- INFORMATION
-
gcloud beta sql instances create
is not available in universe domainuniverse
. - NAME
-
- gcloud beta sql instances create - creates a new Cloud SQL instance
- SYNOPSIS
-
-
gcloud beta sql instances create
INSTANCE
[--activation-policy
=ACTIVATION_POLICY
] [--active-directory-dns-servers
=[DNS_SERVER_IP_ADDRESS
,…]] [--active-directory-domain
=ACTIVE_DIRECTORY_DOMAIN
] [--active-directory-mode
=ACTIVE_DIRECTORY_MODE
] [--active-directory-organizational-unit
=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT
] [--active-directory-secret-manager-key
=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY
] [--allocated-ip-range-name
=ALLOCATED_IP_RANGE_NAME
] [--[no-]assign-ip
] [--async
] [--audit-bucket-path
=AUDIT_BUCKET_PATH
] [--audit-retention-interval
=AUDIT_RETENTION_INTERVAL
] [--audit-upload-interval
=AUDIT_UPLOAD_INTERVAL
] [--authorized-networks
=NETWORK
,[NETWORK
,…]] [--availability-type
=AVAILABILITY_TYPE
] [--no-backup
] [--backup-location
=BACKUP_LOCATION
] [--backup-start-time
=BACKUP_START_TIME
] [--cascadable-replica
] [--clear-active-directory-dns-servers
] [--collation
=COLLATION
] [--connection-pool-flags
=FLAG
=VALUE
,[FLAG
=VALUE
,…]] [--connector-enforcement
=CONNECTOR_ENFORCEMENT
] [--cpu
=CPU
] [--custom-subject-alternative-names
=DNS
,[DNS
,[DNS
]]] [--database-flags
=FLAG
=VALUE
,[FLAG
=VALUE
,…]] [--database-version
=DATABASE_VERSION
; default="MYSQL_8_0"
] [--[no-]deletion-protection
] [--deny-maintenance-period-end-date
=DENY_MAINTENANCE_PERIOD_END_DATE
] [--deny-maintenance-period-start-date
=DENY_MAINTENANCE_PERIOD_START_DATE
] [--deny-maintenance-period-time
=DENY_MAINTENANCE_PERIOD_TIME
] [--edition
=EDITION
] [--enable-auto-upgrade-minor-version
] [--enable-bin-log
] [--[no-]enable-connection-pooling
] [--[no-]enable-data-cache
] [--[no-]enable-dataplex-integration
] [--[no-]enable-google-ml-integration
] [--enable-google-private-path
] [--enable-password-policy
] [--enable-point-in-time-recovery
] [--enforce-new-sql-network-architecture
] [--failover-replica-name
=FAILOVER_REPLICA_NAME
] [--[no-]final-backup
] [--final-backup-retention-days
=FINAL_BACKUP_RETENTION_DAYS
] [--[no-]insights-config-query-insights-enabled
] [--insights-config-query-plans-per-minute
=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE
] [--insights-config-query-string-length
=INSIGHTS_CONFIG_QUERY_STRING_LENGTH
] [--[no-]insights-config-record-application-tags
] [--[no-]insights-config-record-client-address
] [--instance-type
=INSTANCE_TYPE
] [--labels
=[KEY
=VALUE
,…]] [--maintenance-release-channel
=MAINTENANCE_RELEASE_CHANNEL
] [--maintenance-window-day
=MAINTENANCE_WINDOW_DAY
] [--maintenance-window-hour
=MAINTENANCE_WINDOW_HOUR
] [--master-instance-name
=MASTER_INSTANCE_NAME
] [--memory
=MEMORY
] [--network
=NETWORK
] [--node-count
=NODE_COUNT
] [--password-policy-complexity
=PASSWORD_POLICY_COMPLEXITY
] [--[no-]password-policy-disallow-username-substring
] [--password-policy-min-length
=PASSWORD_POLICY_MIN_LENGTH
] [--password-policy-password-change-interval
=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL
] [--password-policy-reuse-interval
=PASSWORD_POLICY_REUSE_INTERVAL
] [--psc-auto-connections
=[network
=NETWORK
],[project
=PROJECT
]] [--[no-]recreate-replicas-on-primary-crash
] [--replica-type
=REPLICA_TYPE
] [--replication
=REPLICATION
] [--replication-lag-max-seconds-for-recreate
=REPLICATION_LAG_MAX_SECONDS_FOR_RECREATE
] [--require-ssl
] [--[no-]retain-backups-on-delete
] [--retained-backups-count
=RETAINED_BACKUPS_COUNT
] [--retained-transaction-log-days
=RETAINED_TRANSACTION_LOG_DAYS
] [--root-password
=ROOT_PASSWORD
] [--server-ca-mode
=SERVER_CA_MODE
] [--server-ca-pool
=SERVER_CA_POOL
] [--ssl-mode
=SSL_MODE
] [--[no-]storage-auto-increase
] [--storage-auto-increase-limit
=STORAGE_AUTO_INCREASE_LIMIT
] [--storage-provisioned-iops
=STORAGE_PROVISIONED_IOPS
] [--storage-provisioned-throughput
=STORAGE_PROVISIONED_THROUGHPUT
] [--storage-size
=STORAGE_SIZE
] [--storage-type
=STORAGE_TYPE
] [--tags
=TAG
=VALUE
,[TAG
=VALUE
,…]] [--threads-per-core
=THREADS_PER_CORE
] [--tier
=TIER
,-t
TIER
] [--time-zone
=TIME_ZONE
] [--timeout
=TIMEOUT
; default=3600] [--allowed-psc-projects
=PROJECT
,[PROJECT
,…]--enable-private-service-connect
] [--disk-encryption-key
=DISK_ENCRYPTION_KEY
:--disk-encryption-key-keyring
=DISK_ENCRYPTION_KEY_KEYRING
--disk-encryption-key-location
=DISK_ENCRYPTION_KEY_LOCATION
--disk-encryption-key-project
=DISK_ENCRYPTION_KEY_PROJECT
] [--master-dump-file-path
=MASTER_DUMP_FILE_PATH
--master-username
=MASTER_USERNAME
: [--master-ca-certificate-path
=MASTER_CA_CERTIFICATE_PATH
:--client-certificate-path
=CLIENT_CERTIFICATE_PATH
--client-key-path
=CLIENT_KEY_PATH
]--master-password
=MASTER_PASSWORD
|--prompt-for-master-password
] [--[no-]auto-scale-disable-scale-in
--[no-]auto-scale-enabled
--auto-scale-in-cooldown-seconds
=AUTO_SCALE_IN_COOLDOWN_SECONDS
--auto-scale-max-node-count
=AUTO_SCALE_MAX_NODE_COUNT
--auto-scale-min-node-count
=AUTO_SCALE_MIN_NODE_COUNT
--auto-scale-out-cooldown-seconds
=AUTO_SCALE_OUT_COOLDOWN_SECONDS
--auto-scale-target-metrics
=[METRIC
=VALUE
,…]] [--region
=REGION
; default="us-central" |--gce-zone
=GCE_ZONE
|--secondary-zone
=SECONDARY_ZONE
--zone
=ZONE
] [--source-ip-address
=SOURCE_IP_ADDRESS
:--source-port
=SOURCE_PORT
; default=3306] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(BETA)
Creates a new Cloud SQL instance. - EXAMPLES
-
To create a MySQL 8.0 instance with ID
that has 2 CPUs, 4 GB of RAM, and is in the regionprod-instance
(a zone will be auto-assigned), where the 'root' user has its password set tous-central1
, run:password123
gcloud beta sql instances create prod-instance --database-version=MYSQL_8_0 --cpu=2 --memory=4GB --region=us-central1 --root-password=password123
To create a Postgres 15 instance with ID
that has 2 CPUs, 8 GiB of RAM, and is in the zoneprod-instance
, where the 'postgres' user has its password set tous-central1-a
, run:password123
gcloud beta sql instances create prod-instance --database-version=POSTGRES_15 --cpu=2 --memory=8GiB --zone=us-central1-a --root-password=password123
To create a SQL Server 2022 Express instance with ID
that has 2 CPUs, 3840MiB of RAM, and is in the zoneprod-instance
, where the 'sqlserver' user has its password set tous-central1-a
, run:password123
gcloud beta sql instances create prod-instance --database-version=SQLSERVER_2022_EXPRESS --cpu=2 --memory=3840MiB --zone=us-central1-a --root-password=password123
- POSITIONAL ARGUMENTS
-
INSTANCE
- Cloud SQL instance ID.
- FLAGS
-
--activation-policy
=ACTIVATION_POLICY
-
Activation policy for this instance. This specifies when the instance should be
activated and is applicable only when the instance state is
RUNNABLE
. The default isalways
. More information on activation policies can be found here: https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy.ACTIVATION_POLICY
must be one of:always
,never
. --active-directory-dns-servers
=[DNS_SERVER_IP_ADDRESS
,…]- A comma-separated list of the DNS servers to be used for Active Directory. Only available for SQL Server instances. E.g: 10.0.0.1,10.0.0.2
--active-directory-domain
=ACTIVE_DIRECTORY_DOMAIN
- Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances.
--active-directory-mode
=ACTIVE_DIRECTORY_MODE
-
Defines the Active Directory mode. Only available for SQL Server instances.
ACTIVE_DIRECTORY_MODE
must be one of:MANAGED_ACTIVE_DIRECTORY
,CUSTOMER_MANAGED_ACTIVE_DIRECTORY
. --active-directory-organizational-unit
=ACTIVE_DIRECTORY_ORGANIZATIONAL_UNIT
- Defines the organizational unit to be used for Active Directory. Only available for SQL Server instances. E.g: OU=Cloud,DC=ad,DC=example,DC=com
--active-directory-secret-manager-key
=ACTIVE_DIRECTORY_SECRET_MANAGER_KEY
- The secret manager key storing administrator credentials. Only available for SQL Server instances.
--allocated-ip-range-name
=ALLOCATED_IP_RANGE_NAME
- The name of the IP range allocated for a Cloud SQL instance with private network connectivity. For example: 'google-managed-services-default'. If set, the instance IP is created in the allocated range represented by this name.
--[no-]assign-ip
-
Assign a public IP address to the instance. This is a public, externally
available IPv4 address that you can use to connect to your instance when
properly authorized. Use
--assign-ip
to enable and--no-assign-ip
to disable. --async
- Return immediately, without waiting for the operation in progress to complete.
--audit-bucket-path
=AUDIT_BUCKET_PATH
- The location, as a Cloud Storage bucket, to which audit files are uploaded. The URI is in the form gs://bucketName/folderName. Only available for SQL Server instances.
--audit-retention-interval
=AUDIT_RETENTION_INTERVAL
- The number of days for audit log retention on disk, for example, 3dfor 3 days. Only available for SQL Server instances.
--audit-upload-interval
=AUDIT_UPLOAD_INTERVAL
- How often to upload audit logs (audit files), for example, 30mfor 30 minutes. Only available for SQL Server instances.
- The list of external networks that are allowed to connect to the instance. Specified in CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24).
--availability-type
=AVAILABILITY_TYPE
-
Specifies level of availability.
AVAILABILITY_TYPE
must be one of:regional
- Provides high availability and is recommended for production instances; instance automatically fails over to another zone within your selected region.
zonal
- Provides no failover capability. This is the default.
--backup
-
Enables daily backup. Enabled by default, use
--no-backup
to disable. --backup-location
=BACKUP_LOCATION
- Choose where to store your backups. Backups are stored in the closest multi-region location to you by default. Only customize if needed.
--backup-start-time
=BACKUP_START_TIME
- Start time of daily backups, specified in the HH:MM format, in the UTC timezone.
--cascadable-replica
-
Specifies whether a SQL Server replica is a cascadable replica. A cascadable
replica is a SQL Server cross-region replica that supports replica(s) under it.
This flag only takes effect when the
--master-instance-name
flag is set, and the replica under creation is in a different region than the primary instance. --clear-active-directory-dns-servers
- Removes the list of DNS Servers from the Active Directory Config.
--collation
=COLLATION
- Cloud SQL server-level collation setting, which specifies the set of rules for comparing characters in a character set.
--connection-pool-flags
=FLAG
=VALUE
,[FLAG
=VALUE
,…]-
Comma-separated list of connection pool flags to set on the instance connection
pool. Use an equals sign to separate flag name and value. More information on
available flags can be found here: https://cloud.google.com/sql/docs/mysql/managed-connection-pooling#configuration-options
for MySQL and https://cloud.google.com/sql/docs/postgres/managed-connection-pooling#configuration-options
for PostgreSQL. (e.g.,
--connection-pool-flags max_pool_size=1000,max_client_connections=20
) --connector-enforcement
=CONNECTOR_ENFORCEMENT
-
Cloud SQL Connector enforcement mode. It determines how Cloud SQL Connectors are
used in the connection. See the list of modes here.
CONNECTOR_ENFORCEMENT
must be one of:CONNECTOR_ENFORCEMENT_UNSPECIFIED
- The requirement for Cloud SQL connectors is unknown.
NOT_REQUIRED
- Does not require Cloud SQL connectors.
REQUIRED
- Requires all connections to use Cloud SQL connectors, including the Cloud SQL Auth Proxy and Cloud SQL Java, Python, and Go connectors. Note: This disables all existing authorized networks.
--cpu
=CPU
- Whole number value indicating how many cores are desired in the machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted.--cpu and --memory flags are not compatible with the Enterprise Plus edition. These flags should not be used when creating an Enterprise Plus edition, as the machine configuration is determined by the --tier flag instead.
--custom-subject-alternative-names
=DNS
,[DNS
,[DNS
]]- A comma-separated list of DNS names to add to the instance's SSL certificate. A custom SAN is a structured way to add additional DNS names (host names) that are not managed by Cloud SQL to an instance. It allows for hostname verification during establishment of a database connection using the DNS name over SSL/TLS. When you create and/or update an instance, you can add a comma-separated list of up to three DNS names to the server certificate of your instance.
--database-flags
=FLAG
=VALUE
,[FLAG
=VALUE
,…]-
Comma-separated list of database flags to set on the instance. Use an equals
sign to separate flag name and value. Flags without values, like
skip_grant_tables, can be written out without a value after, e.g.,
skip_grant_tables=
. Use on/off for booleans. View the Instance Resource API for allowed flags. (e.g.,--database-flags max_allowed_packet=55555,skip_grant_tables=,log_output=1
) --database-version
=DATABASE_VERSION
; default="MYSQL_8_0"
- The database engine type and versions. If left unspecified, MYSQL_8_0 is used. See the list of database versions at https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/SqlDatabaseVersion.
--[no-]deletion-protection
-
Enable deletion protection on a Cloud SQL instance. Use
--deletion-protection
to enable and--no-deletion-protection
to disable. --deny-maintenance-period-end-date
=DENY_MAINTENANCE_PERIOD_END_DATE
-
Date when the deny maintenance period ends, that is
.2021-01-10
--deny-maintenance-period-start-date
=DENY_MAINTENANCE_PERIOD_START_DATE
-
Date when the deny maintenance period begins, that is
.2020-11-01
--deny-maintenance-period-time
=DENY_MAINTENANCE_PERIOD_TIME
-
Time when the deny maintenance period starts or ends, that is
.05:00:00
--edition
=EDITION
-
Specifies the edition of Cloud SQL instance.
EDITION
must be one of:enterprise
,enterprise-plus
. --enable-auto-upgrade-minor-version
- Enables auto-upgrade for MySQL 8.0 minor versions. The MySQL version must be 8.0.35 or higher.
--enable-bin-log
- Allows for data recovery from a specific point in time, down to a fraction of a second. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.
--[no-]enable-connection-pooling
-
Enable connection pooling for the instance. Use
--enable-connection-pooling
to enable and--no-enable-connection-pooling
to disable. --[no-]enable-data-cache
-
Enable use of data cache for accelerated read performance. This flag is only
available for Enterprise_Plus edition instances. Use
--enable-data-cache
to enable and--no-enable-data-cache
to disable. --[no-]enable-dataplex-integration
-
Enable Dataplex integration for Google Cloud SQL. Use
--enable-dataplex-integration
to enable and--no-enable-dataplex-integration
to disable. --[no-]enable-google-ml-integration
-
Enable Vertex AI integration for Google Cloud SQL. You can integrate Vertex AI
with Cloud SQL for MySQL and Cloud SQL for PostgreSQL instances only. Use
--enable-google-ml-integration
to enable and--no-enable-google-ml-integration
to disable. --enable-google-private-path
- Enable a private path for Google Cloud services. This flag specifies whether the instance is accessible to internal Google Cloud services such as BigQuery. This is only applicable to MySQL and PostgreSQL instances that don't use public IP. Currently, SQL Server isn't supported.
--enable-password-policy
- Enable the password policy, which enforces user password management with the policies configured for the instance. This flag is only available for Postgres.
--enable-point-in-time-recovery
- Allows for data recovery from a specific point in time, down to a fraction of a second, via write-ahead logs. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs.
--enforce-new-sql-network-architecture
- Force the instance to use the new network architecture.
--failover-replica-name
=FAILOVER_REPLICA_NAME
- Also create a failover replica with the specified name.
--[no-]final-backup
-
Enables the final backup to be taken at the time of instance deletion. Use
--final-backup
to enable and--no-final-backup
to disable. --final-backup-retention-days
=FINAL_BACKUP_RETENTION_DAYS
- Specifies number of days to retain final backup. The valid range is between 1 and 365. For instances managed by BackupDR, the valid range is between 1 day and 99 years. Default value is 30 days.
--[no-]insights-config-query-insights-enabled
-
Enable query insights feature to provide query and query plan analytics.
Use
--insights-config-query-insights-enabled
to enable and--no-insights-config-query-insights-enabled
to disable. --insights-config-query-plans-per-minute
=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE
- Number of query plans to sample every minute. Default value is 5. Allowed range: 0 to 20.
--insights-config-query-string-length
=INSIGHTS_CONFIG_QUERY_STRING_LENGTH
- Sets the default query length limit. For Cloud SQL Enterprise edition, the range is from 256 to 4500 (in bytes) and the default query length is 1024 bytes. For Cloud SQL Enterprise Plus edition, the range is from 1024 to 100,000 (in bytes) and the default query length is 10,000 bytes.
-
Allow application tags to be recorded by the query insights feature.
Use
--insights-config-record-application-tags
to enable and--no-insights-config-record-application-tags
to disable. --[no-]insights-config-record-client-address
-
Allow the client address to be recorded by the query insights feature.
Use
--insights-config-record-client-address
to enable and--no-insights-config-record-client-address
to disable. --instance-type
=INSTANCE_TYPE
-
The type of the instance.
INSTANCE_TYPE
must be one of:CLOUD_SQL_INSTANCE
- A primary instance.
READ_POOL_INSTANCE
- A read pool instance.
READ_REPLICA_INSTANCE
- A read replica instance.
--labels
=[KEY
=VALUE
,…]-
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (
-
), underscores (_
), lowercase characters, and numbers. Values must contain only hyphens (-
), underscores (_
), lowercase characters, and numbers. --maintenance-release-channel
=MAINTENANCE_RELEASE_CHANNEL
-
Which channel's updates to apply during the maintenance window. If not
specified, Cloud SQL chooses the timing of updates to your instance.
MAINTENANCE_RELEASE_CHANNEL
must be one of:preview
- Preview updates release prior to production updates. You may wish to use the preview channel for dev/test applications so that you can preview their compatibility with your application prior to the production release.
production
- Production updates are stable and recommended for applications in production.
week5
- week5 updates release after the production updates. Use the week5 channel to receive a 5 week advance notification about the upcoming maintenance, so you can prepare your application for the release.
--maintenance-window-day
=MAINTENANCE_WINDOW_DAY
-
Day of week for maintenance window, in UTC time zone.
MAINTENANCE_WINDOW_DAY
must be one of:SUN
,MON
,TUE
,WED
,THU
,FRI
,SAT
. --maintenance-window-hour
=MAINTENANCE_WINDOW_HOUR
- Hour of day for maintenance window, in UTC time zone.
--master-instance-name
=MASTER_INSTANCE_NAME
- Name of the instance which will act as master in the replication setup. The newly created instance will be a read replica of the specified master instance.
--memory
=MEMORY
- Whole number value indicating how much memory is desired in the machine. A size unit should be provided (eg. 3072MiB or 9GiB) - if no units are specified, GiB is assumed. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted. --cpu and --memory flags are not compatible with the Enterprise Plus edition. These flags should not be used when creating an Enterprise Plus edition, as the machine configuration is determined by the --tier flag instead.
--network
=NETWORK
-
Network in the current project that the instance will be part of. To specify
using a network with a shared VPC, use the full URL of the network. For an
example host project, 'testproject', and shared network, 'testsharednetwork',
this would use the form:
--network
=projects/testproject/global/networks/testsharednetwork
--node-count
=NODE_COUNT
- The number of nodes in the pool. This option is only available for read pools.
--password-policy-complexity
=PASSWORD_POLICY_COMPLEXITY
-
The complexity of the password. This flag is available only for PostgreSQL.
PASSWORD_POLICY_COMPLEXITY
must be one of:COMPLEXITY_DEFAULT
- A combination of lowercase, uppercase, numeric, and non-alphanumeric characters.
COMPLEXITY_UNSPECIFIED
- The default value if COMPLEXITY_DEFAULT is not specified. It implies that complexity check is not enabled.
--[no-]password-policy-disallow-username-substring
-
Disallow username as a part of the password. Use
--password-policy-disallow-username-substring
to enable and--no-password-policy-disallow-username-substring
to disable. --password-policy-min-length
=PASSWORD_POLICY_MIN_LENGTH
- Minimum number of characters allowed in the password.
--password-policy-password-change-interval
=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL
- Minimum interval after which the password can be changed, for example, 2m for 2 minutes. See <a href="/sdk/gcloud/reference/topic/datetimes"> $ gcloud topic datetimes</a> for information on duration formats. This flag is available only for PostgreSQL.
--password-policy-reuse-interval
=PASSWORD_POLICY_REUSE_INTERVAL
- Number of previous passwords that cannot be reused. The valid range is 0 to 100.
--psc-auto-connections
=[network
=NETWORK
],[project
=PROJECT
]-
A comma-separated list of networks or network-project pairs. Each project is
represented by a project number (numeric) or by a project ID (alphanumeric).
This allows Private Service Connect connections to be created automatically for
the specified networks. For example, this connection uses "the form
psc-auto-connections
=network=projects/testproject1/global/networks/testnetwork1
" or "the formpsc-auto-connections
=project=testproject1,network=projects/testproject1/global/networks/testnetwork1
". Setspsc_auto_connections
value.network
-
Required, sets
network
value. project
-
Sets
project
value.
Shorthand Example:
--psc-auto-connections=network=string,project=string
JSON Example:
--psc-auto-connections='{"network": "string", "project": "string"}'
File Example:
--psc-auto-connections=path_to_file.(yaml|json)
--[no-]recreate-replicas-on-primary-crash
-
Allow/Disallow replica recreation when a primary MySQL instance operating in
reduced durability mode crashes. Not recreating the replicas might lead to data
inconsistencies between the primary and its replicas. This setting is only
applicable for MySQL instances and is enabled by default. Use
--recreate-replicas-on-primary-crash
to enable and--no-recreate-replicas-on-primary-crash
to disable. --replica-type
=REPLICA_TYPE
-
The type of replica to create.
REPLICA_TYPE
must be one of:READ
,FAILOVER
. --replication
=REPLICATION
-
Type of replication this instance uses. The default is synchronous.
REPLICATION
must be one of:synchronous
,asynchronous
. --replication-lag-max-seconds-for-recreate
=REPLICATION_LAG_MAX_SECONDS_FOR_RECREATE
- Set a maximum replication lag for a MySQL read replica in seconds. If the replica lag exceeds the specified value, the readreplica(s) will be recreated. Min value=300 seconds,Max value=31536000 seconds, default value=31536000 seconds.
--require-ssl
- Specified if users connecting over IP must use SSL.
--[no-]retain-backups-on-delete
-
Retain automated/ondemand backups of the instance after the instance is deleted.
Use
--retain-backups-on-delete
to enable and--no-retain-backups-on-delete
to disable. --retained-backups-count
=RETAINED_BACKUPS_COUNT
- How many backups to keep. The valid range is between 1 and 365. Default value is 7 for Enterprise edition instances. For Enterprise_Plus, default value is 15. Applicable only if --no-backups is not specified.
--retained-transaction-log-days
=RETAINED_TRANSACTION_LOG_DAYS
- How many days of transaction logs to keep. The valid range is between 1 and 35. Only use this option when point-in-time recovery is enabled. If logs are stored on disk, storage size for transaction logs could increase when the number of days for log retention increases. For Enterprise, default and max retention values are 7 and 7 respectively. For Enterprise_Plus, default and max retention values are 14 and 35.
--root-password
=ROOT_PASSWORD
- Root Cloud SQL user's password.
--server-ca-mode
=SERVER_CA_MODE
-
Set the server CA mode of the instance.
SERVER_CA_MODE
must be one of:CUSTOMER_MANAGED_CAS_CA
- Customer-managed CA hosted on Google Cloud's Certificate Authority Service (CAS).
GOOGLE_MANAGED_CAS_CA
- Google-managed regional CA part of root CA hierarchy hosted on Google Cloud's Certificate Authority Service (CAS).
GOOGLE_MANAGED_INTERNAL_CA
- Google-managed self-signed internal CA.
--server-ca-pool
=SERVER_CA_POOL
- Set the server CA pool of the instance.
--ssl-mode
=SSL_MODE
-
Set the SSL mode of the instance.
SSL_MODE
must be one of:ALLOW_UNENCRYPTED_AND_ENCRYPTED
- Allow non-SSL and SSL connections. For SSL connections, client certificate will not be verified.
ENCRYPTED_ONLY
- Only allow connections encrypted with SSL/TLS.
TRUSTED_CLIENT_CERTIFICATE_REQUIRED
- Only allow connections encrypted with SSL/TLS and with valid client certificates.
--[no-]storage-auto-increase
-
Storage size can be increased, but it cannot be decreased; storage increases are
permanent for the life of the instance. With this setting enabled, a spike in
storage requirements can result in permanently increased storage costs for your
instance. However, if an instance runs out of available space, it can result in
the instance going offline, dropping existing connections. This setting is
enabled by default. Use
--storage-auto-increase
to enable and--no-storage-auto-increase
to disable. --storage-auto-increase-limit
=STORAGE_AUTO_INCREASE_LIMIT
-
Allows you to set a maximum storage capacity, in GB. Automatic increases to your
capacity will stop once this limit has been reached. Default capacity is
unlimited
. --storage-provisioned-iops
=STORAGE_PROVISIONED_IOPS
- Indicates how many IOPS to provision for the data disk. This sets the number of I/O operations per second that the disk can handle.
--storage-provisioned-throughput
=STORAGE_PROVISIONED_THROUGHPUT
- Indicates how much throughput to provision for the data disk. This sets the throughput in MB per second that the disk can handle.
--storage-size
=STORAGE_SIZE
- Amount of storage allocated to the instance. Must be an integer number of GB. The default is 10GB. Information on storage limits can be found here: https://cloud.google.com/sql/docs/quotas#storage_limits
--storage-type
=STORAGE_TYPE
-
The storage type for the instance. The default is SSD.
STORAGE_TYPE
must be one of:SSD
,HDD
,HYPERDISK_BALANCED
. -
Comma-separated list of tags to set on the instance. Use an equals signto
separate tag name and value.(e.g.,
--tags tag1:value1,tag2=value2
) --threads-per-core
=THREADS_PER_CORE
- The number of threads per core. The value of this flag can be 1 or 2. To disable SMT, set this flag to 1. Only available in Cloud SQL for SQL Server instances.
--tier
=TIER
,-t
TIER
-
Machine type for a shared-core instance e.g.
. For all other instances, instead of using tiers, customize your instance by specifying its CPU and memory. You can do so with thedb-g1-small
--cpu
and--memory
flags. Learn more about how CPU and memory affects pricing: https://cloud.google.com/sql/pricing. --time-zone
=TIME_ZONE
- Set a non-default time zone. Only available for SQL Server instances.
--timeout
=TIMEOUT
; default=3600-
Time to synchronously wait for the operation to complete, after which the
operation continues asynchronously. Ignored if --async flag is specified. By
default, set to 3600s. To wait indefinitely, set to
unlimited
. --allowed-psc-projects
=PROJECT
,[PROJECT
,…]- A comma-separated list of projects. Each project in this list might be represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be established from specified consumer projects.
--enable-private-service-connect
- Enable connecting to the Cloud SQL instance with Private Service Connect.
-
Key resource - The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the instance. The 'Compute Engine Service Agent' service account
must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in
this group can be used to specify the attributes of this resource.
--disk-encryption-key
=DISK_ENCRYPTION_KEY
-
ID of the key or fully qualified identifier for the key.
To set the
kms-key
attribute:-
provide the argument
--disk-encryption-key
on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--disk-encryption-key-keyring
=DISK_ENCRYPTION_KEY_KEYRING
-
The KMS keyring of the key.
To set the
kms-keyring
attribute:-
provide the argument
--disk-encryption-key
on the command line with a fully specified name; -
provide the argument
--disk-encryption-key-keyring
on the command line.
-
provide the argument
--disk-encryption-key-location
=DISK_ENCRYPTION_KEY_LOCATION
-
The Google Cloud location for the key.
To set the
kms-location
attribute:-
provide the argument
--disk-encryption-key
on the command line with a fully specified name; -
provide the argument
--disk-encryption-key-location
on the command line.
-
provide the argument
--disk-encryption-key-project
=DISK_ENCRYPTION_KEY_PROJECT
-
The Google Cloud project for the key.
To set the
kms-project
attribute:-
provide the argument
--disk-encryption-key
on the command line with a fully specified name; -
provide the argument
--disk-encryption-key-project
on the command line; -
set the property
core/project
.
-
provide the argument
-
Options for creating an internal replica of an external data source.
--master-dump-file-path
=MASTER_DUMP_FILE_PATH
-
Path to the MySQL dump file in Google Cloud Storage from which the seed import
is made. The URI is in the form gs://bucketName/fileName. Compressed gzip files
(.gz) are also supported.
This flag argument must be specified if any of the other arguments in this group are specified.
--master-username
=MASTER_USERNAME
-
Name of the replication user on the external data source.
This flag argument must be specified if any of the other arguments in this group are specified.
-
Client and server credentials.
--master-ca-certificate-path
=MASTER_CA_CERTIFICATE_PATH
-
Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate of the
CA that signed the external data source's certificate.
This flag argument must be specified if any of the other arguments in this group are specified.
-
Client credentials.
--client-certificate-path
=CLIENT_CERTIFICATE_PATH
-
Path to a file containing the X.509v3 (RFC5280) PEM encoded certificate that
will be used by the replica to authenticate against the external data source.
This flag argument must be specified if any of the other arguments in this group are specified.
--client-key-path
=CLIENT_KEY_PATH
-
Path to a file containing the unencrypted PKCS#1 or PKCS#8 PEM encoded private
key associated with the clientCertificate.
This flag argument must be specified if any of the other arguments in this group are specified.
-
Password group.
At most one of these can be specified:
--master-password
=MASTER_PASSWORD
- Password of the replication user on the external data source.
--prompt-for-master-password
- Prompt for the password of the replication user on the external data source. The password is all typed characters up to but not including the RETURN or ENTER key.
-
Options for configuring read pool auto scale.
--[no-]auto-scale-disable-scale-in
-
Disables automatic read pool scale-in. When disabled, read pool auto scaling
only supports increasing the read pool node count. By default, both automatic
read pool scale-in and scale-out are enabled. Use
--auto-scale-disable-scale-in
to enable and--no-auto-scale-disable-scale-in
to disable. --[no-]auto-scale-enabled
-
Enables read pool auto scaling. Supports automatically increasing and decreasing
the read pool's node count based on need. Use
--auto-scale-enabled
to enable and--no-auto-scale-enabled
to disable. --auto-scale-in-cooldown-seconds
=AUTO_SCALE_IN_COOLDOWN_SECONDS
- The cooldown period for automatic read pool scale-in. Minimum time between scale-in events. Must be an integer value. For example, if the value is 60, then a scale-in event will not be triggered within 60 seconds of the last scale-in event.
--auto-scale-max-node-count
=AUTO_SCALE_MAX_NODE_COUNT
- Maximum number of read pool nodes to be maintained.
--auto-scale-min-node-count
=AUTO_SCALE_MIN_NODE_COUNT
- Minimum number of read pool nodes to be maintained.
--auto-scale-out-cooldown-seconds
=AUTO_SCALE_OUT_COOLDOWN_SECONDS
- The cooldown period for automatic read pool scale-out. Minimum time between scale-out events. Must be an integer value. For example, if the value is 60, then a scale-out event will not be triggered within 60 seconds of the last scale-out event.
--auto-scale-target-metrics
=[METRIC
=VALUE
,…]- Target metrics for read pool auto scaling. Options are: AVERAGE_CPU_UTILIZATION and AVERAGE_DB_CONNECTIONS. Example: --auto-scale-target-metrics=AVERAGE_CPU_UTILIZATION=0.8
-
At most one of these can be specified:
--region
=REGION
; default="us-central"- Regional location (e.g. asia-east1, us-east1). See the full list of regions at https://cloud.google.com/sql/docs/instance-locations.
-
At most one of these can be specified:
--gce-zone
=GCE_ZONE
-
(DEPRECATED) Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b,
etc.).
Flag
--gce-zone
is deprecated and will be removed by release 255.0.0. Use--zone
instead. --secondary-zone
=SECONDARY_ZONE
- Preferred secondary Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).
--zone
=ZONE
- Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.).
-
Options for creating a wrapper for an external data source.
--source-ip-address
=SOURCE_IP_ADDRESS
-
Public IP address used to connect to and replicate from the external data
source.
This flag argument must be specified if any of the other arguments in this group are specified.
--source-port
=SOURCE_PORT
; default=3306- Port number used to connect to and replicate from the external data source.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in beta and might change without notice. These
variants are also available:
gcloud sql instances create
gcloud alpha sql instances create
gcloud beta sql instances create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-21 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-21 UTC."],[],[]]