Create custom images (original) (raw)

Skip to main content

• Technology areas

  • Overview
  • Guides
  • APIs & Reference
  • Samples
  • Resources

• Cross-product tools

• Console

• Discover

• Product overview

• Compute Engine instances

• Instance groups

• Get started

• Create instances

• Instance creation overview

• Create multiple VMs

  • Create a managed instance group (MIG)
    * Basic scenarios for creating MIGs
    * Create a MIG in a single zone
    * Create a MIG in multiple zones in a region
    * Create a MIG with multiple machine types
    * Create a MIG from an existing VM
    * Create a MIG with autoscaling
    * Create a MIG with Flex-start VMs
    * Create a MIG with Spot VMs
    * Create a MIG that adds GPU VMs all at once
    * Create a MIG with stateful configuration

• Create sole-tenant VMs

  • Sole-tenancy overview
  • Create sole-tenant node templates
  • Create sole-tenant node groups
  • Provision a sole-tenant VM
  • Advanced maintenance control for sole-tenant nodes
  • Sole-tenancy best practices
  • Sole-tenancy accounting FAQ

• Migrate VMs

• Choose a migration path

• Bring your own licenses

• Move an existing VM to a new VM

• Connect to VMs

• Connect to a VM

  • About SSH connections
  • Linux VMs
    * Connect to VMs
    * SSH-in-browser
    * Connect as the root user
    * Connect using service accounts
    * Configure apps to use SSH
  • Windows VMs
    * Connect to Windows VMs using RDP
    * Connect to a Windows VM's SAC
    * Connect to Windows VMs using SSH
    * Connect to Windows VMs using PowerShell

• Manage access to VMs

  • Linux VMs
    * Choose an access management method
    * About OS Login
    * Set up OS Login
    * Set up OS Login to require SSH certificates
    * Enable security keys with OS Login
    * Manage OS Login in an organization
    * Monitor OS Login audit logs
  • Manage tags for resources

• IP addresses

• Create a PTR record for a VM

• Verify VM identity

• Manage storage

• Choose a disk type

• Add disks to VMs

  • Create a VM with Local SSD disks
  • Create a VM with additional non-boot disks
  • Create a new Hyperdisk
  • Create a new Persistent Disk
  • Add disks from a storage pool to VMs
  • Share a disk between VMs
  • Attach a disk to a VM
  • Mount in-memory RAM disks

• View disk details

• Make disks highly available

• Back up and restore

• Data protection options

• Configure the default backup setting

• Recover a VM with a corrupted or full disk

• Manage VMs

• Basic operations and lifecycle

  • VM instance lifecycle
  • View VM properties
    * Check that a VM is running
    * View a list of VMs
    * View the details of a VM
    * View the UUID of a VM
    * View the topology of a VM
    * View the source image of a VM
    * View referrers to VMs
    * View network configuration of a VM
    * View the number of visible CPU cores in a VM

• Update VM tenancy

• Manage multiple VMs

  • Manage groups of VMs
    * Work with managed VMs in a MIG
    * View info about MIGs and managed instances
    * Add or remove VMs in a MIG
    * Limit the run time of VMs in a MIG
    * Add instances all at once in a MIG
    * Overview
    * Delete a MIG

• Host maintenance events

  • About host events
  • Live migration process
  • Set the host maintenance policy
  • Query metadata server for notices
  • Simulate a host maintenance event
  • Handle GPU host maintenance events
  • Monitor and plan for a host maintenance event
  • Manually start host maintenance

• Securing VMs

  • About Shielded VMs
  • About Confidential VMs
  • Protect resources with VPC Service Controls
  • Monitor security risks with Security Command Center

• Manage operating systems

• Manage operating systems using VM Manager

• Manage OS images

  • Image management best practices
  • Image families best practices
  • Access Red Hat Knowledgebase
  • Manage access to custom images
  • Set up trusted image policies
  • Export a custom image to Cloud Storage
  • Set image versions in an image family
  • Deprecate a custom image
  • Delete a custom image

• Manage OS packages

• Manage licenses

  • About licenses
  • Manage licenses
  • License changes and restrictions
  • Switch between PAYG and BYOS
  • Switch Windows Server from BYOL to PAYG
  • Update licenses after an OS upgrade
  • Append RHEL ELS licenses
  • Upgrade from Ubuntu to Ubuntu Pro

• Manage VM extensions

  • About VM Extension Manager
  • Global VM extension policies
  • Zonal VM extension policies
  • Install VM extensions by using extension policies
  • Manage VM extensions by using extension policies
  • Monitor VM extensions
  • View VM extension logs

• Run shutdown scripts

• Enable the virtual random number generator (Virtio RNG)

• Deploy workloads

• Agent for Compute Workloads overview

• Applications

  • Interactive: Build a to-do app with MongoDB
  • Deploy an ASP.NET application
  • Set up Joomla
  • Set up LAMP
  • Perform blue/green deployments using Cloud Build

• Databases

  • MySQL
    * MySQL on Compute Engine
    * Install MySQL on Compute Engine
    * Configure MySQL on Compute Engine
    * Set up client access with a private IP address
    * Cloning a MySQL database on Compute Engine
    * Architectures for high availability of MySQL clusters on Compute Engine
    * Deploying a highly available MySQL 5.6 cluster with DRBD on Compute Engine
  • SQL Server
    * Best practices for SQL Server VMs
    * Create
    * Create a high-performance SQL Server VM
    * Add a SQL Server license to an existing Linux server
    * Add a SQL Server license to an existing Windows server
    * Configure
    * Set up AlwaysOn availability groups using an internal load balancer
    * Set up AlwaysOn availability groups using a distributed network name
    * Set up a failover cluster VM that uses S2D
    * Set up a failover cluster VM with multi-writer disks
    * Set up a SQL Server cluster on Linux with Always On availability groups and Pacemaker
    * Migrate
    * Migrate a SQL Server database from AWS EC2 to Compute Engine
    * Migrate a SQL Server database from Windows to Linux
    * Disaster recovery
    * Disaster recovery for Microsoft SQL Server
    * Disaster recovery for Microsoft SQL server on Persistent disk
    * Disaster recovery for Microsoft SQL server on Hyperdisk
    * Deploying Microsoft SQL Server for multi-regional disaster recovery
    * Back up SQL Server databases to a Google Cloud Storage bucket
    * Back up SQL Server databases using instant snapshots
    * Cloning a Microsoft SQL Server database on Compute Engine
    * Load test SQL Server using HammerDB

• Containers

  • Containers on Compute Engine
  • Deploy containers on VMs and managed instance groups
  • Configure options to run your container
  • OpenShift workloads
    * OpenShift on Google Cloud overview
    * Plan for OpenShift on Google Cloud
    * Overview of Cluster Services for OpenShift
    * Built-in integrations for OpenShift
    * Best practices for high availability with OpenShift
    * Disaster recovery for OpenShift on Google Cloud
    * Disaster recovery strategies for active-passive and active-inactive setups with OpenShift

• Microsoft Windows

  • Windows workloads
  • Best practices for Windows Server VMs
  • Setting up Active Directory
  • Best practices for running Active Directory on Google Cloud
  • Deploy Microsoft SharePoint Server on Compute Engine
  • Deploying Microsoft Exchange Server 2016 on Compute Engine

• Monitor

• Monitor logs

  • View audit logs
  • View usage reports
  • View Compute Engine operations
  • Migrate from activity logs to audit logs
  • View activity logs

• Organize resources using labels

• Scale

• Autoscale node groups

• Load balancing

  • About load balancing and scaling
  • Add an instance group to a load balancer
  • Request routing to a multi-region external HTTPS load balancer
  • Cross-region load balancing for Microsoft IIS backends
  • Set up Internal TCP/UDP Load Balancing

• Optimize

• Network performance

  • Network bandwidth
  • Use Google Virtual NIC
  • Use IRDMA network driver
  • Use IDPF network interface
  • Configure a VM with higher bandwidth
  • Reduce latency by using compact placement policies
  • Benchmark higher bandwidth VMs
  • Optimize app latency with load balancing
  • Use DPDK to improve network performance

• Troubleshoot

• General tips

Create custom images

Linux

You can create custom images from source disks, images, snapshots, or images stored in Cloud Storage and use these images to create virtual machine (VM) instances. Custom images are ideal for situations where you have created and modified a persistent boot disk or specific image to a certain state and need to save that state for creating VMs.

Alternatively, you can use the virtual disk import tool to import boot disk images to Compute Engine from your existing systems and add them to your custom images list.

Before you begin

• Read the Images document.
• If you haven't already, set up authentication. Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:
  Select the tab for how you plan to use the samples on this page:

Console

When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

gcloud

1. Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:
   gcloud init
   If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
2. Set a default region and zone.

Go

To use the Go samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

1. Install the Google Cloud CLI.
2. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
3. If you're using a local shell, then create local authentication credentials for your user account:
   gcloud auth application-default login
   You don't need to do this if you're using Cloud Shell.
   If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
   For more information, see Set up authentication for a local development environment.

Java

To use the Java samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

1. Install the Google Cloud CLI.
2. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
3. If you're using a local shell, then create local authentication credentials for your user account:
   gcloud auth application-default login
   You don't need to do this if you're using Cloud Shell.
   If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
   For more information, see Set up authentication for a local development environment.

Node.js

To use the Node.js samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

1. Install the Google Cloud CLI.
2. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
3. If you're using a local shell, then create local authentication credentials for your user account:
   gcloud auth application-default login
   You don't need to do this if you're using Cloud Shell.
   If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
   For more information, see Set up authentication for a local development environment.

Python

To use the Python samples on this page in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.

1. Install the Google Cloud CLI.
2. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
3. If you're using a local shell, then create local authentication credentials for your user account:
   gcloud auth application-default login
   You don't need to do this if you're using Cloud Shell.
   If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
   For more information, see Set up authentication for a local development environment.

REST

To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI.
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
For more information, seeAuthenticate for using REST in the Google Cloud authentication documentation.

Required roles and permissions

To get the permissions that you need to create a custom image, ask your administrator to grant you the following IAM roles on the project:

• Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)
• To connect to an instance that has an attached service account:Service Account User (v1) (roles/iam.serviceAccountUser)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to create a custom image. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to create a custom image:

• compute.images.create
• To create a custom image from a disk:
  • compute.disks.useReadOnly on the disk
  • iam.serviceAccounts.actAs on the instance's service account, if the disk is the boot disk of an instance that has an attached service account
• To create a custom image from an existing image:compute.images.useReadOnly on the source image
• To create a custom image from a standard or archive snapshot:compute.snapshots.useReadOnly on the source snapshot
• To add a label to the new image:compute.images.setLabels on the label

You might also be able to get these permissions with custom roles or other predefined roles.

Create a custom image

This section describes how to create a custom image on a Linux VM. For information about creating a Windows image, see Creating a Windows image.

Select an image storage location

When creating a custom image, you can specify the image'sCloud Storage location, excluding dual-region locations. By specifying the image storage location, you can meet your regulatory and compliance requirements for data locality as well as your high availability needs by providing redundancy across regions. To create, modify, and delete images stored in Cloud Storage, you must haveroles/compute.storageAdmin.

The storage location feature is optional. If you don't select a location, Compute Engine stores your image in the multi-region closest to the image source. For example, when you create an image from a source disk that is located in us-central1 and if you don't specify a location for the custom image, then Compute Engine stores the image in the us multi-region.

If the image is not available in a region where you are creating a VM, Compute Engine caches the image in that region the first time you create a VM.

To see the location where an image is stored, use theimages describecommand from gcloud compute:

gcloud compute images describe IMAGE_NAME
--project=PROJECT_ID

Replace the following:

• IMAGE_NAME: the name of your image.
• PROJECT_ID: the project ID to which the image belongs.

All of your existing images prior to this feature launch remain where they are, the only change is that you can view the image location of all your images. If you have an existing image you want to move, you must recreate it in the new location.

Prepare your VM for an image

You can create an image from a disk even while it is attached to a running VM. However, your image is more reliable if you put the VM in a state that is easier for the image to capture. This section describes how to prepare your boot disk for the image.

Minimize writing data to the persistent disk

Use one of the following processes to reduce the disk writes:

• Stop the VMso that it can shut down and stop writing any data to the persistent disk.
• If you can't stop your VM before you create the image, minimize the amount of writes to the disk and sync your file system. To minimize writing to your persistent disk, follow these steps:
  1. Pause apps or operating system processes that write data to that persistent disk.
  2. Run an app flush to disk if necessary. For example, MySQL has aFLUSHstatement. Other apps might have similar processes.
  3. Stop your apps from writing to your persistent disk.
  4. Run sudo sync.

Disable the auto-delete option for the disk

By default, the auto-delete option is enabled on the boot disks. Before creating an image from a disk, disable auto-delete to prevent the disk from being automatically deleted when you delete the VM.

To disable auto-delete for the disk, use one of the following methods:

Console

1. In the Google Cloud console, go to the VM instances page.
   Go to the VM instances page
2. Click the name of the VM that you're using as the source for creating an image.
   The VM instance details page displays.
3. Click Edit.
4. In the Boot disk section, for the Deletion rule, check that the Keep disk option is selected.
5. Click Save.

gcloud

In the Google Cloud CLI, use thegcloud compute instances set-disk-auto-delete commandto disable the auto-delete option for the disk.

gcloud compute instances set-disk-auto-delete VM_NAME
--no-auto-delete
--disk=SOURCE_DISK

Replace the following:

• VM_NAME: the name of your VM instance.
• SOURCE_DISK: the name of the disk from which you want to create the image.

Go

Go

Before trying this sample, follow the Go setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Go API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

Java

Java

Before trying this sample, follow the Java setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Java API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

Node.js

Node.js

Before trying this sample, follow the Node.js setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Node.js API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

Python

Python

Before trying this sample, follow the Python setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Python API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

REST

To set the auto-delete option of a disk, make a POST request to theinstances.setDiskAutoDelete method.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/setDiskAutoDelete?autoDelete=false&deviceName=SOURCE_DISK

Replace the following:

• PROJECT_ID: the project ID to which the source VM belongs.
• ZONE: the zone where the source VM is located.
• VM_NAME: the name of the source VM.
• SOURCE_DISK: the device name of the disk from which you want to create the image.

After you prepare the VM, create the image.

Create the image

You can create disk images from the following sources:

• A persistent disk, even while that disk is attached to a VM
• A snapshot of a persistent disk
• Another image in your project
• An image that is shared from another project
• A compressed RAW imagein Cloud Storage

You can create a disk image once every 10 minutes. If you want to issue a burst of requests to create a disk image, you can issue at most 6 requests in 60 minutes. For more information, seeSnapshot frequency limits.

Console

1. In the Google Cloud console, go to the Create an image page.
   Go to Create an image
2. Specify the Name of your image.
3. Specify the Source from which you want to create an image. This can be a persistent disk, a snapshot, another image, or a disk.raw file in Cloud Storage.
4. If you are creating an image from a disk attached to a running VM, select Keep instance running to confirm that you want to create the image while the VM is running. You can prepare your VMbefore creating the image.
5. In the Based on source disk location (default) drop-down list, specify the location to store the image. For example, specify us to store the image in the us multi-region, or us-central1 to store it in the us-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.
6. Optional: specify the properties for your image.
   • Family: the image familythis new image belongs to.
   • Description: a description for your custom image.
   • Label: a label to group together resources.
7. Specify the encryption key. You can choose between a Google-owned and Google-managed encryption key, a Cloud Key Management Service (Cloud KMS) key or a customer- supplied encryption (CSEK)key. If no encryption key is specified, images are encrypted using a Google-owned and Google-managed encryption key.
8. Click Create to create the image.

gcloud

In the Google Cloud CLI, use thegcloud compute images create commandto create a custom image.

Create an image from a source disk:

The --force flag is an optional flag that lets you create the image from a running instance. By default, you cannot create images from running instances. Specify this flag only if you are sure that you want to create the image while the instance is running.

gcloud compute images create IMAGE_NAME
--source-disk=SOURCE_DISK
--source-disk-zone=ZONE
[--family=IMAGE_FAMILY]
[--storage-location=LOCATION]
[--force]

Replace the following:

• IMAGE_NAME: a name for the new image
• SOURCE_DISK: the disk from which you want to create the image
• ZONE: the zone where the disk is located
• IMAGE_FAMILY: Optional: a flag that specifies whichimage family this image belongs to
• LOCATION: Optional: a flag that lets you designate the region or multi-region where your image is stored. For example, specify us to store the image in the us multi-region, or us-central1 to store it in theus-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

Create an image from a source image:

gcloud compute images create IMAGE_NAME
--source-image=SOURCE_IMAGE
[--source-image-project=IMAGE_PROJECT]
[--family=IMAGE_FAMILY]
[--storage-location=LOCATION]

Replace the following:

• IMAGE_NAME: a name for the new image.
• SOURCE_IMAGE: the image from which you want to create the new image.
• IMAGE_PROJECT: Optional: the project the source image is located in. Use this parameter if you want to copy an image from another project.
• IMAGE_FAMILY: Optional: theimage family this new image belongs to.
• LOCATION: Optional: lets you designate the region or multi-region where your image is stored. For example, specify us to store the image in the us multi-region, or us-central1 to store it in the us-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

Create an image from a snapshot:

gcloud compute images create IMAGE_NAME
--source-snapshot=SOURCE_SNAPSHOT
[--storage-location=LOCATION]

Replace the following:

• IMAGE_NAME: a name for the new image
• SOURCE_SNAPSHOT: the snapshot from which you want to create the image
• LOCATION: Optional: a flag that lets you designate the region or multi-region where your image is stored. For example, specify us to store the image in the us multi-region, or us-central1 to store it in theus-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

View an image location:

Use thegcloud compute images describe commandto view an image location.

gcloud compute images describe IMAGE_NAME

Replace IMAGE_NAME with the name of your image that you want to review.

Go

Go

Before trying this sample, follow the Go setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Go API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

Java

Java

Before trying this sample, follow the Java setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Java API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

Python

Python

Before trying this sample, follow the Python setup instructions in theCompute Engine quickstart using client libraries. For more information, see theCompute Engine Python API reference documentation.

To authenticate to Compute Engine, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

REST

Make a POST request to theimages().insert method, a URL in the request body that points to the source object from which you want to create the image. Specify URLs to your resources using your own project ID and resource names.

Create an image from a persistent disk:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/images

{ "name": "IMAGE_NAME", "sourceDisk": "/zones/ZONE/disks/SOURCE_DISK", ("storageLocations": "LOCATION",) ("forceCreate": "TRUE") }

Replace the following:

• PROJECT_ID: the project ID to which the image belongs.
• IMAGE_NAME: a name for the new image that you want to create.
• ZONE: the zone where the source disk is located.
• SOURCE_DISK: the disk from which you want to create the image.
• LOCATION: Optional: the storage location of your image. For example, specify us to store the image in the usmulti-region, or us-central1 to store it in the us-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

The optional forceCreate parameter lets you create the image from a running VM. Specify TRUE only if you are sure that you want to create the image from a running VM. The forceCreate default setting is FALSE.

Create an image from another image:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/images

{ "name": "IMAGE_NAME", "sourceImage": "/global/images/SOURCE_IMAGE", ("storageLocations": "LOCATION") }

Replace the following:

• PROJECT_ID: the project to which the image belongs.
• IMAGE_NAME: a name for the new image that you want to create.
• SOURCE_IMAGE: the image from which you want to create the image.
• LOCATION: Optional: the storage location of your image. For example, specify us to store the image in theus multi-region, or us-central1 to store it in the us-central1region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

Create an image from a snapshot:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/images { "name": "IMAGE_NAME", "sourceSnapshot": "(/SOURCE_PROJECT_ID)/global/snapshots/SOURCE_SNAPSHOT", ("storageLocations": "LOCATION") }

Replace the following:

• PROJECT_ID: the project to which the image belongs.
• IMAGE_NAME: a name for the new image that you want to create.
• SOURCE_PROJECT_ID: Optional: the project the snapshot is located in. You must have permission to access the snapshot resource in that project.
• SOURCE_SNAPSHOT: the snapshot from which you want to create the image.
• LOCATION: Optional: the storage location of your image. For example, specify us to store the image in the usmulti-region, or us-central1 to store it in the us-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

For more information about adding images, see theimages reference.

After creating a custom image, you can share it across projects. If you allow users from another project to use your custom images, then they can access these images by specifying the image project in their request.

Enable guest operating system features

Use guest operating system (OS) features to configure the following networking, security, storage, and OS options on custom images. Custom images with these configured features are used as boot disks.

gcloud

Use the gcloud compute images create command with the--guest-os-features flag to create a new custom image from an existing custom image.

gcloud compute images create IMAGE_NAME
--source-image=SOURCE_IMAGE
[--source-image-project=IMAGE_PROJECT]
--guest-os-features="FEATURES,..."
[--storage-location=LOCATION]

Replace the following:

• IMAGE_NAME: the name for the new image
• SOURCE_IMAGE: an image to base the new image on
• IMAGE_PROJECT: Optional: the project containing the source image
  Use this parameter to copy an image from another project.
• FEATURES: guest OS tags to enable features for VMs that you create from images
  To add multiple values, use commas to separate values. Set to one or more of the following values:
  • VIRTIO_SCSI_MULTIQUEUE. Use on local SSD devices as an alternative to NVMe. For more information about images that support SCSI, seeChoosing an interface.
    For Linux images, you can enable multi-queue SCSI on local SSD devices on images with kernel versions 3.17 or later. For Windows images, you can enable multi-queue SCSI on local SSD devices on images with Compute Engine Windows driver version 1.2.
  • WINDOWS. Tag Windows Server custom boot images as Windows images.
  • MULTI_IP_SUBNET. Configure interfaces with a netmask other than/32. For more information about multiple network interfaces and how they work, see Multiple network interfaces overview and examples.
  • UEFI_COMPATIBLE. Boot with UEFI firmware and the following Shielded VM features:
    * Secure Boot: disabled by default
    * Virtual Trusted Platform Module (vTPM): enabled by default
    * Integrity monitoring: enabled by default
  • GVNIC. Support higher network bandwidths of up to 50 Gbps to 100 Gbps speeds. For more information, see Using Google Virtual NIC.
  • IDPF. Support Intel Infrastructure Data Path Function (IDPF) network interfaces.
  • SEV_CAPABLE or SEV_SNP_CAPABLE. Use these tags if you want to use your image on a Confidential VM instance with AMD Secure Encrypted Virtualization (SEV) or AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) support. To check if your kernel supports AMD SEV or AMD SEV-SNP, see Linux kernel details.
  • SEV_LIVE_MIGRATABLE_V2. Use this tag if you want to use your image on a Confidential VM instance that supports live migration on AMD SEV. To check if your kernel supports live migration, see Linux kernel details.
  • TDX_CAPABLE. Use this tag if you want to use your image on a Confidential VM instance with Intel Trust Domain Extensions (TDX) support. To check if your kernel supports Intel TDX, see Linux kernel details.
• LOCATION: Optional: region or multi-region in which to store the image
  For example, specify us to store the image in the us multi-region, or us-central1 to store it in theus-central1 region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.

REST

Use the images().insert methodwith the guestOsFeatures flag to create a new custom image from an existing custom image.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/images

{ "name": "IMAGE_NAME", "sourceImage": "(projects/IMAGE_PROJECT)/global/images/SOURCE_IMAGE", ("storageLocations": "LOCATION",) "guestOsFeatures": [ { "type": "FEATURES" } ] }

Replace the following:

• PROJECT_ID: the ID of the project in which to create the new image
• IMAGE_NAME: a name for the new image
• IMAGE_PROJECT: Optional: the project containing the source image
  Use this parameter to copy an image from another project.
• SOURCE_IMAGE: the image to base the new image on
• LOCATION: Optional: a region or multi-region in which to store the image
  For example, specify us to store the image in the us multi-region, or us-central1 to store it in the us-central1region. If you don't make a selection, Compute Engine stores the image in the multi-region closest to your image's source location.
• FEATURES: guest OS tags to enable features for VMs that you create from images
  To add multiple values, use commas to separate values. Set to one or more of the following values:
  • VIRTIO_SCSI_MULTIQUEUE. Use on local SSD devices as an alternative to NVMe. For more information about images that support SCSI, seeChoosing an interface.
    For Linux images, you can enable multi-queue SCSI on local SSD devices on images with kernel versions 3.17 or later. For Windows images, you can enable multi-queue SCSI on local SSD devices on images with Compute Engine Windows driver version 1.2.
  • WINDOWS. Tag Windows Server custom boot images as Windows images.
  • MULTI_IP_SUBNET. Configure interfaces with a netmask other than/32. For more information about multiple network interfaces and how they work, see Multiple network interfaces overview and examples.
  • UEFI_COMPATIBLE. Boot with UEFI firmware and the following Shielded VM features:
    * Secure Boot: disabled by default
    * Virtual Trusted Platform Module (vTPM): enabled by default
    * Integrity monitoring: enabled by default
  • GVNIC. Support higher network bandwidths of up to 50 Gbps to 100 Gbps speeds. For more information, see Using Google Virtual NIC.
  • IDPF. Support Intel Infrastructure Data Path Function (IDPF) network interfaces.
  • SEV_CAPABLE or SEV_SNP_CAPABLE. Use these tags if you want to use your image on a Confidential VM instance with AMD Secure Encrypted Virtualization (SEV) or AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) support. To check if your kernel supports AMD SEV or AMD SEV-SNP, see Linux kernel details.
  • SEV_LIVE_MIGRATABLE_V2. Use this tag if you want to use your image on a Confidential VM instance that supports live migration on AMD SEV. To check if your kernel supports live migration, see Linux kernel details.
  • TDX_CAPABLE. Use this tag if you want to use your image on a Confidential VM instance with Intel Trust Domain Extensions (TDX) support. To check if your kernel supports Intel TDX, see Linux kernel details.

Avoid sensitive information in UEFI variables

Unified Extensible Firmware Interface (UEFI) variables are key-value pair variables used by the UEFI firmware during boot time to boot the operating system of a VM. Unlike physical machines, where the variables are stored on a hardware chip, Compute Engine virtualizes storage of these variables. As such, in many operating systems, all applications and users can reach these variables and access this information.

Because of this reason, Google strongly recommends that you don't write or store sensitive or personal identifiable information such as passwords or private keys to UEFI variables.

Considerations for Arm images

Google offers the A4X, C4A, and Tau T2Amachine series, which run on Arm CPU platforms. You can start a VM with one of these machine series and then use that source VM to create an Arm image. The process for creating a custom Arm image is identical to creating an x86 image.

To help your users differentiate between Arm and x86 images, Arm images will have an architecture field set to ARM64. Possible values for this field are:

• ARCHITECTURE_UNSPECIFIED
• X86_64
• ARM64

Image users can then filter on this field to find x86 or Arm-based images.

What's next

• Share your private imagewith other projects.
• Learn how to import disks, images, and VM instances.
• Learn how toexport an image to Cloud Storage.
• Learn how tostart a VM from a custom image.
• Learn how to set the image version in an image family.
• Learn how to deprecate a custom image.
• Learn how to delete a custom image.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-06-18 UTC.