Starting the Bastion Instance

The following command and example are used to create virtual machine instances.

Note: Check the Google Cloud documentation for:

gcloud compute instances create

as this command has a lot of different options.

Run the following command to create the bastion instance:

gcloud compute instances create <INSTANCE_NAME> \
--project=<PROJECT_ID> \
--zone=<ZONE> \
--machine-type=<INSTANCE-TYPE> \
--network-interface=network-tier=STANDARD,stack-type=IPV4_ONLY,subnet=<MANAGEMENT_SUBNET> \
--metadata=ssh-keys="<USERNAME>:<SSH_PUB>" \
--service-account=<SERVICE_ACCOUNT> \
--create-disk=auto-delete=yes,boot=yes,device-name=<INSTANCE_NAME>,image=projects/<IMAGE_PROJECT>/global/images/<IMAGE_NAME>,mode=rw,size=<DISK_SIZE>,type=projects/security-arcsight-nonprod/zones/<ZONE>/diskTypes/pd-balanced

Where:

<INSTANCE_NAME> the name of the instance to be created. Check the name row of the documentation to select a name that complies with the nomenclature rules.

<PROJECT_ID> is the Google Cloud project ID to use for this invocation (check the Google Cloud worksheet)

<ZONE>: is the instance compute zone (for example, us-central1-a). The value set here overrides the default compute zone property value for this command invocation.

<INSTANCE-TYPE> is the machine type used for the instances. If not specified, adopts a default of n1-standard-1. A list of all available machine types can be obtained by executing this command:

gcloud compute machine-types list

<MANAGEMENT_SUBNET> is the subnet that the VM instances are a part of.

<USERNAME>:<SSH_PUB> is the metadata entry, always formatted as a key/value pair separated by an equals sign. This represents the metadata available to the guest operating system running on the instances. In this case, as explained in Choose an access method, the SSH keypair is the method used.

<SERVICE_ACCOUNT> is the Google Cloud service account to be used by the instance (check the Google Cloud worksheet)

<IMAGE_PROJECT>, <IMAGE_NAME> point to the path of the boot image for the instance, for which a new boot disk will be created from the given image. See Determining the image and the Google Cloud worksheet for your chosen values.

<DISK_SIZE> is the size of the disk, an integer followed by a size unit of KB, MB, GB, or TB (no spaces between number and letters). If not specified, the new disk size will be the default image size.

Once an instance has reached a RUNNING state and the system begins to boot, the instance creation is considered finished, and the command will return a list of the new virtual machines.

The progress of an instance can be checked using the following command:

gcloud compute instances get-serial-port-output

Example:

gcloud compute instances create arcsight-suite-bastion \
--zone=us-central1-a \
--machine-type=e2-medium \
--network-interface=network-tier=STANDARD,stack-type=IPV4_ONLY,subnet=management-subnet \
--scopes=https://www.googleapis.com/auth/cloud-platform \
--metadata=ssh-keys="arcsight-suite:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPSVtl0IIbJ8X5W2+m/nERMueao8n1PGYJpA3V+2XdU2Jzi+2OlDHR5dgZu8HgutbOIcT65DZgjkviwtbVfkIT1myGqWLQ+KGIz1IG1nipmT1xM2t5ndkynJj4j3vf59rus5N+NnWPJPshM44W+UIk13kLpk7ZiP32jXHeJtC3OEZJ6HlyM7Piwg+Cc7ZaW1uFi3PaeJ/OxpCAXWu2BdQ9Eac//40vYCKA8bTU9S5FO5lWXnVgncKku+dMH7arW62D2Xdh4W3Mx7U9bTXbqG6+54YTTykeiDW6iIqEAKCjSazrR6mcPGkt0sK8a6grIhLcm47YcRE/YAOcrBZGdgVB arcsight-suite" \
--service-account=gcp-arcsight-test-sa@security-arcsight-nonprod.iam.gserviceaccount.com \
--create-disk=auto-delete=yes,boot=yes,device-name=arcsight-suite-bastion,image=projects/rocky-linux-cloud/global/images/rocky-linux-8-optimized-gcp-v20220920,mode=rw,size=75,type=projects/security-arcsight-nonprod/zones/us-central1-a/diskTypes/pd-balanced