Skip to content

googleComputeMachineImage

Represents a Machine Image resource. Machine images store all the configuration, metadata, permissions, and data from one or more disks required to create a Virtual machine (VM) instance.

\~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

To get more information about MachineImage, see:

Open in Cloud Shell

Example Usage - Machine Image Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeInstanceVm = new google.computeInstance.ComputeInstance(
  this,
  "vm",
  {
    boot_disk: [
      {
        initialize_params: [
          {
            image: "debian-cloud/debian-11",
          },
        ],
      },
    ],
    machine_type: "e2-medium",
    name: "my-vm",
    network_interface: [
      {
        network: "default",
      },
    ],
    provider: "${google-beta}",
  }
);
new google.computeMachineImage.ComputeMachineImage(this, "image", {
  name: "my-image",
  provider: "${google-beta}",
  source_instance: googleComputeInstanceVm.selfLink,
});
Open in Cloud Shell

Example Usage - Compute Machine Image Kms

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeInstanceVm = new google.computeInstance.ComputeInstance(
  this,
  "vm",
  {
    boot_disk: [
      {
        initialize_params: [
          {
            image: "debian-cloud/debian-11",
          },
        ],
      },
    ],
    machine_type: "e2-medium",
    name: "my-vm",
    network_interface: [
      {
        network: "default",
      },
    ],
    provider: "${google-beta}",
  }
);
const googleKmsKeyRingKeyRing = new google.kmsKeyRing.KmsKeyRing(
  this,
  "key_ring",
  {
    location: "us",
    name: "keyring",
    provider: "${google-beta}",
  }
);
const dataGoogleProjectProject = new google.dataGoogleProject.DataGoogleProject(
  this,
  "project",
  {
    provider: "${google-beta}",
  }
);
const googleKmsCryptoKeyCryptoKey = new google.kmsCryptoKey.KmsCryptoKey(
  this,
  "crypto_key",
  {
    key_ring: googleKmsKeyRingKeyRing.id,
    name: "key",
    provider: "${google-beta}",
  }
);
const googleProjectIamMemberKmsProjectBinding =
  new google.projectIamMember.ProjectIamMember(this, "kms-project-binding", {
    member: `serviceAccount:service-\${${dataGoogleProjectProject.number}}@compute-system.iam.gserviceaccount.com`,
    project: dataGoogleProjectProject.projectId,
    provider: "${google-beta}",
    role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
  });
new google.computeMachineImage.ComputeMachineImage(this, "image", {
  depends_on: [`\${${googleProjectIamMemberKmsProjectBinding.fqn}}`],
  machine_image_encryption_key: [
    {
      kms_key_name: googleKmsCryptoKeyCryptoKey.id,
    },
  ],
  name: "my-image",
  provider: "${google-beta}",
  source_instance: googleComputeInstanceVm.selfLink,
});

Argument Reference

The following arguments are supported:

  • name - (Required) Name of the resource.

  • sourceInstance - (Required) The source instance used to create the machine image. You can provide this as a partial or full URL to the resource.

  • description - (Optional) A text description of the resource.

  • guestFlush - (Optional) Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS).

  • machineImageEncryptionKey - (Optional) Encrypts the machine image using a customer-supplied encryption key. After you encrypt a machine image with a customer-supplied key, you must provide the same key if you use the machine image later (e.g. to create a instance from the image) Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The machineImageEncryptionKey block supports:

  • rawKey - (Optional) Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

  • sha256 - (Output) The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

  • kmsKeyName - (Optional) The name of the encryption key that is stored in Google Cloud KMS.

  • kmsKeyServiceAccount - (Optional) The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/global/machineImages/{{name}}

  • storageLocations - The regional or multi-regional Cloud Storage bucket location where the machine image is stored.

  • selfLink - The URI of the created resource.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

MachineImage can be imported using any of these accepted formats:

$ terraform import google_compute_machine_image.default projects/{{project}}/global/machineImages/{{name}}
$ terraform import google_compute_machine_image.default {{project}}/{{name}}
$ terraform import google_compute_machine_image.default {{name}}

User Project Overrides

This resource supports User Project Overrides.