gcloud alpha sql instances create - creates a new Cloud SQL instance
gcloud alpha sql instances create INSTANCE [--activation-policy=ACTIVATION_POLICY] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--authorized-networks=NETWORK,[NETWORK,...]] [--availability-type=AVAILABILITY_TYPE] [--no-backup] [--backup-location=BACKUP_LOCATION] [--backup-start-time=BACKUP_START_TIME] [--collation=COLLATION] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--database-version=DATABASE_VERSION; default="MYSQL_8_0"] [--[no-]deletion-protection] [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE] [--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE] [--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME] [--enable-bin-log] [--enable-google-private-path] [--enable-password-policy] [--enable-point-in-time-recovery] [--failover-replica-name=FAILOVER_REPLICA_NAME] [--[no-]insights-config-query-insights-enabled] [--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE] [--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH] [--[no-]insights-config-record-application-tags] [--[no-]insights-config-record-client-address] [--labels=[KEY=VALUE,...]] [--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL] [--maintenance-window-day=MAINTENANCE_WINDOW_DAY] [--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR] [--master-instance-name=MASTER_INSTANCE_NAME] [--memory=MEMORY] [--network=NETWORK] [--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY] [--[no-]password-policy-disallow-username-substring] [--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH] [--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL] [--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL] [--replica-type=REPLICA_TYPE] [--replication=REPLICATION] [--require-ssl] [--retained-backups-count=RETAINED_BACKUPS_COUNT] [--retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS] [--root-password=ROOT_PASSWORD] [--[no-]storage-auto-increase] [--storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT] [--storage-size=STORAGE_SIZE] [--storage-type=STORAGE_TYPE] [--tier=TIER, -t TIER] [--time-zone=TIME_ZONE] [--timeout=TIMEOUT; default=3600] [--disk-encryption-key=DISK_ENCRYPTION_KEY : --disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING --disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION --disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT] [--master-dump-file-path=MASTER_DUMP_FILE_PATH --master-username=MASTER_USERNAME : [--master-ca-certificate-path=MASTER_CA_CERTIFICATE_PATH : --client-certificate-path=CLIENT_CERTIFICATE_PATH --client-key-path=CLIENT_KEY_PATH] --master-password=MASTER_PASSWORD | --prompt-for-master-password] [--region=REGION; default="us-central" | --gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [--source-ip-address=SOURCE_IP_ADDRESS : --source-port=SOURCE_PORT; default=3306] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Creates a new Cloud SQL instance.
To create a MySQL 5.7 instance with ID prod-instance that has 2 CPUs, 4 GB of RAM, and is in the region us-central1 (a zone will be auto-assigned), where the 'root' user has its password set to password123, run:
$ gcloud alpha sql instances create prod-instance \ --database-version=MYSQL_5_7 --cpu=2 --memory=4GB \ --region=us-central1 --root-password=password123
To create a Postgres 9.6 instance with ID prod-instance that has 2 CPUs, 8 GiB of RAM, and is in the zone us-central1-a, where the 'postgres' user has its password set to password123, run:
$ gcloud alpha sql instances create prod-instance \ --database-version=POSTGRES_9_6 --cpu=2 --memory=8GiB \ --zone=us-central1-a --root-password=password123
To create a SQL Server 2017 Express instance with ID prod-instance that has 2 CPUs, 3840MiB of RAM, and is in the zone us-central1-a, where the 'sqlserver' user has its password set to password123, run:
$ gcloud alpha sql instances create prod-instance \ --database-version=SQLSERVER_2017_EXPRESS --cpu=2 \ --memory=3840MiB --zone=us-central1-a \ --root-password=password123
- INSTANCE
Cloud SQL instance ID.
- --activation-policy=ACTIVATION_POLICY
Activation policy for this instance. This specifies when the instance should be activated and is applicable only when the instance state is RUNNABLE. The default is on-demand. More information on activation policies can be found here: https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never, on-demand.
- --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN
Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances.
- --allocated-ip-range-name=ALLOCATED_IP_RANGE_NAME
The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: 'google-managed-services-default'. If set, the instance IP is created in the allocated range represented by this name.
- --[no-]assign-ip
Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your instance when properly authorized. Use --assign-ip to enable and --no-assign-ip to disable.
- --async
Return immediately, without waiting for the operation in progress to complete.
- --audit-bucket-path=AUDIT_BUCKET_PATH
The location, as a Cloud Storage bucket, to which audit files are uploaded. The URI is in the form gs://bucketName/folderName. Only available for SQL Server instances.
- --audit-retention-interval=AUDIT_RETENTION_INTERVAL
The number of days for audit log retention on disk, for example, 3dfor 3 days. Only available for SQL Server instances.
- --audit-upload-interval=AUDIT_UPLOAD_INTERVAL
How often to upload audit logs (audit files), for example, 30mfor 30 minutes. Only available for SQL Server instances.
- --authorized-networks=NETWORK,[NETWORK,...]
The list of external networks that are allowed to connect to the instance. Specified in CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24).
- --availability-type=AVAILABILITY_TYPE
Specifies level of availability. AVAILABILITY_TYPE must be one of:
- regional
Provides high availability and is recommended for production instances; instance automatically fails over to another zone within your selected region.
- zonal
Provides no failover capability. This is the default.
- --backup
Enables daily backup. Enabled by default, use --no-backup to disable.
- --backup-location=BACKUP_LOCATION
Choose where to store your backups. Backups are stored in the closest multi-region location to you by default. Only customize if needed.
- --backup-start-time=BACKUP_START_TIME
Start time of daily backups, specified in the HH:MM format, in the UTC timezone.
- --collation=COLLATION
Cloud SQL server-level collation setting, which specifies the set of rules for comparing characters in a character set.
- --connector-enforcement=CONNECTOR_ENFORCEMENT
Cloud SQL Connector enforcement mode. It determines how Cloud SQL Connectors are used in the connection. See the list of modes here https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances#connectorenforcement. CONNECTOR_ENFORCEMENT must be one of:
- CONNECTOR_ENFORCEMENT_UNSPECIFIED
The requirement for Cloud SQL connectors is unknown.
- NOT_REQUIRED
Does not require Cloud SQL connectors.
- REQUIRED
Requires all connections to use Cloud SQL connectors, including the Cloud SQL Auth Proxy and Cloud SQL Java, Python, and Go connectors. Note: This disables all existing authorized networks.
- --cpu=CPU
Whole number value indicating how many cores are desired in the machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.
- --database-flags=FLAG=VALUE,[FLAG=VALUE,...]
Comma-separated list of database flags to set on the instance. Use an equals sign to separate flag name and value. Flags without values, like skip_grant_tables, can be written out without a value after, e.g., skip_grant_tables=. Use on/off for booleans. View the Instance Resource API for allowed flags. (e.g., --database-flags max_allowed_packet=55555,skip_grant_tables=,log_output=1)
- --database-version=DATABASE_VERSION; default="MYSQL_8_0"
The database engine type and versions. If left unspecified, MYSQL_8_0 is used. See the list of database versions at https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/SqlDatabaseVersion.
- --[no-]deletion-protection
Enable deletion protection on a Cloud SQL instance. Use --deletion-protection to enable and --no-deletion-protection to disable.
- --deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE
Date when the deny maintenance period ends, that is 2021-01-10.
- --deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE
Date when the deny maintenance period begins, that is 2020-11-01.
- --deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME
Time when the deny maintenance period starts or ends, that is 05:00:00.
- --enable-bin-log
Allows for data recovery from a specific point in time, down to a fraction of a second. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.
- --enable-google-private-path
Enable a private path for Google Cloud services. This flag specifies whether the instance is accessible to internal Google Cloud services such as BigQuery. This is only applicable to MySQL and PostgreSQL instances that don't use public IP. Currently, SQL Server isn't supported.
- --enable-password-policy
Enable the password policy, which enforces user password management with the policies configured for the instance. This flag is only available for Postgres.
- --enable-point-in-time-recovery
Allows for data recovery from a specific point in time, down to a fraction of a second, via write-ahead logs. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.
- --failover-replica-name=FAILOVER_REPLICA_NAME
Also create a failover replica with the specified name.
- --[no-]insights-config-query-insights-enabled
Enable query insights feature to provide query and query plan analytics.
Use --insights-config-query-insights-enabled to enable and --no-insights-config-query-insights-enabled to disable.
- --insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE
Number of query plans to sample every minute. Default value is 5. Allowed range: 0 to 20.
- --insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH
Query string length in bytes to be stored by the query insights feature. Default length is 1024 bytes. Allowed range: 256 to 4500 bytes.
- --[no-]insights-config-record-application-tags
Allow application tags to be recorded by the query insights feature.
Use --insights-config-record-application-tags to enable and --no-insights-config-record-application-tags to disable.
- --[no-]insights-config-record-client-address
Allow the client address to be recorded by the query insights feature.
Use --insights-config-record-client-address to enable and --no-insights-config-record-client-address to disable.
- --labels=[KEY=VALUE,...]
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- --maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL
Which channel's updates to apply during the maintenance window. If not specified, Cloud SQL chooses the timing of updates to your instance. MAINTENANCE_RELEASE_CHANNEL must be one of:
- preview
Preview updates release prior to production updates. You may wish to use the preview channel for dev/test applications so that you can preview their compatibility with your application prior to the production release.
- production
Production updates are stable and recommended for applications in production.
- --maintenance-window-day=MAINTENANCE_WINDOW_DAY
Day of week for maintenance window, in UTC time zone. MAINTENANCE_WINDOW_DAY must be one of: SUN, MON, TUE, WED, THU, FRI, SAT.
- --maintenance-window-hour=MAINTENANCE_WINDOW_HOUR
Hour of day for maintenance window, in UTC time zone.
- --master-instance-name=MASTER_INSTANCE_NAME
Name of the instance which will act as master in the replication setup. The newly created instance will be a read replica of the specified master instance.
- --memory=MEMORY
Whole number value indicating how much memory is desired in the machine. A size unit should be provided (eg. 3072MiB or 9GiB) - if no units are specified, GiB is assumed. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.
- --network=NETWORK
Network in the current project that the instance will be part of. To specify using a network with a shared VPC, use the full URL of the network. For an example host project, 'testproject', and shared network, 'testsharednetwork', this would use the form: --network=projects/testproject/global/networks/testsharednetwork
- --password-policy-complexity=PASSWORD_POLICY_COMPLEXITY
The complexity of the password. This flag is available only for PostgreSQL. PASSWORD_POLICY_COMPLEXITY must be one of:
- COMPLEXITY_DEFAULT
A combination of lowercase, uppercase, numeric, and non-alphanumeric characters.
- COMPLEXITY_UNSPECIFIED
The default value if COMPLEXITY_DEFAULT is not specified. It implies that complexity check is not enabled.
- --[no-]password-policy-disallow-username-substring
Disallow username as a part of the password. Use --password-policy-disallow-username-substring to enable and --no-password-policy-disallow-username-substring to disable.
- --password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH
Minimum number of characters allowed in the password.
- --password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL
Minimum interval after which the password can be changed, for example, 2m for 2 minutes. See <a href="/sdk/gcloud/reference/topic/datetimes"> $ gcloud topic datetimes</a> for information on duration formats. This flag is available only for PostgreSQL.
- --password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL
Number of previous passwords that cannot be reused. The valid range is 0 to 100.
- --replica-type=REPLICA_TYPE
The type of replica to create. REPLICA_TYPE must be one of: READ, FAILOVER.
- --replication=REPLICATION
Type of replication this instance uses. The default is synchronous. REPLICATION must be one of: synchronous, asynchronous.
- --require-ssl
Specified if users connecting over IP must use SSL.
- --retained-backups-count=RETAINED_BACKUPS_COUNT
How many backups to keep. The valid range is between 1 and 365. The default value is 7 if not specified. Applicable only if --no-backups is not specified.
- --retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS
How many days of transaction logs to keep. The valid range is between 1 and 7. The default value is 7 if not specified. Only valid when point in time recovery is enabled. Keeping more days of transaction logs requires bigger storage size
- --root-password=ROOT_PASSWORD
Root Cloud SQL user's password.
- --[no-]storage-auto-increase
Storage size can be increased, but it cannot be decreased; storage increases are permanent for the life of the instance. With this setting enabled, a spike in storage requirements can result in permanently increased storage costs for your instance. However, if an instance runs out of available space, it can result in the instance going offline, dropping existing connections. This setting is enabled by default. Use --storage-auto-increase to enable and --no-storage-auto-increase to disable.
- --storage-auto-increase-limit=STORAGE_AUTO_INCREASE_LIMIT
Allows you to set a maximum storage capacity, in GB. Automatic increases to your capacity will stop once this limit has been reached. Default capacity is unlimited.
- --storage-size=STORAGE_SIZE
Amount of storage allocated to the instance. Must be an integer number of GB. The default is 10GB. Information on storage limits can be found here: https://cloud.google.com/sql/docs/quotas#storage_limits
- --storage-type=STORAGE_TYPE
The storage type for the instance. The default is SSD. STORAGE_TYPE must be one of: SSD, HDD.
- --tier=TIER, -t TIER
Machine type for a shared-core instance e.g. db-g1-small. For all other instances, instead of using tiers, customize your instance by specifying its CPU and memory. You can do so with the --cpu and --memory flags. Learn more about how CPU and memory affects pricing: https://cloud.google.com/sql/pricing.
- --time-zone=TIME_ZONE
Set a non-default time zone. Only available for SQL Server instances.
- --timeout=TIMEOUT; default=3600
Time to synchronously wait for the operation to complete, after which the operation continues asynchronously. Ignored if --async flag is specified. By default, set to 3600s. To wait indefinitely, set to unlimited.
- Key resource - The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the instance. The 'Compute Engine Service Agent' service account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in this group can be used to specify the attributes of this resource.
- --disk-encryption-key=DISK_ENCRYPTION_KEY
ID of the key or fully qualified identifier for the key. To set the kms-key attribute:
provide the argument --disk-encryption-key on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
- --disk-encryption-key-keyring=DISK_ENCRYPTION_KEY_KEYRING
The KMS keyring of the key. To set the kms-keyring attribute:
provide the argument --disk-encryption-key on the command line with a fully specified name;
provide the argument --disk-encryption-key-keyring on the command line.
- --disk-encryption-key-location=DISK_ENCRYPTION_KEY_LOCATION
The Cloud location for the key. To set the kms-location attribute:
provide the argument --disk-encryption-key on the command line with a fully specified name;
provide the argument --disk-encryption-key-location on the command line.
- --disk-encryption-key-project=DISK_ENCRYPTION_KEY_PROJECT
The Cloud project for the key. To set the kms-project attribute:
provide the argument --disk-encryption-key on the command line with a fully specified name;
provide the argument --disk-encryption-key-project on the command line;
set the property core/project.
- Options for creating an internal replica of an external data source.
- --master-dump-file-path=MASTER_DUMP_FILE_PATH
Path to the MySQL dump file in Google Cloud Storage from which the seed import is made. The URI is in the form gs://bucketName/fileName. Compressed gzip files (.gz) are also supported.
This flag argument must be specified if any of the other arguments in this group are specified.
- --master-username=MASTER_USERNAME
Name of the replication user on the external data source.
This flag argument must be specified if any of the other arguments in this group are specified.
- Client and server credentials.
- --master-ca-certificate-path=MASTER_CA_CERTIFICATE_PATH
Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate of the CA that signed the external data source's certificate.
This flag argument must be specified if any of the other arguments in this group are specified.
- Client credentials.
- --client-certificate-path=CLIENT_CERTIFICATE_PATH
Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate that will be used by the replica to authenticate against the external data source.
This flag argument must be specified if any of the other arguments in this group are specified.
- --client-key-path=CLIENT_KEY_PATH
Path to a file containing the unencrypted PKCS#1 or PKCS#8 PEM encoded private key associated with the clientCertificate.
This flag argument must be specified if any of the other arguments in this group are specified.
- Password group.
At most one of these can be specified:
- --master-password=MASTER_PASSWORD
Password of the replication user on the external data source.
- --prompt-for-master-password
Prompt for the password of the replication user on the external data source. The password is all typed characters up to but not including the RETURN or ENTER key.
- At most one of these can be specified:
- --region=REGION; default="us-central"
Regional location (e.g. asia-east1, us-east1). See the full list of regions at https://cloud.google.com/sql/docs/instance-locations.
- At most one of these can be specified:
- --gce-zone=GCE_ZONE
(DEPRECATED) Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).
Flag --gce-zone is deprecated and will be removed by release 255.0.0. Use --zone instead.
- --secondary-zone=SECONDARY_ZONE
Preferred secondary Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).
- --zone=ZONE
Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).
- Options for creating a wrapper for an external data source.
- --source-ip-address=SOURCE_IP_ADDRESS
Public IP address used to connect to and replicate from the external data source.
This flag argument must be specified if any of the other arguments in this group are specified.
- --source-port=SOURCE_PORT; default=3306
Port number used to connect to and replicate from the external data source.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud sql instances create
$ gcloud beta sql instances create