Stay organized with collections
Save and categorize content based on your preferences.
Use a machine image to store all the
configuration, metadata, permissions, and data from multiple disks for a VM
instance running on Compute Engine. The VM instance that you use to create a
machine image is referred to as a source VM instance.
For information about when and how to use machine images,
see Machine images.
This document describes the steps for creating a machine image from a source VM
instance.
Before you begin
If you haven't already, set up authentication.
Authentication verifies your identity for access to Google Cloud services and APIs. To run
code or samples from a local development environment, you can authenticate to
Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and
APIs, you don't need to set up authentication.
gcloud
Install the Google Cloud CLI.
After installation,
initialize the Google Cloud CLI by running the following command:
If you use a CSEK to protect your machine image, a full copy of all disk data
is stored during the generation of the machine image. In all other scenarios
disk data is stored in
differential copies.
You can't create machine images from source VMs that:
Have greater than 200 TB of disks attached.
Don't have any attached disks.
Have any attached Hyperdisk volumes.
Use Z3 machine type except for z3-highmem-192-highlssd-metal.
Use a C3D, H3, or A3 machine type.
For instances that don't support the creation of machine images, you can
instead create an OS image from the boot disk of the instance, as described in
Create custom images.
Instance and disk properties not supported by machine image
When you create machine images from VM instances or create VM instances from
machine images, the following instance and disk properties are not preserved
or restored:
disks.architecture
disks.description
disks.labels
disks.locked
disks.multiWriter
disks.onUpdateAction
disks.provisionedIops
disks.shieldedInstanceInitialState
disks.sourceImage
disks.sourceImageEncryptionKey
disks.sourceInstantSnapshot
disks.sourceSnapshot
disks.sourceSnapshotEncryptionKey
privateIpv6GoogleAccess
resourceManagerTags
resourcePolicies
secure_tag
shieldedInstanceConfig
Creating a machine image from a VM
Permissions required for this task
To perform this task, you must have the following
permissions:
compute.machineImages.create on the project
compute.instances.useReadOnly on the source instance
An optional encryption key. You can choose between a Google-owned and Google-managed encryption key, a
Cloud Key Management Service (Cloud KMS) key or a
customer-supplied encryption (CSEK)
key. If no encryption key is specified, machine images are encrypted using
a Google-owned and Google-managed encryption key.
If you want to use a machine image for
instance cloning and snapshotting,
remove the OS and app information that is unique to the instance before
generating the machine image from an instance. For example, for Windows VM
instances, use GCESysprep to prepare the system for replication.
Console
In the Google Cloud console, go to the Machine images page.
Optional: Specify where to store the machine image. Choose between Multi-regional
or Regional storage. For more information about location, see
Machine image storage location.
MACHINE_IMAGE_NAME: name of the machine
image that you want to create.
SOURCE_INSTANCE_URL: full or partial URL of
the source VM instance that you want to use to create the machine image.
For example, if you have a source instance called my-instance in
a project called myProject. The following URLs are valid:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eMachine images store a VM instance's configuration, metadata, permissions, and data from multiple disks, using a source VM instance as the base.\u003c/p\u003e\n"],["\u003cp\u003eMachine images can be created through the Google Cloud console, the Google Cloud CLI, or REST API, requiring specific permissions such as \u003ccode\u003ecompute.machineImages.create\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eCreating a machine image involves specifying a name, the source VM instance, and its zone, with optional settings like storage location and encryption key, with a limit of six creations per instance every 60 minutes.\u003c/p\u003e\n"],["\u003cp\u003eCertain instance and disk properties are not preserved or restored when creating or using machine images, such as \u003ccode\u003edisks.architecture\u003c/code\u003e, \u003ccode\u003edisks.description\u003c/code\u003e, and \u003ccode\u003eresourcePolicies\u003c/code\u003e, among others.\u003c/p\u003e\n"],["\u003cp\u003eMachine images can not be created from source VMs that exceed 200TB of disks, have no attached disks, any attached Hyperdisk volumes or use a C3D, H3, A3 or Z3 machine type.\u003c/p\u003e\n"]]],[],null,["# Create machine images\n\n*** ** * ** ***\n\nUse a machine image to store all the\nconfiguration, metadata, permissions, and data from multiple disks for a VM\ninstance running on Compute Engine. The VM instance that you use to create a\nmachine image is referred to as a *source VM instance*.\n\nFor information about when and how to use machine images,\nsee [Machine images](/compute/docs/machine-images).\n\nThis document describes the steps for creating a machine image from a source VM\ninstance.\n\nBefore you begin\n----------------\n\n- If you haven't already, set up [authentication](/compute/docs/authentication). Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:\n\n Select the tab for how you plan to use the samples on this page: \n\n ### Console\n\n\n When you use the Google Cloud console to access Google Cloud services and\n APIs, you don't need to set up authentication.\n\n ### gcloud\n\n 1.\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n After installation,\n [initialize](/sdk/docs/initializing) the Google Cloud CLI by running the following command:\n\n ```bash\n gcloud init\n ```\n\n\n If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n | **Note:** If you installed the gcloud CLI previously, make sure you have the latest version by running `gcloud components update`.\n 2. [Set a default region and zone](/compute/docs/gcloud-compute#set_default_zone_and_region_in_your_local_client).\n\n ### REST\n\n\n To use the REST API samples on this page in a local development environment, you use the\n credentials you provide to the gcloud CLI.\n 1. [Install](/sdk/docs/install) the Google Cloud CLI. After installation, [initialize](/sdk/docs/initializing) the Google Cloud CLI by running the following command: \n\n ```bash\n gcloud init\n ```\n 2. If you're using an external identity provider (IdP), you must first [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n\n For more information, see\n [Authenticate for using REST](/docs/authentication/rest)\n in the Google Cloud authentication documentation.\n\nLimitations and restrictions\n----------------------------\n\n- You can create a machine image of a specific instance at most 6 times every 60 minutes.\n- You can protect a machine image by using either [Cloud Key Management Service (Cloud KMS)](/kms/docs) or a [customer-supplied encryption key (CSEK)](/compute/docs/disks/customer-supplied-encryption). The encryption key protects the content of the disks. However, metadata isn't protected.\n- If you use a CSEK to protect your machine image, a full copy of all disk data is stored during the generation of the machine image. In all other scenarios disk data is stored in [differential copies](/compute/docs/machine-images#disk-backup).\n- You can't create machine images from source VMs that:\n\n - Have greater than 200 TB of disks attached.\n - Don't have any attached disks.\n - Have any attached Hyperdisk volumes.\n - Use Z3 machine type except for `z3-highmem-192-highlssd-metal`.\n - Use a C3D, H3, or A3 machine type.\n\n For instances that don't support the creation of machine images, you can\n instead create an OS image from the boot disk of the instance, as described in\n [Create custom images](/compute/docs/images/create-custom).\n\n### Instance and disk properties not supported by machine image\n\nWhen you create machine images from VM instances or create VM instances from\nmachine images, the following instance and disk properties are not preserved\nor restored:\n\n- `disks.architecture`\n- `disks.description`\n- `disks.labels`\n- `disks.locked`\n- `disks.multiWriter`\n- `disks.onUpdateAction`\n- `disks.provisionedIops`\n- `disks.shieldedInstanceInitialState`\n- `disks.sourceImage`\n- `disks.sourceImageEncryptionKey`\n- `disks.sourceInstantSnapshot`\n- `disks.sourceSnapshot`\n- `disks.sourceSnapshotEncryptionKey`\n- `privateIpv6GoogleAccess`\n- `resourceManagerTags`\n- `resourcePolicies`\n- `secure_tag`\n- `shieldedInstanceConfig`\n\nCreating a machine image from a VM\n----------------------------------\n\n#### Permissions required for this task\n\nTo perform this task, you must have the following\n[permissions](/iam/docs/overview#permissions):\n\n\n- `compute.machineImages.create` on the project\n- `compute.instances.useReadOnly` on the source instance\n- `compute.disks.createSnapshot` on the disk\n\nYou can create machine images using either the\n[Google Cloud console](https://console.cloud.google.com/), the\n[Google Cloud CLI](/compute/docs/gcloud-compute), or\n[REST](/compute/docs/reference/rest/v1).\n\nTo create a machine image, you need the following information:\n\n- A name for the machine image that you want to create.\n- The name of the source VM instance.\n- The zone that the source VM instance is located in.\n- An optional description.\n- An optional [`storageLocation`](/compute/docs/machine-images#storage-location). If you don't specify a location, the default storage location is the [multiregional Cloud Storage location](/storage/docs/locations#location-mr) of the source VM instance.\n- An optional encryption key. You can choose between a Google-owned and Google-managed encryption key, a [Cloud Key Management Service (Cloud KMS)](/kms/docs) key or a [customer-supplied encryption (CSEK)](/compute/docs/disks/customer-supplied-encryption) key. If no encryption key is specified, machine images are encrypted using a Google-owned and Google-managed encryption key.\n- If you want to use a machine image for\n [instance cloning and snapshotting](/compute/docs/machine-images#cloning),\n remove the OS and app information that is unique to the instance before\n generating the machine image from an instance. For example, for Windows VM\n instances, use `GCESysprep` to prepare the system for replication.\n\n### Console\n\n1. In the Google Cloud console, go to the **Machine images** page.\n\n [Go to Machine images](https://console.cloud.google.com/compute/machineImages)\n2. Click **Create Machine image**.\n\n3. Specify a **Name** for your machine image.\n\n4. Optional: Provide a **Description**.\n\n5. Select the **Source VM instance**.\n\n6. Optional: Specify where to store the machine image. Choose between **Multi-regional**\n or **Regional** storage. For more information about location, see\n [Machine image storage location](/compute/docs/machine-images#storage-location).\n\n7. Optional: Select an **Encryption** method.\n\n8. Click **Create**.\n\n### gcloud\n\nUse the\n[`gcloud compute machine-images create`](/sdk/gcloud/reference/compute/machine-images/create)\ncommand to create a machine image from an instance. \n\n```\ngcloud compute machine-images create MACHINE_IMAGE_NAME \\\n --source-instance=SOURCE_VM_NAME\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eMACHINE_IMAGE_NAME\u003c/var\u003e: name of the machine image that you want to create.\n- \u003cvar translate=\"no\"\u003eSOURCE_VM_NAME\u003c/var\u003e: name of the source VM instance that you want to create the image from.\n\n**Example**\n\nFor example, you can use the following `gcloud` command to create a machine\nimage called `my-machine-image` from a source instance called `my-instance`: \n\n```\ngcloud compute machine-images create my-machine-image \\\n --source-instance=my-instance\n```\n\nThe process takes a few minutes. When the machine image is created, you get\nan output that resembles the following: \n\n```\nCreated [https://www.googleapis.com/compute/v1/projects/project-12345/global/machineImages/my-machine-image].\nNAME STATUS\nmy-machine-image READY\n```\n\n### REST\n\nIn the API, construct a `POST` request to the\n[`machineimages.insert`](/compute/docs/reference/rest/v1/machineImages/insert)\nmethod. In the request body, include the following `POST` request: \n\n```\nPOST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/machineImages\n\n{\n \"name\": \"MACHINE_IMAGE_NAME\",\n \"sourceInstance\": \"SOURCE_INSTANCE_URL\"\n}\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: [project ID](/resource-manager/docs/creating-managing-projects#identifying_projects).\n- \u003cvar translate=\"no\"\u003eMACHINE_IMAGE_NAME\u003c/var\u003e: name of the machine image that you want to create.\n- \u003cvar translate=\"no\"\u003eSOURCE_INSTANCE_URL\u003c/var\u003e: full or partial URL of\n the source VM instance that you want to use to create the machine image.\n For example, if you have a source instance called `my-instance` in\n a project called `myProject`. The following URLs are valid:\n\n - `https://www.googleapis.com/compute/v1/projects/myProject/global/instances/my-instance`\n - `projects/myProject/global/instances/my-instance`\n - `global/instances/my-instance`\n\nWhat's next?\n------------\n\n- Learn more about [machine images](/compute/docs/machine-images)\n- [Create VM instances from machine images](/compute/docs/machine-images/create-instance-from-machine-image)"]]
