Oracle Cloud Infrastructure Documentation

Creating an Instance

Use the steps in this topic to create a bare metal or virtual machine (VM) compute instance using Oracle Cloud Infrastructure Compute.

Tip

If this is your first time creating an instance, consider following the Getting Started tutorial for a guided workflow through the steps required to create an instance.

When you create an instance, the instance is automatically attached to a virtual network interface card (VNIC) in the cloud network's subnet and given a private IP address from the subnet's CIDR. You can let the IP address be automatically assigned, or you can specify a particular address of your choice. The private IP address lets instances within the cloud network communicate with each other. If you've set up the cloud network for DNS, instances can instead use fully qualified domain names (FQDNs).

If the subnet is public, you can optionally assign the instance a public IP address. A public IP address is required to communicate with the instance over the internet, and to establish a Secure Shell (SSH) or Remote Desktop Protocol (RDP) connection to the instance from outside the cloud network. You can also create SSH or RDP connections to instances without public IP addresses using a bastion.

To determine whether capacity is available for a specific shape before you create an instance, use the CreateComputeCapacityReport operation.

Note

Partner images and pre-built Oracle enterprise images are not available in Government Cloud realms.

Security zone policies can affect your ability to create instances.

For permissions, see Required IAM Policy for Working with Instances.

Before You Begin

Before you create an instance, you need these things.

  • (Optional) An existing virtual cloud network (VCN) to create the instance in. Alternatively, you can create a new VCN while you create the instance. For information about setting up cloud networks, see Networking.
  • Linux instances: If you want to use your own Secure Shell (SSH) key to connect to the instance using SSH, you need the public key from the SSH key pair that you plan to use. The key must be in OpenSSH format. For more information, see Managing Key Pairs on Linux Instances.

  • Windows instances: A VCN security rule that enables Remote Desktop Protocol (RDP) access so that you can connect to your instance. Specifically, you need a stateful ingress rule for TCP traffic on destination port 3389 from source 0.0.0.0/0 and any source port. For more information, see Security Rules. You can implement this security rule in a network security group that you add this Windows instance to. Or, you can implement this security rule in a security list that is used by the instance's subnet.

    To enable RDP access:

    1. Open the navigation menu, click Networking, and then click Virtual cloud networks.

    2. Choose a compartment that you have permission to work in (on the left side of the page). The page updates to display only the resources in that compartment. If you're not sure which compartment to use, contact an administrator.

    3. Click the VCN that you're interested in.

    4. Do one of the following things:

      • To add the rule to a network security group that the instance belongs to:

        1. Under Resources, click Network Security Groups.
        2. Click the network security group that you're interested in.
        3. Click Add Rules.

        4. Enter the following values for the rule:

          • Stateless: Leave the check box cleared.
          • Direction: Ingress
          • Source Type: CIDR
          • Source CIDR: 0.0.0.0/0
          • IP Protocol: RDP (TCP/3389)
          • Source Port Range: All
          • Destination Port Range: 3389
          • Description: An optional description of the rule.
        5. Click Add.

      • To add the rule to a security list that is used by the instance's subnet:

        1. Under Resources, click Security Lists.
        2. Click the security list that you're interested in.
        3. Click Add Ingress Rules.

        4. Enter the following values for the rule:

          • Stateless: Leave the check box cleared.
          • Source Type: CIDR
          • Source CIDR: 0.0.0.0/0
          • IP Protocol: RDP (TCP/3389)
          • Source Port Range: All
          • Destination Port Range: 3389
          • Description: An optional description of the rule.
        5. Click Add Ingress Rules.

  • (Optional) If you want to create the instance using a host capacity type other than on-demand capacity, prepare the capacity:

    • To create an instance and have it count against a capacity reservation, you must have a capacity reservation in the same availability domain as the instance.
    • To place an instance on a dedicated virtual machine host, you must have a dedicated virtual machine host in the same availability domain and fault domain as the instance.

    The capacity types are mutually exclusive.

Creating an Instance

    1. Open the navigation menu and click Compute. Under Compute, click Instances.
    2. Click Create instance.
    3. Enter a name for the instance. You can add or change the name later. The name doesn't need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance. Avoid entering confidential information.

    4. Select the compartment to create the instance in.

      The other resources that you choose can come from different compartments.

    5. In the Placement section, make the following selections:

      1. Select the Availability domain that you want to create the instance in.

        Note

        If you're creating an instance from a boot volume, you must create the instance in the same availability domain as the boot volume.

      2. (Optional) If you want to choose a capacity type or specify a fault domain, click Show advanced options. The following options are available:

        • Capacity type: Select one of the following.

          • On-demand capacity: The instance is launched on a shared host using on-demand capacity. This is the default.
          • Preemptible capacity: This option lets you run the instance on a shared host using preemptible capacity. The capacity is reclaimed when it's needed elsewhere, and the instances are terminated. Choose whether to permanently delete the attached boot volume when the capacity is reclaimed and the instance is terminated.
          • Capacity reservation: This option lets you count the instance against a capacity reservation. Select a capacity reservation from the list.
          • Dedicated host: This option lets you run the instance in isolation, so that it is not running on shared infrastructure. Select a dedicated virtual machine host from the list. You can only place an instance on a dedicated virtual machine host at the time you create the instance.
          • Compute cluster: This option lets you place the instance on a compute cluster, which is a high-bandwidth, ultra low-latency remote direct memory access (RDMA) network for high-performance computing. Compute clusters let you manage instances in the cluster individually, and you can have different types of instances in the cluster.
        • Fault domain: The fault domain to use for the instance. If you do not specify the fault domain, the system selects one for you. You can edit the fault domain after you create the instance.

    6. (Optional) In the Security section, you can create a shielded instance or enable confidential computing. Click Edit, and then select the options that you want to enable.

      • To create a shielded instance, turn on the Shielded instance toggle switch. Then, select the boot options that you want.
      • To enable confidential computing for the instance, turn on the Confidential computing toggle switch.
      Note

      If you are unable to select the shielded or confidential computing settings that you want, first choose a shape and image that support shielded instances or confidential computing. Then, select the shielded instance or confidential computing settings that you want. An instance can either be shielded or be enabled for confidential computing but not both, simultaneously.

    7. In the Image and shape section, choose the image  and shape  for the instance:

      1. By default, an Oracle Linux image is used to boot the instance. To select a different image or a boot volume, in the Image section, click Change image. Then, select the operating system or image source.

        • To use a platform image, select Oracle Linux, Ubuntu, CentOS, or Windows. Select the compartment, and then select an OS version. To choose a different image build, or to see which shapes are compatible with an OS version and image build, click the down arrow for the image.
        • To use a Red Hat Enterprise Linux image, follow the steps in Red Hat Enterprise Linux (RHEL) Images.

        • To use a Marketplace image, select SUSE, AlmaLinux, Rocky Linux, or for other OSs, Marketplace.

          For Oracle enterprise images and partner images, select the Partner images option, and then select an image. To view more details about an image or to change the image build, click the down arrow for the image. Images in this section include pre-built Oracle enterprise images and solutions enabled for Oracle Cloud Infrastructure, and trusted third-party images published by Oracle partners.

          For community images, select the Community images option, and then select an image. You can filter by OS. To view more details about an image, click the down arrow for the image. Community images are custom images created and published by community members for use by other community members. Community images are not available for Windows.

        • To use a custom image that was created or imported into your Oracle Cloud Infrastructure environment, select My images. Select the Custom images option. Select the compartment, and then select the image.
        • To use a boot volume, select My images. Select the Boot volumes option. Select the compartment, and then select the boot volume.
        • To use a specific version of an image by providing the image OCID , select My images. Select the Image OCID option, and then enter the image OCID. To determine the OCID for platform images, see the image release notes.

        Choose an image or boot volume, and then click Select image.

      2. To select a different shape, in the Shape section, click Change shape. Then, do the following:

        1. In the Instance type section, select Virtual machine or Bare metal machine.

        2. If you're creating a virtual machine, in the Shape series section, select a processor group. The following options are available:

          • AMD: Standard shapes that use current generation AMD processors. The AMD shapes are flexible shapes.

          • Intel: Standard and optimized shapes that use current generation Intel processors. Includes flexible shapes.

          • Ampere: The Ampere A1 Compute shape, which uses current generation Arm-based processors. The Arm-based shape is a flexible shape. This shape is not supported for Windows.

          • Specialty and previous generation: Standard shapes with previous generation Intel and AMD processors, the Always Free VM.Standard.E2.1.Micro shape, Dense I/O shapes, GPU shapes, and HPC shapes.

          Flexible shapes have a customizable number of OCPUs and amount of memory.

        3. Select a shape.

          If you select a flexible shape, do the following:

          1. For Number of OCPUs, choose the number of OCPUs that you want to allocate to this instance by dragging the slider. The other resources scale proportionately.
          2. If you want this to be a burstable instance and the shape supports bursting, select the Burstable option. Then, in the Baseline utilization per OCPU list, select the baseline OCPU utilization for the instance. This value is the percentage of OCPUs that you want to use most of the time.
          3. For Amount of memory (GB), choose the amount of memory that you want to allocate to this instance by dragging the slider. The amount of memory allowed is based on the number of OCPUs selected.
          4. If you want to allocate an extended amount of memory or OCPUs to the instance, you can make this instance an extended memory VM by dragging the slider to Extended OCPU or Extended memory.

          For more information about the minimum memory, maximum memory, and ratio of memory to OCPUs for each shape, see Flexible Shapes.

          Note

          If a shape is disabled, it means that the shape is either incompatible with the image that you selected previously, or not available in the current availability domain. If you don't see a shape, it means that you don't have service limits for the shape. You can request a service limit increase.
        4. For bare metal instances, you can optionally configure advanced BIOS settings, such as disabling simultaneous multithreading, disabling cores, or optimizing the NUMA settings. Click Show advanced BIOS settings, and then select the options that you want to configure. The settings that are available depend on the shape.
        5. Click Select shape.

    8. In the Networking section, configure the network details for the instance:

      1. For Primary network and Subnet, specify the virtual cloud network (VCN) and subnet to create the instance in. Decide whether you want to use an existing VCN and subnet, create a new VCN or subnet, or enter an existing subnet's OCID.

        Select existing virtual cloud network: If you want to use an existing VCN, make the following selections:

        • Virtual cloud network: The cloud network to create the instance in.

        • Subnet: A subnet within the cloud network that the instance is attached to. The subnets are either public or private. Private means the instances in that subnet can't have public IP addresses. For more information, see Access to the Internet. Subnets are either specific to an availability domain or regional (regional ones have "regional" after the name). We recommend using regional subnets.

          If choosing Select existing subnet, for Subnet, select the subnet.

          If choosing Create new public subnet, enter the following information:

          • New subnet name: A friendly name for the subnet. Avoid entering confidential information.
          • Create in compartment: The compartment where you want to put the subnet.
          • CIDR block: A single, contiguous CIDR block for the subnet (for example, 172.16.0.0/24). Make sure it's within the cloud network's CIDR block and doesn't overlap with any other subnets. You cannot change this value later. See Allowed VCN Size and Address Ranges. For reference, here's a CIDR calculator.

        Create new virtual cloud network: If you want to create a new VCN, make the following selections:

        • New virtual cloud network name: A friendly name for the network. Avoid entering confidential information.
        • Create in compartment: The compartment where you want to put the new network.

        • Create new public subnet: A subnet within the cloud network to attach the instance to. The subnets are either public or private. Private means the instances in that subnet can't have public IP addresses. See Access to the Internet. Subnets are either specific to an availability domain or regional (regional ones have "regional" after the name). We recommend using regional subnets.

          Enter the following information:

          • New subnet name: A friendly name for the subnet. It doesn't have to be unique, and it can be changed later. Avoid entering confidential information.
          • Create in compartment: The compartment where you want to put the subnet.
          • CIDR block: A single, contiguous CIDR block for the subnet (for example, 172.16.0.0/24). Make sure it's within the cloud network's CIDR block and doesn't overlap with any other subnets. You cannot change this value later. See Allowed VCN Size and Address Ranges. For reference, here's a CIDR calculator.

        Enter subnet OCID: If you want to provide an existing subnet's OCID, for Subnet OCID, enter the subnet OCID.

      2. If the subnet is public, you can optionally assign the instance a public IP address. A public IP address makes the instance accessible from the internet. Select the Assign a public IPv4 address option. For more information, see Access to the Internet.

      3. (Optional) If you want to configure advanced networking settings, click Show advanced options. The following options are available:

        • Use network security groups to control traffic: Select this option if you want to add the instance's primary VNIC to one or more network security groups (NSGs). Then, specify the NSGs. Available only when you use an existing VCN.
        • Private IP address: An available private IP address of your choice from the subnet's CIDR. If you don't specify a value, the private IP address is automatically assigned.
        • DNS record: Whether to assign the VNIC a private DNS record. See DNS in Your Virtual Cloud Network.
        • Hostname: A hostname to be used for DNS within the cloud network. Available only if the VCN and subnet both have DNS labels, and the option to assign a private DNS record is selected.
        • Launch options: The networking launch type. Available only for VMs.
    9. Linux instances:In the Add SSH keys section, generate an SSH key pair or upload your own public key. Select one of the following options:

      • Generate a key pair for me: Oracle Cloud Infrastructure generates an RSA key pair for the instance. Click Save Private Key, and then save the private key on your computer. Optionally, click Save Public Key and then save the public key.

        Caution

        Anyone who has access to the private key can connect to the instance. Store the private key in a secure location.
        Important

        To use a key pair that is generated by Oracle Cloud Infrastructure, you must access the instance from a system that has OpenSSH installed. UNIX-based systems (including Linux and OS X), Windows 10, and Windows Server 2019 should have OpenSSH. For more information, see Managing Key Pairs on Linux Instances.
      • Upload public key files (.pub): Upload the public key portion of your key pair. Either browse to the key file that you want to upload, or drag and drop the file into the box. To provide multiple keys, press and hold down the Command key (on Mac) or the Ctrl key (on Windows) while selecting files.
      • Paste public keys: Paste the public key portion of your key pair in the box.
      • No SSH keys: Select this option only if you do not want to connect to the instance using SSH. You can't provide a public key or save the key pair that is generated by Oracle Cloud Infrastructure after the instance is created.

    10. In the Boot volume section, configure the size and encryption options for the instance's boot volume:

      • To specify a custom size for the boot volume, select the Specify a custom boot volume size check box. Then, enter a custom size from 50 GB to 32 TB. The specified size must be larger than the default boot volume size for the selected image.

        Note

        For Windows Server 2012 R2 Datacenter images and Windows platform images published before October 2021, the custom boot volume size must be larger than the image's default boot volume size or 256 GB, whichever is higher.
      • For VM instances, you can optionally select the Use in-transit encryption check box. For bare metal instances that support in-transit encryption, it is enabled by default and is not configurable. See Block Volume Encryption for more information about in-transit encryption. If you are using your own Vault service encryption key for the boot volume, then this key is also used for in-transit encryption. Otherwise, the Oracle-provided encryption key is used.
      • Boot volumes are encrypted by default, but you can optionally use your own Vault service encryption key to encrypt the data in this volume. To use the Vault service for your encryption needs, select the Encrypt this volume with a key that you manage check box. Then, select the Vault compartment and Vault that contain the master encryption key you want to use. Also select the Master encryption key compartment and Master encryption key. If you enable this option, this key is used for both data at rest encryption and in-transit encryption.
        Important

        The Block Volume service does not support encrypting volumes with keys encrypted using the Rivest-Shamir-Adleman (RSA) algorithm. When using your own keys, you must use keys encrypted using the Advanced Encryption Standard (AES) algorithm. This applies to block volumes and boot volumes.

      • Block Volume performance capabilities let you change the volume performance for boot volumes. When you create an instance, its boot volume is configured with the default volume performance set to Balanced. After you launch the instance, you can modify the performance setting.

    11. (Optional) To configure advanced settings, click Show advanced options. The following options are available:

      • On the Management tab, you can configure the following:

        • Require an authorization header: Select this check box to require that all requests to the instance metadata service (IMDS) use the version 2 endpoint and include an authorization header. Requests to IMDSv1 are denied. The image must support IMDSv2.

        • Initialization script: User data to be used by cloud-init to run custom scripts or provide custom cloud-init configuration. Cloudbase-init is used on Windows. Browse to the file that you want to upload, or drag and drop the file into the box. The file or script does not need to be base64-encoded, because the Console performs this encoding when the information is submitted. For information about how to take advantage of user data, see the cloud-init documentation and the cloudbase-init documentation. The total maximum size for user data and other metadata that you provide is 32,000 bytes.

          Caution

          Do not include anything in the script that could trigger a reboot, because this could impact the instance launch and cause it to fail. Any actions that require a reboot should be performed only after the instance state is Running.
        • Tagging: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.

      • On the Availability configuration tab, you can configure the following options for supported shapes:

        • In the Live migration section, select an option:

          • Let Oracle Cloud Infrastructure choose the best migration option: Select this option to let Oracle Cloud Infrastructure choose the best option to migrate the instance to a healthy physical VM host if an underlying infrastructure component needs to undergo maintenance.
          • Use live migration if possible: Select this option to have the instance live migrated to a healthy physical VM host without any notification or disruption. If live migration isn't successful, reboot migration is used. Some shapes do not support live migration.
          • Opt-out: Select this option to have a notification sent for the maintenance event. The instance is live migrated if you do not proactively reboot the instance before the due date.
        • Restore instance lifecycle state after infrastructure maintenance: By default, if an instance is running when a maintenance event affects the underlying infrastructure, the instance is rebooted after it is recovered. Clear this check box if you want the instance to be recovered in the stopped state.

      • On the Oracle Cloud Agent tab, choose which plugins you want to enable when the instance is launched. Plugins collect performance metrics, install OS updates, and perform other instance management tasks.

        Important

        After you create the instance, you might need to perform additional configuration tasks before you can use each plugin.

    12. Click Create.

      To track the progress of the operation and troubleshoot errors that occur during instance creation, use the associated work request.

  • Use the instance launch command and required parameters to create an instance:

    oci compute instance launch --from-json <file://path/to/file.json>

    <file://path/to/file.json> is the path to a JSON file that defines the instance details. For information about how to generate an example of the JSON file, see Advanced JSON Options.

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Use these API operations to create instances:

    You can also launch instances from images that are published by Oracle partners in the Partner Image catalog. Use these APIs to work with the Partner Image catalog listings:

What's Next