Represents a Machine Image resource. Machine images store all the configuration, metadata, permissions, and data from one or more disks required to create a Virtual machine (VM) instance.
To get more information about MachineImage, see:
resource "google_compute_instance" "vm" {
provider = google-beta
name = "my-vm"
machine_type = "e2-medium"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = "default"
}
}
resource "google_compute_machine_image" "image" {
provider = google-beta
name = "my-image"
source_instance = google_compute_instance.vm.self_link
}
resource "google_compute_instance" "vm" {
provider = google-beta
name = "my-vm"
machine_type = "e2-medium"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = "default"
}
}
resource "google_compute_machine_image" "image" {
provider = google-beta
name = "my-image"
source_instance = google_compute_instance.vm.self_link
machine_image_encryption_key {
kms_key_name = google_kms_crypto_key.crypto_key.id
}
}
resource "google_kms_crypto_key" "crypto_key" {
provider = google-beta
name = "key"
key_ring = google_kms_key_ring.key_ring.id
}
resource "google_kms_key_ring" "key_ring" {
provider = google-beta
name = "keyring"
location = "us"
}
The following arguments are supported:
name
-
(Required)
Name of the resource.
source_instance
-
(Required)
The source instance used to create the machine image. You can provide this as a partial or full URL to the resource.
description
-
(Optional)
A text description of the resource.
guest_flush
-
(Optional)
Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process.
Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS).
machine_image_encryption_key
-
(Optional)
Encrypts the machine image using a customer-supplied encryption key.
After you encrypt a machine image with a customer-supplied key, you must
provide the same key if you use the machine image later (e.g. to create a
instance from the image)
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The machine_image_encryption_key
block supports:
raw_key
-
(Optional)
Specifies a 256-bit customer-supplied encryption key, encoded in
RFC 4648 base64 to either encrypt or decrypt this resource.
sha256
-
(Output)
The RFC 4648 base64 encoded SHA-256 hash of the
customer-supplied encryption key that protects this resource.
kms_key_name
-
(Optional)
The name of the encryption key that is stored in Google Cloud KMS.
kms_key_service_account
-
(Optional)
The service account used for the encryption request for the given KMS key.
If absent, the Compute Engine Service Agent service account is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/global/machineImages/{{name}}
storage_locations
-
The regional or multi-regional Cloud Storage bucket location where the machine image is stored.
self_link
- The URI of the created resource.This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.delete
- Default is 20 minutes.MachineImage can be imported using any of these accepted formats:
projects/{{project}}/global/machineImages/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import MachineImage using one of the formats above. For example:
import {
id = "projects/{{project}}/global/machineImages/{{name}}"
to = google_compute_machine_image.default
}
When using the terraform import
command, MachineImage can be imported using one of the formats above. For example:
$ terraform import google_compute_machine_image.default projects/{{project}}/global/machineImages/{{name}}
$ terraform import google_compute_machine_image.default {{project}}/{{name}}
$ terraform import google_compute_machine_image.default {{name}}
This resource supports User Project Overrides.