• https://compute.googleapis.com/compute/v1/projects/myproject/global/snapshots/snapshot
• snapshot

confidential-compute

Ifyes, the disk is created in confidentialmode. The default value isno. Encryptionwith a Cloud KMS key is required to enable this option.

replica-zones

Required for each regional disk associated with the instance. Specify the URLsof the zones where the disk should be replicated to. You must provide exactlytwo replica zones, and one zone must be the same as the instance zone.

--csek-key-file=FILE

Path to a Customer-Supplied Encryption Key (CSEK) key file that maps ComputeEngine resources to user managed keys to be used when creating, mounting, ortaking snapshots of disks.

If you pass- as value of the flag, the CSEK is read from stdin.Seehttps://cloud.google.com/compute/docs/disks/customer-supplied-encryptionfor more details.

--deletion-protection

Enables deletion protection for the instance.

--description=DESCRIPTION

Specifies a textual description of the instances.

--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP

Required to be set totrue and only allowed for VMs that have oneor more local SSDs, use --instance-termination-action=STOP, and use either--max-run-duration or --termination-time.

This flag indicates the value that you want Compute Engine to use for the--discard-local-ssd flag in the automaticgcloud compute instancesstop command. This flag only supports thetrue value,which discards local SSD data when automatically stopping this VM during itsterminationTimestamp.

For more information about the--discard-local-ssd flag, seehttps://cloud.google.com/compute/docs/disks/local-ssd#stop_instance.

--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[force-attach=FORCE-ATTACH],[interface=INTERFACE],[mode=MODE],[name=NAME],[scope=SCOPE]

Attaches an existing disk to the instances.

name

The disk to attach to the instances. If you create more than one instance, youcan only attach a disk in read-only mode. By default, you attach a zonal disklocated in the same zone of the instance. If you want to attach a regional disk,you must specify the disk using its URI; for example,projects/myproject/regions/us-central1/disks/my-regional-disk.

mode

The mode of the disk. Supported options arero for read-only mode andrw for read-write mode. If omitted,rw is used as a default value. If you userw when creating more than one instance,you encounter errors.

boot

If set toyes, you attach a boot disk. Thevirtual machine then uses the first partition of the disk for the root filesystems. The default value for this isno.

device-name

An optional name to display the disk name in the guest operating system. Ifomitted, a device name of the formpersistent-disk-N is used.

auto-delete

If set toyes, the persistent disk isautomatically deleted when the instance is deleted. However, if you detach thedisk from the instance, deleting the instance doesn't delete the disk. Thedefault value isyes.

interface

The interface to use for the disk. The value must be one of the following:

• SCSI
• NVME

scope

Can bezonal orregional. Ifzonal, the disk is interpreted as a zonaldisk in the same zone as the instance (default). Ifregional, the disk is interpreted as aregional disk in the same region as the instance. The default value for this iszonal.

force-attach

Ifyes, this persistent disk willforce-attached to the instance even it is already attached to another instance.The default value is 'no'.

--enable-display-device

Enable a display device on VM instances. Disabled by default.

--[no-]enable-nested-virtualization

If set to true, enables nested virtualization for the instance. Use--enable-nested-virtualization to enable and--no-enable-nested-virtualization to disable.

--[no-]enable-uefi-networking

If set to true, enables UEFI networking for the instance creation. Use--enable-uefi-networking to enable and--no-enable-uefi-networking to disable.

--erase-windows-vss-signature

Specifies whether the disk restored from source snapshots or source machineimage should erase Windows specific VSS signature. Seehttps://cloud.google.com/sdk/gcloud/reference/compute/disks/snapshot#--guest-flush

--external-ipv6-address=EXTERNAL_IPV6_ADDRESS

Assigns the given external IPv6 address to the instance that is created. Theaddress must be the first IP address in the range. This option can be used onlywhen creating a single instance.

--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH

The prefix length of the external IPv6 address range. This field should be usedtogether with--external-ipv6-address. Only the /96 IP addressrange is supported, and the default value is 96.

--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS

The timeout in seconds for host error detection. The value must be set with 30second increments, with a range of 90 to 330 seconds. If unset, the defaultbehavior of the host error recovery is used.

--hostname=HOSTNAME

Specify the hostname of the instance to be created. The specified hostname mustbe RFC1035 compliant. If hostname is not specified, the default hostname is[INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and[INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.

--instance-termination-action=INSTANCE_TERMINATION_ACTION

Specifies the termination action that will be taken upon VM preemption(--provisioning-model=SPOT) or automatic instance termination(--max-run-duration or --termination-time).

INSTANCE_TERMINATION_ACTION must be one of:

DELETE

Permanently delete the VM.

STOP

Default only for Spot VMs. Stop the VM without preserving memory. The VM can berestarted later.

--internal-ipv6-address=INTERNAL_IPV6_ADDRESS

Assigns the given internal IPv6 address or range to the instance that iscreated. The address must be the first IP address in the range or from a /96 IPaddress range. This option can be used only when creating a single instance.

--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH

Optional field that indicates the prefix length of the internal IPv6 addressrange. It should be used together with --internal-ipv6-address. Only /96 IPaddress range is supported and the default value is 96. If not set, either theprefix length from --internal-ipv6-address will be used or the default value of96 will be assigned.

--ipv6-network-tier=IPV6_NETWORK_TIER

Specifies the IPv6 network tier that will be used to configure the instancenetwork interface IPv6 access config.IPV6_NETWORK_TIERmust be (only one value is supported):

PREMIUM

High quality, Google-grade network tier.

--ipv6-public-ptr-domain=IPV6_PUBLIC_PTR_DOMAIN

Assigns a custom PTR domain for the external IPv6 in the IPv6 accessconfiguration of instance. If unspecified or specified to be an empty string,the default PTR record will be used. This option can only be specified for thedefault network interface,nic0.

--key-revocation-action-type=POLICY

Specifies the behavior of the instance when the KMS key of one of its attacheddisks is revoked. The default is none.POLICY must beone of:

none

No operation is performed.

stop

The instance is stopped when the KMS key of one of its attached disks isrevoked.

--labels=[KEY=VALUE,…]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens(-), underscores (_), lowercase characters, andnumbers. Values must contain only hyphens (-), underscores(_), lowercase characters, and numbers.

--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE],[size=SIZE]

Attaches a local SSD to the instances.

device-name

Optional. A name that indicates the disk name the guest operating system willsee. Can only be specified ifinterface isSCSI. Ifomitted, a device name of the formlocal-ssd-N will be used.

interface

Optional. The kind of disk interface exposed to the VM for this SSD. Validvalues areSCSI andNVME. SCSI is the default and is supportedby more guest operating systems. NVME might provide higher performance.

size

Optional. The only valid value is375GB.Specify the--local-ssd flag multiple timesif you need multiple375GB local SSDpartitions. You can specify a maximum of 24 local SSDs for a maximum of9TB attached to an instance.

--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT

Specifies the maximum amount of time a Local Ssd Vm should wait while recoveryof the Local Ssd state is attempted. Its value should be in between 0 and 168hours with hour granularity and the default value being 1 hour.

--machine-type=MACHINE_TYPE

Specifies the machine type used for the instances. To get a list of availablemachine types, run 'gcloud compute machine-types list'. If unspecified, thedefault type is n1-standard-1.

--maintenance-policy=MAINTENANCE_POLICY

Specifies the behavior of the VMs when their host machines undergo maintenance.The default is MIGRATE. For more information, seehttps://cloud.google.com/compute/docs/instances/host-maintenance-options.MAINTENANCE_POLICY must be one of:

MIGRATE

The instances should be migrated to a new host. This will temporarily impact theperformance of instances during a migration event.

TERMINATE

The instances should be terminated.

--max-run-duration=MAX_RUN_DURATION

Limits how long this VM instance can run, specified as a duration relative tothe last time when the VM began running. Format the duration, MAX_RUN_DURATION,as the number of days, hours, minutes, and seconds followed by d, h, m, and srespectively. For example, specify30m for a duration of 30 minutesor specify1d2h3m4s for a duration of 1 day, 2 hours, 3 minutes,and 4 seconds. Alternatively, to specify a timestamp, use --termination-timeinstead.

If neither --max-run-duration nor --termination-time is specified (default), theVM instance runs until prompted by a user action or system event. If either isspecified, the VM instance is scheduled to be automatically terminated at theVM's termination timestamp (terminationTimestamp) using the actionspecified by --instance-termination-action.

Note: TheterminationTimestamp is removed whenever the VM isstopped or suspended and redefined whenever the VM is rerun. For--max-run-duration specifically, theterminationTimestamp is thesum of MAX_RUN_DURATION and the time when the VM last entered theRUNNING state, which changes whenever the VM is rerun.

--metadata=KEY=VALUE,[KEY=VALUE,…]

Metadata to be made available to the guest operating system running on theinstances. Each metadata entry is a key/value pair separated by an equals sign.Each metadata key must be unique and have a max of 128 bytes in length. Eachvalue must have a max of 256 KB in length. Multiple arguments can be passed tothis flag, e.g.,--metadatakey-1=value-1,key-2=value-2,key-3=value-3. The combinedtotal size for all metadata entries is 512 KB.

In images that have Compute Engine tools installed on them, such as theofficial images, thefollowing metadata keys have special meanings:

startup-script

Specifies a script that will be executed by the instances once they startrunning. For convenience,--metadata-from-file can be used to pullthe value from a file.

startup-script-url

Same asstartup-script except that thescript contents are pulled from a publicly-accessible location on the web.For startup scripts on Windows instances, the following metadata keys havespecial meanings:windows-startup-script-url,windows-startup-script-cmd,windows-startup-script-bat,windows-startup-script-ps1,sysprep-specialize-script-url,sysprep-specialize-script-cmd,sysprep-specialize-script-bat, andsysprep-specialize-script-ps1. For moreinformation, seeRunning startupscripts.

--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]

Same as--metadata except that the valuefor the entry will be read from a local file. This is useful for values that aretoo large such asstartup-script contents.

--min-cpu-platform=PLATFORM

When specified, the VM will be scheduled on host with specified CPU architectureor a newer one. To list available CPU platforms in given zone, run:

gcloudcomputezonesdescribeZONE--format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".

CPU platform selection is available only in selected zones.

You can find more information on-line:https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform

--min-node-cpu=MIN_NODE_CPU

Minimum number of virtual CPUs this instance will consume when running on asole-tenant node.

--network=NETWORK

Specifies the network that the VM instances are a part of. If--subnet is also specified, subnet must be a subnetwork of thenetwork specified by this--network flag. If neither is specified,the default network is used.

--network-interface=[PROPERTY=VALUE,…]

Adds a network interface to the instance. Mutually exclusive with any of theseflags:--address,--network,--network-tier,--subnet,--private-network-ip,--stack-type,--ipv6-network-tier,--internal-ipv6-address,--internal-ipv6-prefix-length,--ipv6-address,--ipv6-prefix-length,--external-ipv6-address,--external-ipv6-prefix-length,--ipv6-public-ptr-domain. This flag can be repeated to specifymultiple network interfaces.

The following keys are allowed:

address

Assigns the given external address to the instance that is created. Specifyingan empty string will assign an ephemeral IP. Mutually exclusive with no-address.If neither key is present the instance will get an ephemeral IP.

network

Specifies the network that the interface will be part of. If subnet is alsospecified it must be subnetwork of this network. If neither is specified, thisdefaults to the "default" network.

no-address

If specified the interface will have no external IP. Mutually exclusive withaddress. If neither key is present the instance will get an ephemeral IP.

network-tier

Specifies the network tier of the interface.NETWORK_TIER must be one of:PREMIUM,STANDARD. The default value isPREMIUM.

private-network-ip

Assigns the given RFC1918 IP address to the interface.

subnet

Specifies the subnet that the interface will be part of. If network key is alsospecified this must be a subnetwork of the specified network.

nic-type

Specifies the Network Interface Controller (NIC) type for the interface.NIC_TYPE must be one of:GVNIC,VIRTIO_NET.

queue-count

Specifies the networking queue count for this interface. Both Rx and Tx queueswill be set to this number. If it's not specified, a default queue count will beassigned. Seehttps://cloud.google.com/compute/docs/network-bandwidth#rx-txfor more details.

stack-type

Specifies whether IPv6 is enabled on the interface.STACK_TYPE must be one of:IPV4_ONLY,IPV4_IPV6,IPV6_ONLY. Thedefault value isIPV4_ONLY.

ipv6-network-tier

Specifies the IPv6 network tier that will be used to configure the instancenetwork interface IPv6 access config.IPV6_NETWORK_TIER must bePREMIUM (currently only one value is supported).

internal-ipv6-address

Assigns the given internal IPv6 address or range to the instance that iscreated. The address must be the first IP address in the range or from a /96 IPaddress range. This option can be used only when creating a single instance.

internal-ipv6-prefix-length

Optional field that indicates the prefix length of the internal IPv6 addressrange. It should be used together with internal-ipv6-address. Only /96 IPaddress range is supported and the default value is 96. If not set, either theprefix length from --internal-ipv6-address will be used or the default value of96 will be assigned.

external-ipv6-address

Assigns the given external IPv6 address to the instance that is created. Theaddress must be the first IP address in the range. This option can be used onlywhen creating a single instance.

external-ipv6-prefix-length

The prefix length of the external IPv6 address range. This field should be usedtogether with external-ipv6-address. Only the /96 IP address range is supported,and the default value is 96.

ipv6-public-ptr-domain

Assigns a custom PTR domain for the external IPv6 in the IPv6 accessconfiguration of instance. If its value is not specified, the default PTR recordwill be used. This option can only be specified for the default networkinterface,nic0.

aliases

Specifies the IP alias ranges to allocate for this interface. If there aremultiple IP alias ranges, they are separated by semicolons.

For example:

--aliases="10.128.1.0/24;range1:/32"

Each IP alias range consists of a range name and an IP range separated by acolon, or just the IP range. The range name is the name of the range within thenetwork interface's subnet from which to allocate an IP alias range. Ifunspecified, it defaults to the primary IP range of the subnet. The IP range canbe a CIDR range (e.g.192.168.100.0/24), a single IP address (e.g.192.168.100.1), or a netmask in CIDR format (e.g./24). If the IP range is specified by CIDR range or single IPaddress, it must belong to the CIDR range specified by the range name on thesubnet. If the IP range is specified by netmask, the IP allocator will pick anavailable range with the specified netmask and allocate it to this networkinterface.

network-attachment

Specifies the network attachment that this interface should connect to. Mutuallyexclusive with--network and--subnet flags.

vlan

VLAN ID of a Dynamic Network Interface, must be an integer in the range from 2to 255 inclusively.

igmp-query

Determines if the Compute Engine Instance can receive and respond to IGMP querypackets on the specified network interface.IGMP_QUERY must be one of:IGMP_QUERY_V2,IGMP_QUERY_DISABLED. It is disabled bydefault.

--network-performance-configs=[PROPERTY=VALUE,…]

Configures network performance settings for the instance. If this flag is notspecified, the instance will be created with its default network performanceconfiguration.

total-egress-bandwidth-tier

Total egress bandwidth is the available outbound bandwidth from a VM, regardlessof whether the traffic is going to internal IP or external IP destinations. Thefollowing tier values are allowed: [DEFAULT,TIER_1]

--network-tier=NETWORK_TIER

Specifies the network tier that will be used to configure the instance.NETWORK_TIER must be one of:PREMIUM,STANDARD. The default value isPREMIUM.

--node-project=NODE_PROJECT

The name of the project with shared sole tenant node groups to create aninstance in.

--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT

The type of performance monitoring counters (PMCs) to enable in the instance.PERFORMANCE_MONITORING_UNIT must be one of:

architectural

This enables architecturally defined non-last level cache (LLC) events.

enhanced

This enables most documented core/L2 and LLC events.

standard

This enables most documented core/L2 events.

--preemptible

If provided, instances will be preemptible and time-limited. Instances might bepreempted to free up resources for standard VM instances, and will only be ableto run for a limited amount of time. Preemptible instances can not be restartedand will not migrate.

--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE

The private IPv6 Google access type for the VM.PRIVATE_IPV6_GOOGLE_ACCESS_TYPE must be one of:enable-bidirectional-access,enable-outbound-vm-access,inherit-subnetwork.

--private-network-ip=PRIVATE_NETWORK_IP

Specifies the RFC1918 IP to assign to the instance. The IP should be in thesubnet or legacy network IP range.

--provisioning-model=PROVISIONING_MODEL

Specifies the provisioning model for your VM instances. This choice affects theprice, availability, and how long your VM instances can run.PROVISIONING_MODEL must be one of:

FLEX_START

The VM instance is provisioned using the Flex Start provisioning model and has alimited runtime.

RESERVATION_BOUND

The VM instances run for the entire duration of their associated reservation.You can only specify this provisioning model if you want your VM instances toconsume a specific reservation with either a calendar reservation mode or adense deployment type.

SPOT

Compute Engine may stop a Spot VM instance whenever it needs capacity. BecauseSpot VM instances don't have a guaranteed runtime, they come at a discountedprice.

STANDARD

The default option. The STANDARD provisioning model gives you full control overyour VM instances' runtime.

--request-valid-for-duration=REQUEST_VALID_FOR_DURATION

When you create an instance by using the FLEX_START provisioning model, you canspecify the duration to wait for available resources. If the instance creationrequest is still pending after this duration, then the request fails. Youspecify a duration by using numbers followed byh,m,ands for hours, minutes, and seconds, respectively. For example,specify30m for a duration of 30 minutes, or1h2m3sfor 1 hour, 2 minutes, and 3 seconds. Longer durations give you higher chancesthat your instance creation request succeeds when resources are in high demand.

--require-csek-key-create

Refuse to create resources not protected by a user managed key in the key filewhen --csek-key-file is given. This behavior is enabled by default to preventincorrect gcloud invocations from accidentally creating resources with no usermanaged key. Disabling the check allows creation of some resources without amatching Customer-Supplied Encryption Key in the supplied --csek-key-file. Seehttps://cloud.google.com/compute/docs/disks/customer-supplied-encryptionfor more details. Enabled by default, use--no-require-csek-key-create to disable.

--resource-manager-tags=[KEY=VALUE,…]

Specifies a list of resource manager tags to apply to the instance.

--resource-policies=[RESOURCE_POLICY,…]

A list of resource policy names to be added to the instance. The policies mustexist in the same region as the instance.

--restart-on-failure

The instances will be restarted if they are terminated by Compute Engine. Thisdoes not affect terminations performed by the user. Enabled by default, use--no-restart-on-failure to disable.

--shielded-integrity-monitoring

Enables monitoring and attestation of the boot integrity of the instance. Theattestation is performed against the integrity policy baseline. This baseline isinitially derived from the implicitly trusted boot image when the instance iscreated. This baseline can be updated by usinggcloud compute instancesupdate --shielded-learn-integrity-policy. On Shielded VM instances,integrity monitoring is enabled by default. For information about how to modifyShielded VM options, seehttps://cloud.google.com/compute/docs/instances/modifying-shielded-vm.For information about monitoring integrity on Shielded VM instances, seehttps://cloud.google.com/compute/docs/instances/integrity-monitoring."

--shielded-secure-boot

The instance boots with secure boot enabled. On Shielded VM instances, SecureBoot is not enabled by default. For information about how to modify Shielded VMoptions, seehttps://cloud.google.com/compute/docs/instances/modifying-shielded-vm.

--shielded-vtpm

The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is ahardware module that can be used for different security operations such asremote attestation, encryption, and sealing of keys. On Shielded VM instances,vTPM is enabled by default. For information about how to modify Shielded VMoptions, seehttps://cloud.google.com/compute/docs/instances/modifying-shielded-vm.

--[no-]skip-guest-os-shutdown

If enabled, then, when the instance is stopped or deleted, the instance isimmediately stopped without giving time to the guest OS to cleanly shut down.Use--skip-guest-os-shutdown to enable and--no-skip-guest-os-shutdown to disable.

--source-instance-template=SOURCE_INSTANCE_TEMPLATE

The name of the instance template that the instance will be created from. Aninstance template can be a global/regional resource.

Users can override instance properties using other flags.

--source-machine-image=SOURCE_MACHINE_IMAGE

The name of the machine image that the instance will be created from.

--source-machine-image-csek-key-file=FILE

Path to a Customer-Supplied Encryption Key (CSEK) key file, mapping resources touser managed keys which were used to encrypt the source machine-image. Seehttps://cloud.google.com/compute/docs/disks/customer-supplied-encryptionfor more details.

--stack-type=STACK_TYPE

Specifies whether IPv6 is enabled on the default network interface. If notspecified, IPV4_ONLY will be used.STACK_TYPE must beone of:

IPV4_IPV6

The network interface can have both IPv4 and IPv6 addresses

IPV4_ONLY

The network interface will be assigned IPv4 addresses

IPV6_ONLY

The network interface will be assigned IPv6 addresses

--subnet=SUBNET

Specifies the subnet that the VM instances are a part of. If--network is also specified, subnet must be a subnetwork of thenetwork specified by the--network flag.

--tags=TAG,[TAG,…]

Specifies a list of tags to apply to the instance. These tags allow networkfirewall rules and routes to be applied to specified VM instances. Seegcloud computefirewall-rules create(1) for more details.

To read more about configuring network tags, read this guide:https://cloud.google.com/vpc/docs/add-remove-network-tags

To list instances with their respective status and tags, run:

gcloudcomputeinstanceslist--format='table(name,status,tags.list())'

To list instances tagged with a specific tag,tag1, run:

gcloudcomputeinstanceslist--filter='tags:tag1'

--termination-time=TERMINATION_TIME

Limits how long this VM instance can run, specified as a time. Format the time,TERMINATION_TIME, as a RFC 3339 timestamp. For more information, seehttps://tools.ietf.org/html/rfc3339.Alternatively, to specify a duration, use --max-run-duration instead.

If neither --termination-time nor --max-run-duration is specified (default), theVM instance runs until prompted by a user action or system event. If either isspecified, the VM instance is scheduled to be automatically terminated at theVM's termination timestamp (terminationTimestamp) using the actionspecified by --instance-termination-action.

Note: TheterminationTimestamp is removed whenever the VM isstopped or suspended and redefined whenever the VM is rerun. For--termination-time specifically, theterminationTimestamp remainsthe same whenever the VM is rerun, but any requests to rerun the VM fail if thespecified timestamp is in the past.

--threads-per-core=THREADS_PER_CORE

The number of visible threads per physical core. To disable simultaneousmultithreading (SMT) set this to 1. Valid values are: 1 or 2.

For more information about configuring SMT, see:https://cloud.google.com/compute/docs/instances/configuring-simultaneous-multithreading.

--turbo-mode=TURBO_MODE

Turbo mode to use for the instance. Supported modes include:

• ALL_CORE_MAX

To achieve all-core-turbo frequency for more consistent CPU performance, set thefield to ALL_CORE_MAX. The field is unset by default, which results in maximumperformance single-core boosting.

--visible-core-count=VISIBLE_CORE_COUNT

The number of physical cores to expose to the instance's guest operating system.The number of virtual CPUs visible to the instance's guest operating system isthis number of cores multiplied by the instance's count of visible threads perphysical core.

--zone=ZONE

Zone of the instances to create. If not specified and thecompute/zone property isn't set, you mightbe prompted to select a zone (interactive mode only).

To avoid prompting when this flag is omitted, you can set thecompute/zone property:

gcloudconfigsetcompute/zoneZONE

A list of zones can be fetched by running:

gcloudcomputezoneslist

To unset the property, run:

gcloudconfigunsetcompute/zone

Alternatively, the zone can be stored in the environment variableCLOUDSDK_COMPUTE_ZONE.

At most one of these can be specified:

--address=ADDRESS

Assigns the given external address to the instance that is created. The addressmight be an IP address or the name or URI of an address resource. This optioncan only be used when creating a single instance.

--no-address

If provided, the instances are not assigned external IP addresses. To pullcontainer images, you must configure private Google access if using ContainerRegistry or configure Cloud NAT for instances to access container imagesdirectly. For more information, see:

• https://cloud.google.com/vpc/docs/configure-private-google-access
• https://cloud.google.com/nat/docs/using-nat

Key resource - The Cloud KMS (Key Management Service) cryptokey that will beused to protect the disk. The 'Compute Engine Service Agent' service accountmust hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments inthis group can be used to specify the attributes of this resource.

--boot-disk-kms-key=BOOT_DISK_KMS_KEY

ID of the key or fully qualified identifier for the key.

To set thekms-key attribute:

• provide the argument--boot-disk-kms-key on the command line.

This flag argument must be specified if any of the other arguments in this groupare specified.

--boot-disk-kms-keyring=BOOT_DISK_KMS_KEYRING

The KMS keyring of the key.

To set thekms-keyring attribute:

• provide the argument--boot-disk-kms-key on the command line with afully specified name;
• provide the argument--boot-disk-kms-keyring on the command line.

--boot-disk-kms-location=BOOT_DISK_KMS_LOCATION

The Google Cloud location for the key.

To set thekms-location attribute:

• provide the argument--boot-disk-kms-key on the command line with afully specified name;
• provide the argument--boot-disk-kms-location on the command line.

--boot-disk-kms-project=BOOT_DISK_KMS_PROJECT

The Google Cloud project for the key.

To set thekms-project attribute:

• provide the argument--boot-disk-kms-key on the command line with afully specified name;
• provide the argument--boot-disk-kms-project on the command line;
• set the propertycore/project.

At most one of these can be specified:

--confidential-compute

(DEPRECATED) The instance boots with Confidential Computing enabled.Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMDvirtualization feature for running confidential instances.

The --confidential-compute flag will soon be deprecated. Please use--confidential-compute-type=SEV instead

--confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE

The instance boots with Confidential Computing enabled. Confidential Computingcan be based on Secure Encrypted Virtualization (SEV) or Secure EncryptedVirtualization - Secure Nested Paging (SEV-SNP), both of which are AMDvirtualization features for running confidential instances. Trust DomaineXtension based on Intel virtualization features for running confidentialinstances is also supported.CONFIDENTIAL_COMPUTE_TYPEmust be one of:

SEV

Secure Encrypted Virtualization

SEV_SNP

Secure Encrypted Virtualization - Secure Nested Paging

TDX

Trust Domain eXtension

Custom machine type extensions.

--custom-cpu=CUSTOM_CPU

A whole number value specifying the number of cores that are needed in thecustom machine type.

For some machine types, shared-core values can also be used. For example, for E2machine types, you can specifymicro,small, ormedium.

This flag argument must be specified if any of the other arguments in this groupare specified.

--custom-memory=CUSTOM_MEMORY

A whole number value indicating how much memory is desired in the custom machinetype. A size unit should be provided (eg. 3072MB or 9GB) - if no units arespecified, GB is assumed.

This flag argument must be specified if any of the other arguments in this groupare specified.

--custom-extensions

Use the extended custom machine type.

--custom-vm-type=CUSTOM_VM_TYPE

Specifies a custom machine type. The default isn1. For moreinformation about custom machine types, see:https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types

--image-family-scope=IMAGE_FAMILY_SCOPE

Sets the scope for the--image-family flag. By default, whenspecifying an image family in a public image project, the zonal image familyscope is used. All other projects default to the global image. Use this flag tooverride this behavior.IMAGE_FAMILY_SCOPE must be oneof:zonal,global.

--image-project=IMAGE_PROJECT

The Google Cloud project against which all image and image family referenceswill be resolved. It is best practice to define image-project. A full list ofavailable projects can be generated by runninggcloud projects list.

• If specifying one of our public images, image-project must be provided.
• If there are several of the same image-family value in multiple projects,image-project must be specified to clarify the image to be used.
• If not specified and either image or image-family is provided, the currentdefault project is used.

At most one of these can be specified:

--image=IMAGE

Specifies the boot image for the instances. For each instance, a new boot diskwill be created from the given image. Each boot disk will have the same name asthe instance. To view a list of public images and projects, run$gcloud compute imageslist. It is best practice to use--image when a specificversion of an image is needed.

When using this option,--boot-disk-device-name and--boot-disk-size can be used to overridethe boot disk's device name and size, respectively.

--image-family=IMAGE_FAMILY

The image family for the operating system that the boot disk will be initializedwith. Compute Engine offers multiple Linux distributions, some of which areavailable as both regular and Shielded VM images. When a family is specifiedinstead of an image, the latest non-deprecated image associated with that familyis used. It is best practice to use--image-family when the latestversion of an image is needed.

By default,debian-12 is assumed for thisflag.

--source-snapshot=SOURCE_SNAPSHOT

The name of the source disk snapshot that the instance boot disk will be createdfrom. You can provide this as a full URL to the snapshot or just the snapshotname. For example, the following are valid values:

• https://compute.googleapis.com/compute/v1/projects/myproject/global/snapshots/snapshot
• snapshot

Key resource - The Cloud KMS (Key Management Service) cryptokey that will beused to protect the instance. The 'Compute Engine Service Agent' service accountmust hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments inthis group can be used to specify the attributes of this resource.

--instance-kms-key=INSTANCE_KMS_KEY

ID of the key or fully qualified identifier for the key.

To set thekms-key attribute:

• provide the argument--instance-kms-key on the command line.

This flag argument must be specified if any of the other arguments in this groupare specified.

--instance-kms-keyring=INSTANCE_KMS_KEYRING

The KMS keyring of the key.

To set thekms-keyring attribute:

• provide the argument--instance-kms-key on the command line with afully specified name;
• provide the argument--instance-kms-keyring on the command line.

--instance-kms-location=INSTANCE_KMS_LOCATION

The Google Cloud location for the key.

To set thekms-location attribute:

• provide the argument--instance-kms-key on the command line with afully specified name;
• provide the argument--instance-kms-location on the command line.

--instance-kms-project=INSTANCE_KMS_PROJECT

The Google Cloud project for the key.

To set thekms-project attribute:

• provide the argument--instance-kms-key on the command line with afully specified name;
• provide the argument--instance-kms-project on the command line;
• set the propertycore/project.

Sole Tenancy.

At most one of these can be specified:

--node=NODE

The name of the node to schedule this instance on.

--node-affinity-file=PATH_TO_FILE

The JSON/YAML file containing the configuration of desired nodes onto which thisinstance could be scheduled. These rules filter the nodes according to theirnode affinity labels. A node's affinity labels come from the node template ofthe group the node is in.

The file should contain a list of a JSON/YAML objects. For an example, seehttps://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#configure_node_affinity_labels.The following list describes the fields:

key

Corresponds to the node affinity label keys of the Node resource.

operator

Specifies the node selection type. Must be one of:IN: RequiresCompute Engine to seek for matched nodes.NOT_IN: Requires ComputeEngine to avoid certain nodes.

values

Optional. A list of values which correspond to the node affinity label values ofthe Node resource.

Use a full or relative path to a local file containing the value ofnode_affinity_file.

--node-group=NODE_GROUP

The name of the node group to schedule this instance on.

At most one of these can be specified:

--public-ptr

Creates a DNS PTR record for the external IP of the instance.

--no-public-ptr

If provided, no DNS PTR record is created for the external IP of the instance.Mutually exclusive with public-ptr-domain.

At most one of these can be specified:

--public-ptr-domain=PUBLIC_PTR_DOMAIN

Assigns a custom PTR domain for the external IP of the instance. Mutuallyexclusive with no-public-ptr.

--no-public-ptr-domain

If both this flag and --public-ptr are specified, creates a DNS PTR record forthe external IP of the instance with the PTR domain name being the DNS name ofthe instance.

Specifies the reservation for the instance.

--reservation=RESERVATION

The name of the reservation, required when--reservation-affinity=specific.

--reservation-affinity=RESERVATION_AFFINITY; default="any"

The type of reservation for the instance.RESERVATION_AFFINITY must be one of:

any

Consume any available, matching reservation.

none

Do not consume from any reserved capacity.

specific

Must consume from a specific reservation.

At most one of these can be specified:

--scopes=[SCOPE,…]

If not provided, the instance will be assigned the default scopes, describedbelow. However, if neither--scopes nor--no-scopesare specified and the project has no default service account, then the instancewill be created with no scopes. Note that the level of access that a serviceaccount has is determined by a combination of access scopes and IAM roles so youmust configure both access scopes and IAM roles for the service account to workproperly.

SCOPE can be either the full URI of the scope or an alias.Defaultscopes are assigned to all instances. Available aliases are:

Alias	URI
bigquery	https://www.googleapis.com/auth/bigquery
cloud-platform	https://www.googleapis.com/auth/cloud-platform
cloud-source-repos	https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro	https://www.googleapis.com/auth/source.read_only
compute-ro	https://www.googleapis.com/auth/compute.readonly
compute-rw	https://www.googleapis.com/auth/compute
datastore	https://www.googleapis.com/auth/datastore
default	https://www.googleapis.com/auth/devstorage.read_only
	https://www.googleapis.com/auth/logging.write
	https://www.googleapis.com/auth/monitoring.write
	https://www.googleapis.com/auth/pubsub
	https://www.googleapis.com/auth/service.management.readonly
	https://www.googleapis.com/auth/servicecontrol
	https://www.googleapis.com/auth/trace.append
gke-default	https://www.googleapis.com/auth/devstorage.read_only
	https://www.googleapis.com/auth/logging.write
	https://www.googleapis.com/auth/monitoring
	https://www.googleapis.com/auth/service.management.readonly
	https://www.googleapis.com/auth/servicecontrol
	https://www.googleapis.com/auth/trace.append
logging-write	https://www.googleapis.com/auth/logging.write
monitoring	https://www.googleapis.com/auth/monitoring
monitoring-read	https://www.googleapis.com/auth/monitoring.read
monitoring-write	https://www.googleapis.com/auth/monitoring.write
pubsub	https://www.googleapis.com/auth/pubsub
service-control	https://www.googleapis.com/auth/servicecontrol
service-management	https://www.googleapis.com/auth/service.management.readonly
sql (deprecated)	https://www.googleapis.com/auth/sqlservice
sql-admin	https://www.googleapis.com/auth/sqlservice.admin
storage-full	https://www.googleapis.com/auth/devstorage.full_control
storage-ro	https://www.googleapis.com/auth/devstorage.read_only
storage-rw	https://www.googleapis.com/auth/devstorage.read_write
taskqueue	https://www.googleapis.com/auth/taskqueue
trace	https://www.googleapis.com/auth/trace.append
userinfo-email	https://www.googleapis.com/auth/userinfo.email

DEPRECATION WARNING:https://www.googleapis.com/auth/sqlserviceaccount scope andsql alias do not provide SQL instance managementcapabilities and have been deprecated. Please, usehttps://www.googleapis.com/auth/sqlservice.adminorsql-admin to manage your Google SQL Service instances.

--no-scopes

Create instance without scopes

At most one of these can be specified:

--service-account=SERVICE_ACCOUNT

A service account is an identity attached to the instance. Its access tokens canbe accessed through the instance metadata server and are used to authenticateapplications on the instance. The account can be set using an email addresscorresponding to the required service account.

If not provided, the instance will use the project's default service account.

--no-service-account

Create instance without service account

Run$gcloud help for details.