NAME

gcloud alpha sql instances create - creates a new Cloud SQL instance

SYNOPSIS

gcloud alpha sql instances create INSTANCE [--activation-policy=ACTIVATION_POLICY] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--authorized-networks=NETWORK,[NETWORK,...]] [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--database-version=DATABASE_VERSION; default="MYSQL_8_0"] [--[no-]deletion-protection] [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE] [--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE] [--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME] [--enable-bin-log] [--enable-google-private-path] [--enable-password-policy] [--enable-point-in-time-recovery] [--failover-replica-name=FAILOVER_REPLICA_NAME] [--[no-]insights-config-query-insights-enabled] [--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE] [--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH] [--[no-]insights-config-record-application-tags] [--[no-]insights-config-record-client-address] [--labels=[KEY=VALUE,...]] [--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL] [--maintenance-window-day=MAINTENANCE_WINDOW_DAY] [--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR] [--master-instance-name=MASTER_INSTANCE_NAME] [--memory=MEMORY] [--network=NETWORK] [--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY] [--[no-]password-policy-disallow-username-substring] [--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH] [--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL] [--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL] [--replica-type=REPLICA_TYPE] [--replication=REPLICATION] [--require-ssl] [--retained-backups-count=RETAINED_BACKUPS_COUNT] [--retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS] [--root-password=ROOT_PASSWORD] [--[no-]storage-auto-increase] [--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT] [--storage-size=STORAGE_SIZE] [--storage-type=STORAGE_TYPE] [--tier=TIER, -t TIER] [--time-zone=TIME_ZONE] [--timeout=TIMEOUT; default=3600] [--disk-encryption-key=DISK_ENCRYPTION_KEY : --disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING --disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION --disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT] [--master-dump-file-path=MASTER_DUMP_FILE_PATH --master-username=MASTER_USERNAME : [--master-ca-certificate-path=MASTER_CA_CERTIFICATE_PATH : --client-certificate-path=CLIENT_CERTIFICATE_PATH --client-key-path=CLIENT_KEY_PATH] --master-password=MASTER_PASSWORD | --prompt-for-master-password] [--region=REGION; default="us-central" | --gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [--source-ip-address=SOURCE_IP_ADDRESS : --source-port=SOURCE_PORT; default=3306] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) Creates a new Cloud SQL instance.

EXAMPLES

To create a MySQL 5.7 instance with ID prod-instance that has 2 CPUs, 4 GB of RAM, and is in the region us-central1 (a zone will be auto-assigned), where the 'root' user has its password set to password123, run:

$ gcloud alpha sql instances create prod-instance \ --database-version=MYSQL_5_7 --cpu=2 --memory=4GB \ --region=us-central1 --root-password=password123

To create a Postgres 9.6 instance with ID prod-instance that has 2 CPUs, 8 GiB of RAM, and is in the zone us-central1-a, where the 'postgres' user has its password set to password123, run:

$ gcloud alpha sql instances create prod-instance \ --database-version=POSTGRES_9_6 --cpu=2 --memory=8GiB \ --zone=us-central1-a --root-password=password123

To create a SQL Server 2017 Express instance with ID prod-instance that has 2 CPUs, 3840MiB of RAM, and is in the zone us-central1-a, where the 'sqlserver' user has its password set to password123, run:

$ gcloud alpha sql instances create prod-instance \ --database-version=SQLSERVER_2017_EXPRESS --cpu=2 \ --memory=3840MiB --zone=us-central1-a \ --root-password=password123

POSITIONAL ARGUMENTS

INSTANCE

Cloud SQL instance ID.

FLAGS

--activation-policy=ACTIVATION_POLICY

Activation policy for this instance. This specifies when the instance should be activated and is applicable only when the instance state is RUNNABLE. The default is on-demand. More information on activation policies can be found here: https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never, on-demand.

--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN

Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances.

--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME

The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: 'google-managed-services-default'. If set, the instance IP is created in the allocated range represented by this name.

--[no-]assign-ip

Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your instance when properly authorized. Use --assign-ip to enable and --no-assign-ip to disable.

--async

Return immediately, without waiting for the operation in progress to complete.

--audit-bucket-path=AUDIT_BUCKET_PATH

The location, as a Cloud Storage bucket, to which audit files are uploaded. The URI is in the form gs://bucketName/folderName. Only available for SQL Server instances.

--audit-retention-interval=AUDIT_RETENTION_INTERVAL

The number of days for audit log retention on disk, for example, 3dfor 3 days. Only available for SQL Server instances.

--audit-upload-interval=AUDIT_UPLOAD_INTERVAL

How often to upload audit logs (audit files), for example, 30mfor 30 minutes. Only available for SQL Server instances.

--authorized-networks=NETWORK,[NETWORK,...]

The list of external networks that are allowed to connect to the instance. Specified in CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24).

--availability-type=AVAILABILITY_TYPE

Specifies level of availability. AVAILABILITY_TYPE must be one of:

regional

Provides high availability and is recommended for production instances; instance automatically fails over to another zone within your selected region.

zonal

Provides no failover capability. This is the default.

--backup

Enables daily backup. Enabled by default, use --no-backup to disable.

--backup-location=BACKUP_LOCATION

Choose where to store your backups. Backups are stored in the closest multi-region location to you by default. Only customize if needed.

--backup-start-time=BACKUP_START_TIME

Start time of daily backups, specified in the HH:MM format, in the UTC timezone.

--collation=COLLATION

Cloud SQL server-level collation setting, which specifies the set of rules for comparing characters in a character set.

--connector-enforcement=CONNECTOR_ENFORCEMENT

Cloud SQL Connector enforcement mode. It determines how Cloud SQL Connectors are used in the connection. See the list of modes here https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances#connectorenforcement. CONNECTOR_ENFORCEMENT must be one of:

CONNECTOR_ENFORCEMENT_UNSPECIFIED

The requirement for Cloud SQL connectors is unknown.

NOT_REQUIRED

Does not require Cloud SQL connectors.

REQUIRED

Requires all connections to use Cloud SQL connectors, including the Cloud SQL Auth Proxy and Cloud SQL Java, Python, and Go connectors. Note: This disables all existing authorized networks.

--cpu=CPU

Whole number value indicating how many cores are desired in the machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.

--database-flags=FLAG=VALUE,[FLAG=VALUE,...]

Comma-separated list of database flags to set on the instance. Use an equals sign to separate flag name and value. Flags without values, like skip_grant_tables, can be written out without a value after, e.g., skip_grant_tables=. Use on/off for booleans. View the Instance Resource API for allowed flags. (e.g., --database-flags max_allowed_packet=55555,skip_grant_tables=,log_output=1)

--database-version=DATABASE_VERSION; default="MYSQL_8_0"

The database engine type and versions. If left unspecified, MYSQL_8_0 is used. See the list of database versions at https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/SqlDatabaseVersion.

--[no-]deletion-protection

Enable deletion protection on a Cloud SQL instance. Use --deletion-protection to enable and --no-deletion-protection to disable.

--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE

Date when the deny maintenance period ends, that is 2021-01-10.

--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE

Date when the deny maintenance period begins, that is 2020-11-01.

--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME

Time when the deny maintenance period starts or ends, that is 05:00:00.

--enable-bin-log

Allows for data recovery from a specific point in time, down to a fraction of a second. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.

--enable-google-private-path

Enable a private path for Google Cloud services. This flag specifies whether the instance is accessible to internal Google Cloud services such as BigQuery. This is only applicable to MySQL and PostgreSQL instances that don't use public IP. Currently, SQL Server isn't supported.

--enable-password-policy

Enable the password policy, which enforces user password management with the policies configured for the instance. This flag is only available for Postgres.

--enable-point-in-time-recovery

Allows for data recovery from a specific point in time, down to a fraction of a second, via write-ahead logs. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.

--failover-replica-name=FAILOVER_REPLICA_NAME

Also create a failover replica with the specified name.

--[no-]insights-config-query-insights-enabled

Enable query insights feature to provide query and query plan analytics.

Use --insights-config-query-insights-enabled to enable and --no-insights-config-query-insights-enabled to disable.

--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE

Number of query plans to sample every minute. Default value is 5. Allowed range: 0 to 20.

--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH

Query string length in bytes to be stored by the query insights feature. Default length is 1024 bytes. Allowed range: 256 to 4500 bytes.

--[no-]insights-config-record-application-tags

Allow application tags to be recorded by the query insights feature.

Use --insights-config-record-application-tags to enable and --no-insights-config-record-application-tags to disable.

--[no-]insights-config-record-client-address

Allow the client address to be recorded by the query insights feature.

Use --insights-config-record-client-address to enable and --no-insights-config-record-client-address to disable.

--labels=[KEY=VALUE,...]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL

Which channel's updates to apply during the maintenance window. If not specified, Cloud SQL chooses the timing of updates to your instance. MAINTENANCE_RELEASE_CHANNEL must be one of:

preview

Preview updates release prior to production updates. You may wish to use the preview channel for dev/test applications so that you can preview their compatibility with your application prior to the production release.

production

Production updates are stable and recommended for applications in production.

--maintenance-window-day=MAINTENANCE_WINDOW_DAY

Day of week for maintenance window, in UTC time zone. MAINTENANCE_WINDOW_DAY must be one of: SUN, MON, TUE, WED, THU, FRI, SAT.

--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR

Hour of day for maintenance window, in UTC time zone.

--master-instance-name=MASTER_INSTANCE_NAME

Name of the instance which will act as master in the replication setup. The newly created instance will be a read replica of the specified master instance.

--memory=MEMORY

Whole number value indicating how much memory is desired in the machine. A size unit should be provided (eg. 3072MiB or 9GiB) - if no units are specified, GiB is assumed. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.

--network=NETWORK

Network in the current project that the instance will be part of. To specify using a network with a shared VPC, use the full URL of the network. For an example host project, 'testproject', and shared network, 'testsharednetwork', this would use the form: --network=projects/testproject/global/networks/testsharednetwork

--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY

The complexity of the password. This flag is available only for PostgreSQL. PASSWORD_POLICY_COMPLEXITY must be one of:

COMPLEXITY_DEFAULT

A combination of lowercase, uppercase, numeric, and non-alphanumeric characters.

COMPLEXITY_UNSPECIFIED

The default value if COMPLEXITY_DEFAULT is not specified. It implies that complexity check is not enabled.

--[no-]password-policy-disallow-username-substring

Disallow username as a part of the password. Use --password-policy-disallow-username-substring to enable and --no-password-policy-disallow-username-substring to disable.

--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH

Minimum number of characters allowed in the password.

--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL

Minimum interval after which the password can be changed, for example, 2m for 2 minutes. See <a href="/sdk/gcloud/reference/topic/datetimes"> $ gcloud topic datetimes</a> for information on duration formats. This flag is available only for PostgreSQL.

--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL

Number of previous passwords that cannot be reused. The valid range is 0 to 100.

--replica-type=REPLICA_TYPE

The type of replica to create. REPLICA_TYPE must be one of: READ, FAILOVER.

--replication=REPLICATION

Type of replication this instance uses. The default is synchronous. REPLICATION must be one of: synchronous, asynchronous.

--require-ssl

Specified if users connecting over IP must use SSL.

--retained-backups-count=RETAINED_BACKUPS_COUNT

How many backups to keep. The valid range is between 1 and 365. The default value is 7 if not specified. Applicable only if --no-backups is not specified.

--retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS

How many days of transaction logs to keep. The valid range is between 1 and 7. The default value is 7 if not specified. Only valid when point in time recovery is enabled. Keeping more days of transaction logs requires bigger storage size

--root-password=ROOT_PASSWORD

Root Cloud SQL user's password.

--[no-]storage-auto-increase

Storage size can be increased, but it cannot be decreased; storage increases are permanent for the life of the instance. With this setting enabled, a spike in storage requirements can result in permanently increased storage costs for your instance. However, if an instance runs out of available space, it can result in the instance going offline, dropping existing connections. This setting is enabled by default. Use --storage-auto-increase to enable and --no-storage-auto-increase to disable.

--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT

Allows you to set a maximum storage capacity, in GB. Automatic increases to your capacity will stop once this limit has been reached. Default capacity is unlimited.

--storage-size=STORAGE_SIZE

Amount of storage allocated to the instance. Must be an integer number of GB. The default is 10GB. Information on storage limits can be found here: https://cloud.google.com/sql/docs/quotas#storage_limits

--storage-type=STORAGE_TYPE

The storage type for the instance. The default is SSD. STORAGE_TYPE must be one of: SSD, HDD.

--tier=TIER, -t TIER

Machine type for a shared-core instance e.g. db-g1-small. For all other instances, instead of using tiers, customize your instance by specifying its CPU and memory. You can do so with the --cpu and --memory flags. Learn more about how CPU and memory affects pricing: https://cloud.google.com/sql/pricing.

--time-zone=TIME_ZONE

Set a non-default time zone. Only available for SQL Server instances.

--timeout=TIMEOUT; default=3600

Time to synchronously wait for the operation to complete, after which the operation continues asynchronously. Ignored if --async flag is specified. By default, set to 3600s. To wait indefinitely, set to unlimited.

Key resource - The Cloud KMS (Key Management Service) cryptokey that will be

used to protect the instance. The 'Compute Engine Service Agent' service account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in this group can be used to specify the attributes of this resource.

--disk-encryption-key=DISK_ENCRYPTION_KEY

ID of the key or fully qualified identifier for the key. To set the kms-key attribute:

  • provide the argument --disk-encryption-key on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING

The KMS keyring of the key. To set the kms-keyring attribute:

  • provide the argument --disk-encryption-key on the command line with a fully specified name;

  • provide the argument --disk-encryption-key-keyring on the command line.

--disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION

The Cloud location for the key. To set the kms-location attribute:

  • provide the argument --disk-encryption-key on the command line with a fully specified name;

  • provide the argument --disk-encryption-key-location on the command line.

--disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT

The Cloud project for the key. To set the kms-project attribute:

  • provide the argument --disk-encryption-key on the command line with a fully specified name;

  • provide the argument --disk-encryption-key-project on the command line;

  • set the property core/project.

Options for creating an internal replica of an external data source.
--master-dump-file-path=MASTER_DUMP_FILE_PATH

Path to the MySQL dump file in Google Cloud Storage from which the seed import is made. The URI is in the form gs://bucketName/fileName. Compressed gzip files (.gz) are also supported.

This flag argument must be specified if any of the other arguments in this group are specified.

--master-username=MASTER_USERNAME

Name of the replication user on the external data source.

This flag argument must be specified if any of the other arguments in this group are specified.

Client and server credentials.
--master-ca-certificate-path=MASTER_CA_CERTIFICATE_PATH

Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate of the CA that signed the external data source's certificate.

This flag argument must be specified if any of the other arguments in this group are specified.

Client credentials.
--client-certificate-path=CLIENT_CERTIFICATE_PATH

Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate that will be used by the replica to authenticate against the external data source.

This flag argument must be specified if any of the other arguments in this group are specified.

--client-key-path=CLIENT_KEY_PATH

Path to a file containing the unencrypted PKCS#1 or PKCS#8 PEM encoded private key associated with the clientCertificate.

This flag argument must be specified if any of the other arguments in this group are specified.

Password group.

At most one of these can be specified:

--master-password=MASTER_PASSWORD

Password of the replication user on the external data source.

--prompt-for-master-password

Prompt for the password of the replication user on the external data source. The password is all typed characters up to but not including the RETURN or ENTER key.

At most one of these can be specified:
--region=REGION; default="us-central"

Regional location (e.g. asia-east1, us-east1). See the full list of regions at https://cloud.google.com/sql/docs/instance-locations.

At most one of these can be specified:
--gce-zone=GCE_ZONE

(DEPRECATED) Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).

Flag --gce-zone is deprecated and will be removed by release 255.0.0. Use --zone instead.

--secondary-zone=SECONDARY_ZONE

Preferred secondary Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).

--zone=ZONE

Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).

Options for creating a wrapper for an external data source.
--source-ip-address=SOURCE_IP_ADDRESS

Public IP address used to connect to and replicate from the external data source.

This flag argument must be specified if any of the other arguments in this group are specified.

--source-port=SOURCE_PORT; default=3306

Port number used to connect to and replicate from the external data source.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:

$ gcloud sql instances create

$ gcloud beta sql instances create