gcloud alpha sql instances create - creates a new Cloud SQL instance

gcloud alpha sql instances createINSTANCE[--activation-policy=ACTIVATION_POLICY][--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,…]][--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN][--active-directory-mode=ACTIVE_DIRECTORY_MODE][--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT][--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY][--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME][--[no-]assign-ip][--async][--audit-bucket-path=AUDIT_BUCKET_PATH][--audit-retention-interval=AUDIT_RETENTION_INTERVAL][--audit-upload-interval=AUDIT_UPLOAD_INTERVAL][--authorized-networks=NETWORK,[NETWORK,…]][--availability-type=AVAILABILITY_TYPE][--no-backup][--backup-location=BACKUP_LOCATION][--backup-start-time=BACKUP_START_TIME][--cascadable-replica][--clear-active-directory-dns-servers][--collation=COLLATION][--connection-pool-flags=FLAG=VALUE,[FLAG=VALUE,…]][--connector-enforcement=CONNECTOR_ENFORCEMENT][--cpu=CPU][--custom-subject-alternative-names=DNS,[DNS,[DNS]]][--data-api-access=DATA_API_ACCESS][--database-flags=FLAG=VALUE,[FLAG=VALUE,…]][--database-version=DATABASE_VERSION; default="MYSQL_8_0"][--[no-]deletion-protection][--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE][--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE][--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME][--edition=EDITION][--enable-auto-upgrade-minor-version][--enable-bin-log][--[no-]enable-connection-pooling][--[no-]enable-data-cache][--[no-]enable-dataplex-integration][--[no-]enable-google-ml-integration][--enable-google-private-path][--enable-password-policy][--enable-point-in-time-recovery][--enforce-new-sql-network-architecture][--failover-replica-name=FAILOVER_REPLICA_NAME][--[no-]final-backup][--final-backup-retention-days=FINAL_BACKUP_RETENTION_DAYS][--[no-]insights-config-query-insights-enabled][--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE][--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH][--[no-]insights-config-record-application-tags][--[no-]insights-config-record-client-address][--instance-type=INSTANCE_TYPE][--labels=[KEY=VALUE,…]][--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL][--maintenance-window-day=MAINTENANCE_WINDOW_DAY][--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR][--master-instance-name=MASTER_INSTANCE_NAME][--memory=MEMORY][--network=NETWORK][--node-count=NODE_COUNT][--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY][--[no-]password-policy-disallow-username-substring][--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH][--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL][--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL][--performance-capture-config=KEY=VALUE,[KEY=VALUE,…]][--psc-auto-connections=[network=NETWORK],[project=PROJECT]][--[no-]recreate-replicas-on-primary-crash][--replica-type=REPLICA_TYPE][--replication=REPLICATION][--replication-lag-max-seconds-for-recreate=REPLICATION_LAG_MAX_SECONDS_FOR_RECREATE][--require-ssl][--[no-]retain-backups-on-delete][--retained-backups-count=RETAINED_BACKUPS_COUNT][--retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS][--root-password=ROOT_PASSWORD][--server-ca-mode=SERVER_CA_MODE][--server-ca-pool=SERVER_CA_POOL][--ssl-mode=SSL_MODE][--[no-]storage-auto-increase][--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT][--storage-provisioned-iops=STORAGE_PROVISIONED_IOPS][--storage-provisioned-throughput=STORAGE_PROVISIONED_THROUGHPUT][--storage-size=STORAGE_SIZE][--storage-type=STORAGE_TYPE][--tags=TAG=VALUE,[TAG=VALUE,…]][--threads-per-core=THREADS_PER_CORE][--tier=TIER,-tTIER][--time-zone=TIME_ZONE][--timeout=TIMEOUT; default=3600][--allowed-psc-projects=PROJECT,[PROJECT,…]--enable-private-service-connect][--disk-encryption-key=DISK_ENCRYPTION_KEY :--disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING--disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION--disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT][--entra-id-application-id=ENTRA_ID_APPLICATION_ID--entra-id-tenant-id=ENTRA_ID_TENANT_ID][--master-dump-file-path=MASTER_DUMP_FILE_PATH--master-username=MASTER_USERNAME : [--master-ca-certificate-path=MASTER_CA_CERTIFICATE_PATH :--client-certificate-path=CLIENT_CERTIFICATE_PATH--client-key-path=CLIENT_KEY_PATH]--master-password=MASTER_PASSWORD    |--prompt-for-master-password][--[no-]auto-scale-disable-scale-in--[no-]auto-scale-enabled--auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS--auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT--auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT--auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS--auto-scale-target-metrics=[METRIC=VALUE,…]][--region=REGION; default="us-central"    |--gce-zone=GCE_ZONE    |--secondary-zone=SECONDARY_ZONE--zone=ZONE][--source-ip-address=SOURCE_IP_ADDRESS :--source-port=SOURCE_PORT; default=3306][GCLOUD_WIDE_FLAG …]

gcloudalphasqlinstancescreateprod-instance--database-version=MYSQL_8_0--cpu=2--memory=4GB--region=us-central1--root-password=password123

To create a Postgres 15 instance with IDprod-instance that has 2 CPUs, 8 GiB ofRAM, and is in the zoneus-central1-a,where the 'postgres' user has its password set topassword123, run:

gcloudalphasqlinstancescreateprod-instance--database-version=POSTGRES_15--cpu=2--memory=8GiB--zone=us-central1-a--root-password=password123

To create a SQL Server 2022 Express instance with IDprod-instance that has 2 CPUs, 3840MiB ofRAM, and is in the zoneus-central1-a,where the 'sqlserver' user has its password set topassword123, run:

gcloudalphasqlinstancescreateprod-instance--database-version=SQLSERVER_2022_EXPRESS--cpu=2--memory=3840MiB--zone=us-central1-a--root-password=password123

INSTANCE

Cloud SQL instance ID.

--activation-policy=ACTIVATION_POLICY

Activation policy for this instance. This specifies when the instance should beactivated and is applicable only when the instance state isRUNNABLE. The default isalways. More information onactivation policies can be found here:https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy.ACTIVATION_POLICY must be one of:always,never.

--active-directory-dns-servers=[DNS_SERVER_IP_ADDRESS,…]

A comma-separated list of the DNS servers to be used for Active Directory. Onlyavailable for SQL Server instances. E.g: 10.0.0.1,10.0.0.2

--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN

Managed Service for Microsoft Active Directory domain this instance is joinedto. Only available for SQL Server instances.

--active-directory-mode=ACTIVE_DIRECTORY_MODE

Defines the Active Directory mode. Only available for SQL Server instances.ACTIVE_DIRECTORY_MODE must be one of:MANAGED_ACTIVE_DIRECTORY,CUSTOMER_MANAGED_ACTIVE_DIRECTORY.

--active-directory-organizational-unit=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT

Defines the organizational unit to be used for Active Directory. Only availablefor SQL Server instances. E.g: OU=Cloud,DC=ad,DC=example,DC=com

--active-directory-secret-manager-key=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY

The secret manager key storing administrator credentials. Only available for SQLServer instances.

--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME

The name of the IP range allocated for a Cloud SQL instance with private networkconnectivity. For example: 'google-managed-services-default'. If set, theinstance IP is created in the allocated range represented by this name.

--[no-]assign-ip

Assign a public IP address to the instance. This is a public, externallyavailable IPv4 address that you can use to connect to your instance whenproperly authorized. Use--assign-ip to enable and--no-assign-ip to disable.

--async

Return immediately, without waiting for the operation in progress to complete.

--audit-bucket-path=AUDIT_BUCKET_PATH

The location, as a Cloud Storage bucket, to which audit files are uploaded. TheURI is in the form gs://bucketName/folderName. Only available for SQL Serverinstances.

--audit-retention-interval=AUDIT_RETENTION_INTERVAL

The number of days for audit log retention on disk, for example, 3dfor 3 days.Only available for SQL Server instances.

--audit-upload-interval=AUDIT_UPLOAD_INTERVAL

How often to upload audit logs (audit files), for example, 30mfor 30 minutes.Only available for SQL Server instances.

--authorized-networks=NETWORK,[NETWORK,…]

The list of external networks that are allowed to connect to the instance.Specified in CIDR notation, also known as 'slash' notation (e.g.192.168.100.0/24).

--availability-type=AVAILABILITY_TYPE

Specifies level of availability.AVAILABILITY_TYPE mustbe one of:

regional

Provides high availability and is recommended for production instances; instanceautomatically fails over to another zone within your selected region.

zonal

Provides no failover capability. This is the default.

--backup

Enables daily backup. Enabled by default, use--no-backup todisable.

--backup-location=BACKUP_LOCATION

Choose where to store your backups. Backups are stored in the closestmulti-region location to you by default. Only customize if needed.

--backup-start-time=BACKUP_START_TIME

Start time of daily backups, specified in the HH:MM format, in the UTC timezone.

--cascadable-replica

Specifies whether a SQL Server replica is a cascadable replica. A cascadablereplica is a SQL Server cross-region replica that supports replica(s) under it.This flag only takes effect when the--master-instance-name flag isset, and the replica under creation is in a different region than the primaryinstance.

--clear-active-directory-dns-servers

Removes the list of DNS Servers from the Active Directory Config.

--collation=COLLATION

Cloud SQL server-level collation setting, which specifies the set of rules forcomparing characters in a character set.

--connection-pool-flags=FLAG=VALUE,[FLAG=VALUE,…]

Comma-separated list of connection pool flags to set on the instance connectionpool. Use an equals sign to separate flag name and value. More information onavailable flags can be found here:https://cloud.google.com/sql/docs/mysql/managed-connection-pooling#configuration-optionsfor MySQL andhttps://cloud.google.com/sql/docs/postgres/managed-connection-pooling#configuration-optionsfor PostgreSQL. (e.g.,--connection-pool-flagsmax_pool_size=1000,max_client_connections=20)

--connector-enforcement=CONNECTOR_ENFORCEMENT

Cloud SQL Connector enforcement mode. It determines how Cloud SQL Connectors areused in the connection. See the list of modeshere.CONNECTOR_ENFORCEMENT must be one of:

CONNECTOR_ENFORCEMENT_UNSPECIFIED

The requirement for Cloud SQL connectors is unknown.

NOT_REQUIRED

Does not require Cloud SQL connectors.

REQUIRED

Requires all connections to use Cloud SQL connectors, including the Cloud SQLAuth Proxy and Cloud SQL Java, Python, and Go connectors. Note: This disablesall existing authorized networks.

--cpu=CPU

Whole number value indicating how many cores are desired in the machine. Both--cpu and --memory must be specified if a custom machine type is desired, andthe --tier flag must be omitted.--cpu and --memory flags are not compatible withthe Enterprise Plus edition. These flags should not be used when creating anEnterprise Plus edition, as the machine configuration is determined by the--tier flag instead.

--custom-subject-alternative-names=DNS,[DNS,[DNS]]

A comma-separated list of DNS names to add to the instance's SSL certificate. Acustom SAN is a structured way to add additional DNS names (host names) that arenot managed by Cloud SQL to an instance. It allows for hostname verificationduring establishment of a database connection using the DNS name over SSL/TLS.When you create and/or update an instance, you can add a comma-separated list ofup to three DNS names to the server certificate of your instance.

--data-api-access=DATA_API_ACCESS

Controls connectivity to the instance using ExecuteSql API.DATA_API_ACCESS must be one of:

ALLOW_DATA_API

Allow using ExecuteSql API to connect to the instance. For Private IP instances,this will allow authorized users to access the instance from the public internetusing ExecuteSql API.

DATA_API_ACCESS_UNSPECIFIED

Unspecified mode, effectively the same asDISALLOW_DATA_API.

DISALLOW_DATA_API

Disallow using ExecuteSql API to connect to the instance.

--database-flags=FLAG=VALUE,[FLAG=VALUE,…]

Comma-separated list of database flags to set on the instance. Use an equalssign to separate flag name and value. Flags without values, likeskip_grant_tables, can be written out without a value after, e.g.,skip_grant_tables=. Use on/off for booleans. View the InstanceResource API for allowed flags. (e.g.,--database-flagsmax_allowed_packet=55555,skip_grant_tables=,log_output=1)

--database-version=DATABASE_VERSION; default="MYSQL_8_0"

The database engine type and versions. If left unspecified, MYSQL_8_0 is used.See the list of database versions athttps://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/SqlDatabaseVersion.

--[no-]deletion-protection

Enable deletion protection on a Cloud SQL instance. Use--deletion-protection to enable and--no-deletion-protection to disable.

--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE

Date when the deny maintenance period ends, that is2021-01-10.

--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE

Date when the deny maintenance period begins, that is2020-11-01.

--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME

Time when the deny maintenance period starts or ends, that is05:00:00.

--edition=EDITION

Specifies the edition of Cloud SQL instance.EDITIONmust be one of:enterprise,enterprise-plus.

--enable-auto-upgrade-minor-version

Enables auto-upgrade for MySQL 8.0 minor versions. The MySQL version must be8.0.35 or higher.

--enable-bin-log

Allows for data recovery from a specific point in time, down to a fraction of asecond. Must have automatic backups enabled to use. Make sure storage cansupport at least 7 days of logs.

--[no-]enable-connection-pooling

Enable connection pooling for the instance. Use--enable-connection-pooling to enable and--no-enable-connection-pooling to disable.

--[no-]enable-data-cache

Enable use of data cache for accelerated read performance. This flag is onlyavailable for Enterprise_Plus edition instances. Use--enable-data-cache to enable and--no-enable-data-cache to disable.

--[no-]enable-dataplex-integration

Enable Dataplex integration for Google Cloud SQL. Use--enable-dataplex-integration to enable and--no-enable-dataplex-integration to disable.

--[no-]enable-google-ml-integration

Enable Vertex AI integration for Google Cloud SQL. You can integrate Vertex AIwith Cloud SQL for MySQL and Cloud SQL for PostgreSQL instances only. Use--enable-google-ml-integration to enable and--no-enable-google-ml-integration to disable.

--enable-google-private-path

Enable a private path for Google Cloud services. This flag specifies whether theinstance is accessible to internal Google Cloud services such as BigQuery. Thisis only applicable to MySQL and PostgreSQL instances that don't use public IP.Currently, SQL Server isn't supported.

--enable-password-policy

Enable the password policy, which enforces user password management with thepolicies configured for the instance. This flag is only available for Postgres.

--enable-point-in-time-recovery

Allows for data recovery from a specific point in time, down to a fraction of asecond, via write-ahead logs. Must have automatic backups enabled to use. Makesure storage can support at least 7 days of logs.

--enforce-new-sql-network-architecture

Force the instance to use the new network architecture.

--failover-replica-name=FAILOVER_REPLICA_NAME

Also create a failover replica with the specified name.

--[no-]final-backup

Enables the final backup to be taken at the time of instance deletion. Use--final-backup to enable and--no-final-backup todisable.

--final-backup-retention-days=FINAL_BACKUP_RETENTION_DAYS

Specifies number of days to retain final backup. The valid range is between 1and 365. For instances managed by BackupDR, the valid range is between 1 day and99 years. Default value is 30 days.

--[no-]insights-config-query-insights-enabled

Enable query insights feature to provide query and query plan analytics.

Use--insights-config-query-insights-enabled to enable and--no-insights-config-query-insights-enabled to disable.

--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE

Number of query plans to sample every minute. Default value is 5. Allowed range:0 to 20.

--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH

Sets the default query length limit. For Cloud SQL Enterprise edition, the rangeis from 256 to 4500 (in bytes) and the default query length is 1024 bytes. ForCloud SQL Enterprise Plus edition, the range is from 1024 to 100,000 (in bytes)and the default query length is 10,000 bytes.

--[no-]insights-config-record-application-tags

Allow application tags to be recorded by the query insights feature.

Use--insights-config-record-application-tags to enable and--no-insights-config-record-application-tags to disable.

--[no-]insights-config-record-client-address

Allow the client address to be recorded by the query insights feature.

Use--insights-config-record-client-address to enable and--no-insights-config-record-client-address to disable.

--instance-type=INSTANCE_TYPE

The type of the instance.INSTANCE_TYPE must be one of:

CLOUD_SQL_INSTANCE

A primary instance.

READ_POOL_INSTANCE

A read pool instance.

READ_REPLICA_INSTANCE

A read replica instance.

--labels=[KEY=VALUE,…]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens(-), underscores (_), lowercase characters, andnumbers. Values must contain only hyphens (-), underscores(_), lowercase characters, and numbers.

--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL

Which channel's updates to apply during the maintenance window. If notspecified, Cloud SQL chooses the timing of updates to your instance.MAINTENANCE_RELEASE_CHANNEL must be one of:

preview

Preview updates release prior to production updates. You may wish to use thepreview channel for dev/test applications so that you can preview theircompatibility with your application prior to the production release.

production

Production updates are stable and recommended for applications in production.

week5

week5 updates release after the production updates. Use the week5 channel toreceive a 5 week advance notification about the upcoming maintenance, so you canprepare your application for the release.

--maintenance-window-day=MAINTENANCE_WINDOW_DAY

Day of week for maintenance window, in UTC time zone.MAINTENANCE_WINDOW_DAY must be one of:SUN,MON,TUE,WED,THU,FRI,SAT.

--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR

Hour of day for maintenance window, in UTC time zone.

--master-instance-name=MASTER_INSTANCE_NAME

Name of the instance which will act as master in the replication setup. Thenewly created instance will be a read replica of the specified master instance.

--memory=MEMORY

Whole number value indicating how much memory is desired in the machine. A sizeunit should be provided (eg. 3072MiB or 9GiB) - if no units are specified, GiBis assumed. Both --cpu and --memory must be specified if a custom machine typeis desired, and the --tier flag must be omitted. --cpu and --memory flags arenot compatible with the Enterprise Plus edition. These flags should not be usedwhen creating an Enterprise Plus edition, as the machine configuration isdetermined by the --tier flag instead.

--network=NETWORK

Network in the current project that the instance will be part of. To specifyusing a network with a shared VPC, use the full URL of the network. For anexample host project, 'testproject', and shared network, 'testsharednetwork',this would use the form:--network=projects/testproject/global/networks/testsharednetwork

--node-count=NODE_COUNT

The number of nodes in the pool. This option is only available for read pools.

--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY

The complexity of the password. This flag is available only for PostgreSQL.PASSWORD_POLICY_COMPLEXITY must be one of:

COMPLEXITY_DEFAULT

A combination of lowercase, uppercase, numeric, and non-alphanumeric characters.

COMPLEXITY_UNSPECIFIED

The default value if COMPLEXITY_DEFAULT is not specified. It implies thatcomplexity check is not enabled.

--[no-]password-policy-disallow-username-substring

Disallow username as a part of the password. Use--password-policy-disallow-username-substring to enable and--no-password-policy-disallow-username-substring to disable.

--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH

Minimum number of characters allowed in the password.

--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL

Minimum interval after which the password can be changed, for example, 2m for 2minutes. See <a href="/sdk/gcloud/reference/topic/datetimes"> $gcloud topic datetimes</a> forinformation on duration formats. This flag is available only for PostgreSQL.

--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL

Number of previous passwords that cannot be reused. The valid range is 0 to 100.

--performance-capture-config=KEY=VALUE,[KEY=VALUE,…]

A comma-separated list of performance capture settings to add to the MySQLinstance. The input should be in a format of key=value. Available case-sensitivekeys are: enabled (boolean), probing-interval-seconds (integer), probe-threshold(integer), running-threads-threshold (integer), seconds-behind-source-threshold(integer), and transaction-duration-threshold (integer). Example:--performance-capture-config enabled=true,probe-threshold=5

--psc-auto-connections=[network=NETWORK],[project=PROJECT]

A comma-separated list of networks or network-project pairs. Each project isrepresented by a project number (numeric) or by a project ID (alphanumeric).This allows Private Service Connect connections to be created automatically forthe specified networks. For example, this connection uses "the formpsc-auto-connections=network=projects/testproject1/global/networks/testnetwork1"or "the formpsc-auto-connections=project=testproject1,network=projects/testproject1/global/networks/testnetwork1".Setspsc_auto_connections value.

network

Required, setsnetwork value.

project

Setsproject value.

Shorthand Example:

--psc-auto-connections=network=string,project=string

JSON Example:

--psc-auto-connections='{"network": "string", "project": "string"}'

File Example:

--psc-auto-connections=path_to_file.(yaml|json)

--[no-]recreate-replicas-on-primary-crash

Allow/Disallow replica recreation when a primary MySQL instance operating inreduced durability mode crashes. Not recreating the replicas might lead to datainconsistencies between the primary and its replicas. This setting is onlyapplicable for MySQL instances and is enabled by default. Use--recreate-replicas-on-primary-crash to enable and--no-recreate-replicas-on-primary-crash to disable.

--replica-type=REPLICA_TYPE

The type of replica to create.REPLICA_TYPE must be oneof:READ,FAILOVER.

--replication=REPLICATION

Type of replication this instance uses. The default is synchronous.REPLICATION must be one of:synchronous,asynchronous.

--replication-lag-max-seconds-for-recreate=REPLICATION_LAG_MAX_SECONDS_FOR_RECREATE

Set a maximum replication lag for a MySQL read replica in seconds. If thereplica lag exceeds the specified value, the readreplica(s) will be recreated.Min value=300 seconds,Max value=31536000 seconds, default value=31536000seconds.

--require-ssl

Specified if users connecting over IP must use SSL.

--[no-]retain-backups-on-delete

Retain automated/ondemand backups of the instance after the instance is deleted.Use--retain-backups-on-delete to enable and--no-retain-backups-on-delete to disable.

--retained-backups-count=RETAINED_BACKUPS_COUNT

How many backups to keep. The valid range is between 1 and 365. Default value is7 for Enterprise edition instances. For Enterprise_Plus, default value is 15.Applicable only if --no-backups is not specified.

--retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS

How many days of transaction logs to keep. The valid range is between 1 and 35.Only use this option when point-in-time recovery is enabled. If logs are storedon disk, storage size for transaction logs could increase when the number ofdays for log retention increases. For Enterprise, default and max retentionvalues are 7 and 7 respectively. For Enterprise_Plus, default and max retentionvalues are 14 and 35.

--root-password=ROOT_PASSWORD

Root Cloud SQL user's password.

--server-ca-mode=SERVER_CA_MODE

Set the server CA mode of the instance.SERVER_CA_MODEmust be one of:

CUSTOMER_MANAGED_CAS_CA

Customer-managed CA hosted on Google Cloud's Certificate Authority Service(CAS).

GOOGLE_MANAGED_CAS_CA

Google-managed regional CA part of root CA hierarchy hosted on Google Cloud'sCertificate Authority Service (CAS).

GOOGLE_MANAGED_INTERNAL_CA

Google-managed self-signed internal CA.

--server-ca-pool=SERVER_CA_POOL

Set the server CA pool of the instance.

--ssl-mode=SSL_MODE

Set the SSL mode of the instance.SSL_MODE must be oneof:

ALLOW_UNENCRYPTED_AND_ENCRYPTED

Allow non-SSL and SSL connections. For SSL connections, client certificate willnot be verified.

ENCRYPTED_ONLY

Only allow connections encrypted with SSL/TLS.

TRUSTED_CLIENT_CERTIFICATE_REQUIRED

Only allow connections encrypted with SSL/TLS and with valid clientcertificates.

--[no-]storage-auto-increase

Storage size can be increased, but it cannot be decreased; storage increases arepermanent for the life of the instance. With this setting enabled, a spike instorage requirements can result in permanently increased storage costs for yourinstance. However, if an instance runs out of available space, it can result inthe instance going offline, dropping existing connections. This setting isenabled by default. Use--storage-auto-increase to enable and--no-storage-auto-increase to disable.

--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT

Allows you to set a maximum storage capacity, in GB. Automatic increases to yourcapacity will stop once this limit has been reached. Default capacity isunlimited.

--storage-provisioned-iops=STORAGE_PROVISIONED_IOPS

Indicates how many IOPS to provision for the data disk. This sets the number ofI/O operations per second that the disk can handle.

--storage-provisioned-throughput=STORAGE_PROVISIONED_THROUGHPUT

Indicates how much throughput to provision for the data disk. This sets thethroughput in MB per second that the disk can handle.

--storage-size=STORAGE_SIZE

Amount of storage allocated to the instance. Must be an integer number of GB.The default is 10GB. Information on storage limits can be found here:https://cloud.google.com/sql/docs/quotas#storage_limits

--storage-type=STORAGE_TYPE

The storage type for the instance, determined by the selected machine type.STORAGE_TYPE must be one of:SSD,HDD,HYPERDISK_BALANCED.

--tags=TAG=VALUE,[TAG=VALUE,…]

Comma-separated list of tags to set on the instance. Use an equals signtoseparate tag name and value.(e.g.,--tags tag1:value1,tag2=value2)

--threads-per-core=THREADS_PER_CORE

The number of threads per core. The value of this flag can be 1 or 2. To disableSMT, set this flag to 1. Only available in Cloud SQL for SQL Server instances.

--tier=TIER,-tTIER

Machine type for a shared-core instance e.g.db-g1-small. For all other instances,instead of using tiers, customize your instance by specifying its CPU andmemory. You can do so with the--cpu and--memoryflags. Learn more about how CPU and memory affects pricing:https://cloud.google.com/sql/pricing.

--time-zone=TIME_ZONE

Set a non-default time zone. Only available for SQL Server instances.

--timeout=TIMEOUT; default=3600

Time to synchronously wait for the operation to complete, after which theoperation continues asynchronously. Ignored if --async flag is specified. Bydefault, set to 3600s. To wait indefinitely, set tounlimited.

--allowed-psc-projects=PROJECT,[PROJECT,…]

A comma-separated list of projects. Each project in this list might berepresented by a project number (numeric) or by a project ID (alphanumeric).This allows Private Service Connect connections to be established from specifiedconsumer projects.

--enable-private-service-connect

Enable connecting to the Cloud SQL instance with Private Service Connect.

Key resource - The Cloud KMS (Key Management Service) cryptokey that will beused to protect the instance. The 'Compute Engine Service Agent' service accountmust hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments inthis group can be used to specify the attributes of this resource.

--disk-encryption-key=DISK_ENCRYPTION_KEY

ID of the key or fully qualified identifier for the key.

To set thekms-key attribute:

• provide the argument--disk-encryption-key on the command line.

This flag argument must be specified if any of the other arguments in this groupare specified.

--disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING

The KMS keyring of the key.

To set thekms-keyring attribute:

• provide the argument--disk-encryption-key on the command line witha fully specified name;
• provide the argument--disk-encryption-key-keyring on the commandline.

--disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION

The Google Cloud location for the key.

To set thekms-location attribute:

• provide the argument--disk-encryption-key on the command line witha fully specified name;
• provide the argument--disk-encryption-key-location on the commandline.

--disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT

The Google Cloud project for the key.

To set thekms-project attribute:

• provide the argument--disk-encryption-key on the command line witha fully specified name;
• provide the argument--disk-encryption-key-project on the commandline;
• set the propertycore/project.

Entraid configuration for the SQL Server instance.

--entra-id-application-id=ENTRA_ID_APPLICATION_ID

Set the Entraid application ID.

This flag argument must be specified if any of the other arguments in this groupare specified.

--entra-id-tenant-id=ENTRA_ID_TENANT_ID

Set the Entraid tenant ID.

This flag argument must be specified if any of the other arguments in this groupare specified.

Options for creating an internal replica of an external data source.

--master-dump-file-path=MASTER_DUMP_FILE_PATH

Path to the MySQL dump file in Google Cloud Storage from which the seed importis made. The URI is in the form gs://bucketName/fileName. Compressed gzip files(.gz) are also supported.

This flag argument must be specified if any of the other arguments in this groupare specified.

--master-username=MASTER_USERNAME

Name of the replication user on the external data source.

This flag argument must be specified if any of the other arguments in this groupare specified.

Client and server credentials.

--master-ca-certificate-path=MASTER_CA_CERTIFICATE_PATH

Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate of theCA that signed the external data source's certificate.

This flag argument must be specified if any of the other arguments in this groupare specified.

Client credentials.

--client-certificate-path=CLIENT_CERTIFICATE_PATH

Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate thatwill be used by the replica to authenticate against the external data source.

This flag argument must be specified if any of the other arguments in this groupare specified.

--client-key-path=CLIENT_KEY_PATH

Path to a file containing the unencrypted PKCS#1 or PKCS#8 PEM encoded privatekey associated with the clientCertificate.

This flag argument must be specified if any of the other arguments in this groupare specified.

Password group.

At most one of these can be specified:

--master-password=MASTER_PASSWORD

Password of the replication user on the external data source.

--prompt-for-master-password

Prompt for the password of the replication user on the external data source. Thepassword is all typed characters up to but not including the RETURN or ENTERkey.

Options for configuring read pool auto scale.

--[no-]auto-scale-disable-scale-in

Disables automatic read pool scale-in. When disabled, read pool auto scalingonly supports increasing the read pool node count. By default, both automaticread pool scale-in and scale-out are enabled. Use--auto-scale-disable-scale-in to enable and--no-auto-scale-disable-scale-in to disable.

--[no-]auto-scale-enabled

Enables read pool auto scaling. Supports automatically increasing and decreasingthe read pool's node count based on need. Use--auto-scale-enabledto enable and--no-auto-scale-enabled to disable.

--auto-scale-in-cooldown-seconds=AUTO_SCALE_IN_COOLDOWN_SECONDS

The cooldown period for automatic read pool scale-in. Minimum time betweenscale-in events. Must be an integer value. For example, if the value is 60, thena scale-in event will not be triggered within 60 seconds of the last scale-inevent.

--auto-scale-max-node-count=AUTO_SCALE_MAX_NODE_COUNT

Maximum number of read pool nodes to be maintained.

--auto-scale-min-node-count=AUTO_SCALE_MIN_NODE_COUNT

Minimum number of read pool nodes to be maintained.

--auto-scale-out-cooldown-seconds=AUTO_SCALE_OUT_COOLDOWN_SECONDS

The cooldown period for automatic read pool scale-out. Minimum time betweenscale-out events. Must be an integer value. For example, if the value is 60,then a scale-out event will not be triggered within 60 seconds of the lastscale-out event.

--auto-scale-target-metrics=[METRIC=VALUE,…]

Target metrics for read pool auto scaling. Options are: AVERAGE_CPU_UTILIZATIONand AVERAGE_DB_CONNECTIONS. Example:--auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8

At most one of these can be specified:

--region=REGION; default="us-central"

Regional location (e.g. asia-east1, us-east1). See the full list of regions athttps://cloud.google.com/sql/docs/instance-locations.

At most one of these can be specified:

--gce-zone=GCE_ZONE

(DEPRECATED) Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b,etc.).

Flag--gce-zone is deprecated and will be removed by release255.0.0. Use--zone instead.

--secondary-zone=SECONDARY_ZONE

Preferred secondary Compute Engine zone (e.g. us-central1-a, us-central1-b,etc.).

--zone=ZONE

Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).

Options for creating a wrapper for an external data source.

--source-ip-address=SOURCE_IP_ADDRESS

Public IP address used to connect to and replicate from the external datasource.

This flag argument must be specified if any of the other arguments in this groupare specified.

--source-port=SOURCE_PORT; default=3306

Port number used to connect to and replicate from the external data source.

Run$gcloud help for details.