You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers the full lifecycle of a Compute Engine VM instance — from creation through configuration to ongoing management. Understanding these operations is essential for running production workloads on GCP.
The most common way to create a VM programmatically is with the gcloud CLI:
gcloud compute instances create web-server-1 \
--zone=europe-west2-a \
--machine-type=e2-standard-4 \
--image-family=ubuntu-2404-lts-amd64 \
--image-project=ubuntu-os-cloud \
--boot-disk-size=50GB \
--boot-disk-type=pd-ssd \
--tags=http-server,https-server \
--metadata=startup-script='#!/bin/bash
apt-get update
apt-get install -y nginx'
resource "google_compute_instance" "web_server" {
name = "web-server-1"
machine_type = "e2-standard-4"
zone = "europe-west2-a"
boot_disk {
initialize_params {
image = "ubuntu-os-cloud/ubuntu-2404-lts-amd64"
size = 50
type = "pd-ssd"
}
}
network_interface {
network = "default"
access_config {} # Ephemeral external IP
}
tags = ["http-server", "https-server"]
}
The Google Cloud Console provides a guided form where you select the zone, machine type, boot disk image, networking, and other options. The Console also shows an estimated monthly cost and can generate the equivalent gcloud or REST command.
Labels are key-value pairs that help you organise and filter resources:
gcloud compute instances add-labels web-server-1 \
--zone=europe-west2-a \
--labels=env=production,team=platform,app=frontend
Use labels for cost attribution, automation targeting, and resource grouping.
Metadata is a key-value store attached to each instance. It is commonly used for startup scripts, shutdown scripts, and configuration data:
# Set instance metadata
gcloud compute instances add-metadata web-server-1 \
--zone=europe-west2-a \
--metadata=env=production,version=2.1.0
# Set a startup script from a file
gcloud compute instances add-metadata web-server-1 \
--zone=europe-west2-a \
--metadata-from-file=startup-script=startup.sh
The metadata server is accessible from within the VM at http://metadata.google.internal/computeMetadata/v1/.
Every VM is associated with a service account that defines which GCP APIs the VM can call. Best practice is to create a dedicated service account with the minimum required permissions rather than using the default Compute Engine service account:
# Create a service account
gcloud iam service-accounts create web-sa \
--display-name="Web Server Service Account"
# Create a VM with the custom service account
gcloud compute instances create web-server-1 \
--zone=europe-west2-a \
--machine-type=e2-standard-4 \
--service-account=web-sa@my-project.iam.gserviceaccount.com \
--scopes=cloud-platform \
--image-family=debian-12 \
--image-project=debian-cloud
Network tags associate VMs with firewall rules:
# Create a firewall rule that applies to VMs with the "http-server" tag
gcloud compute firewall-rules create allow-http \
--network=default \
--allow=tcp:80 \
--target-tags=http-server \
--source-ranges=0.0.0.0/0
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.