v5.18.0/website/docs/r/compute_disk.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Compute Engine"
 description: |-
   Persistent disks are durable storage devices that function similarly to
   the physical disks in a desktop or a server.
 ---

 # google\_compute\_disk

 Persistent disks are durable storage devices that function similarly to
 the physical disks in a desktop or a server. Compute Engine manages the
 hardware behind these devices to ensure data redundancy and optimize
 performance for you. Persistent disks are available as either standard
 hard disk drives (HDD) or solid-state drives (SSD).

 Persistent disks are located independently from your virtual machine
 instances, so you can detach or move persistent disks to keep your data
 even after you delete your instances. Persistent disk performance scales
 automatically with size, so you can resize your existing persistent disks
 or add more persistent disks to an instance to meet your performance and
 storage space requirements.

 Add a persistent disk to your instance when you need reliable and
 affordable storage with consistent performance characteristics.


 To get more information about Disk, see:

 * [API documentation](https://cloud.google.com/compute/docs/reference/v1/disks)
 * How-to Guides
     * [Adding a persistent disk](https://cloud.google.com/compute/docs/disks/add-persistent-disk)

 ~> **Warning:** All arguments including the following potentially sensitive
 values will be stored in the raw state as plain text: `disk_encryption_key.raw_key`, `disk_encryption_key.rsa_encrypted_key`.
 [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=disk_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Disk Basic


 ```hcl
 resource "google_compute_disk" "default" {
   name  = "test-disk"
   type  = "pd-ssd"
   zone  = "us-central1-a"
   image = "debian-11-bullseye-v20220719"
   labels = {
     environment = "dev"
   }
   physical_block_size_bytes = 4096
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=disk_async&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Disk Async


 ```hcl
 resource "google_compute_disk" "primary" {
   name  = "async-test-disk"
   type  = "pd-ssd"
   zone  = "us-central1-a"

   physical_block_size_bytes = 4096
 }

 resource "google_compute_disk" "secondary" {
   name  = "async-secondary-test-disk"
   type  = "pd-ssd"
   zone  = "us-east1-c"

   async_primary_disk {
     disk = google_compute_disk.primary.id
   }

   physical_block_size_bytes = 4096
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=disk_features&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Disk Features


 ```hcl
 resource "google_compute_disk" "default" {
   name  = "test-disk-features"
   type  = "pd-ssd"
   zone  = "us-central1-a"
   labels = {
     environment = "dev"
   }

   guest_os_features {
     type = "SECURE_BOOT"
   }

   guest_os_features {
     type = "MULTI_IP_SUBNET"
   }

   guest_os_features {
     type = "WINDOWS"
   }

   licenses = ["https://www.googleapis.com/compute/v1/projects/windows-cloud/global/licenses/windows-server-core"]

   physical_block_size_bytes = 4096
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `name` -
   (Required)
   Name of the resource. Provided by the client when the resource is
   created. The name must be 1-63 characters long, and comply with
   RFC1035. Specifically, the name must be 1-63 characters long and match
   the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
   first character must be a lowercase letter, and all following
   characters must be a dash, lowercase letter, or digit, except the last
   character, which cannot be a dash.


 - - -


 * `description` -
   (Optional)
   An optional description of this resource. Provide this property when
   you create the resource.

 * `labels` -
   (Optional)
   Labels to apply to this disk.  A list of key->value pairs.

   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.

 * `size` -
   (Optional)
   Size of the persistent disk, specified in GB. You can specify this
   field when creating a persistent disk using the `image` or
   `snapshot` parameter, or specify it alone to create an empty
   persistent disk.
   If you specify this field along with `image` or `snapshot`,
   the value must not be less than the size of the image
   or the size of the snapshot.
   ~>**NOTE** If you change the size, Terraform updates the disk size
   if upsizing is detected but recreates the disk if downsizing is requested.
   You can add `lifecycle.prevent_destroy` in the config to prevent destroying
   and recreating.

 * `physical_block_size_bytes` -
   (Optional)
   Physical block size of the persistent disk, in bytes. If not present
   in a request, a default value is used. Currently supported sizes
   are 4096 and 16384, other sizes may be added in the future.
   If an unsupported value is requested, the error message will list
   the supported values for the caller's project.

 * `interface` -
   (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html), Deprecated)
   Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.

   ~> **Warning:** `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.

 * `source_disk` -
   (Optional)
   The source disk used to create this disk. You can provide this as a partial or full URL to the resource.
   For example, the following are valid values:
   * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}
   * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}
   * projects/{project}/zones/{zone}/disks/{disk}
   * projects/{project}/regions/{region}/disks/{disk}
   * zones/{zone}/disks/{disk}
   * regions/{region}/disks/{disk}

 * `type` -
   (Optional)
   URL of the disk type resource describing which disk type to use to
   create the disk. Provide this when creating the disk.

 * `image` -
   (Optional)
   The image from which to initialize this disk. This can be
   one of: the image's `self_link`, `projects/{project}/global/images/{image}`,
   `projects/{project}/global/images/family/{family}`, `global/images/{image}`,
   `global/images/family/{family}`, `family/{family}`, `{project}/{family}`,
   `{project}/{image}`, `{family}`, or `{image}`. If referred by family, the
   images names must include the family name. If they don't, use the
   [google_compute_image data source](/docs/providers/google/d/compute_image.html).
   For instance, the image `centos-6-v20180104` includes its family name `centos-6`.
   These images can be referred by family name here.

 * `resource_policies` -
   (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
   Resource policies applied to this disk for automatic snapshot creations.
   ~>**NOTE** This value does not support updating the
   resource policy, as resource policies can not be updated more than
   one at a time. Use
   [`google_compute_disk_resource_policy_attachment`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk_resource_policy_attachment)
   to allow for updating the resource policy attached to the disk.

 * `enable_confidential_compute` -
   (Optional)
   Whether this disk is using confidential compute mode.
   Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true

 * `multi_writer` -
   (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
   Indicates whether or not the disk can be read/write attached to more than one instance.

 * `provisioned_iops` -
   (Optional)
   Indicates how many IOPS must be provisioned for the disk.
   Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk
   allows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it

 * `provisioned_throughput` -
   (Optional)
   Indicates how much Throughput must be provisioned for the disk.
   Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk
   allows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it

 * `async_primary_disk` -
   (Optional)
   A nested object resource
   Structure is [documented below](#nested_async_primary_disk).

 * `guest_os_features` -
   (Optional)
   A list of features to enable on the guest operating system.
   Applicable only for bootable disks.
   Structure is [documented below](#nested_guest_os_features).

 * `licenses` -
   (Optional)
   Any applicable license URI.

 * `zone` -
   (Optional)
   A reference to the zone where the disk resides.

 * `source_image_encryption_key` -
   (Optional)
   The customer-supplied encryption key of the source image. Required if
   the source image is protected by a customer-supplied encryption key.
   Structure is [documented below](#nested_source_image_encryption_key).

 * `disk_encryption_key` -
   (Optional)
   Encrypts the disk using a customer-supplied encryption key.
   After you encrypt a disk with a customer-supplied key, you must
   provide the same key if you use the disk later (e.g. to create a disk
   snapshot or an image, or to attach the disk to a virtual machine).
   Customer-supplied encryption keys do not protect access to metadata of
   the disk.
   If you do not provide an encryption key when creating the disk, then
   the disk will be encrypted using an automatically generated key and
   you do not need to provide a key to use the disk later.
   Structure is [documented below](#nested_disk_encryption_key).

 * `snapshot` -
   (Optional)
   The source snapshot used to create this disk. You can provide this as
   a partial or full URL to the resource. If the snapshot is in another
   project than this disk, you must supply a full URL. For example, the
   following are valid values:
   * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot`
   * `projects/project/global/snapshots/snapshot`
   * `global/snapshots/snapshot`
   * `snapshot`

 * `source_snapshot_encryption_key` -
   (Optional)
   The customer-supplied encryption key of the source snapshot. Required
   if the source snapshot is protected by a customer-supplied encryption
   key.
   Structure is [documented below](#nested_source_snapshot_encryption_key).

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.


 <a name="nested_async_primary_disk"></a>The `async_primary_disk` block supports:

 * `disk` -
   (Required)
   Primary disk for asynchronous disk replication.

 <a name="nested_guest_os_features"></a>The `guest_os_features` block supports:

 * `type` -
   (Required)
   The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options.
   Possible values are: `MULTI_IP_SUBNET`, `SECURE_BOOT`, `SEV_CAPABLE`, `UEFI_COMPATIBLE`, `VIRTIO_SCSI_MULTIQUEUE`, `WINDOWS`, `GVNIC`, `SEV_LIVE_MIGRATABLE`, `SEV_SNP_CAPABLE`, `SUSPEND_RESUME_COMPATIBLE`, `TDX_CAPABLE`.

 <a name="nested_source_image_encryption_key"></a>The `source_image_encryption_key` block supports:

 * `raw_key` -
   (Optional)
   Specifies a 256-bit customer-supplied encryption key, encoded in
   RFC 4648 base64 to either encrypt or decrypt this resource.

 * `sha256` -
   (Output)
   The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
   encryption key that protects this resource.

 * `kms_key_self_link` -
   (Optional)
   The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
   in the cloud console. Your project's Compute Engine System service account
   (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
   `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
   See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

 * `kms_key_service_account` -
   (Optional)
   The service account used for the encryption request for the given KMS key.
   If absent, the Compute Engine Service Agent service account is used.

 <a name="nested_disk_encryption_key"></a>The `disk_encryption_key` block supports:

 * `raw_key` -
   (Optional)
   Specifies a 256-bit customer-supplied encryption key, encoded in
   RFC 4648 base64 to either encrypt or decrypt this resource.
   **Note**: This property is sensitive and will not be displayed in the plan.

 * `rsa_encrypted_key` -
   (Optional)
   Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
   customer-supplied encryption key to either encrypt or decrypt
   this resource. You can provide either the rawKey or the rsaEncryptedKey.
   **Note**: This property is sensitive and will not be displayed in the plan.

 * `sha256` -
   (Output)
   The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
   encryption key that protects this resource.

 * `kms_key_self_link` -
   (Optional)
   The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
   in the cloud console. Your project's Compute Engine System service account
   (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
   `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
   See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

 * `kms_key_service_account` -
   (Optional)
   The service account used for the encryption request for the given KMS key.
   If absent, the Compute Engine Service Agent service account is used.

 <a name="nested_source_snapshot_encryption_key"></a>The `source_snapshot_encryption_key` block supports:

 * `raw_key` -
   (Optional)
   Specifies a 256-bit customer-supplied encryption key, encoded in
   RFC 4648 base64 to either encrypt or decrypt this resource.

 * `kms_key_self_link` -
   (Optional)
   The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
   in the cloud console. Your project's Compute Engine System service account
   (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
   `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
   See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

 * `sha256` -
   (Output)
   The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
   encryption key that protects this resource.

 * `kms_key_service_account` -
   (Optional)
   The service account used for the encryption request for the given KMS key.
   If absent, the Compute Engine Service Agent service account is used.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/zones/{{zone}}/disks/{{name}}`

 * `label_fingerprint` -
   The fingerprint used for optimistic locking of this resource.  Used
   internally during updates.

 * `creation_timestamp` -
   Creation timestamp in RFC3339 text format.

 * `last_attach_timestamp` -
   Last attach timestamp in RFC3339 text format.

 * `last_detach_timestamp` -
   Last detach timestamp in RFC3339 text format.

 * `users` -
   Links to the users of the disk (attached instances) in form:
   project/zones/zone/instances/instance

 * `source_disk_id` -
   The ID value of the disk used to create this image. This value may
   be used to determine whether the image was taken from the current
   or a previous instance of a given disk name.

 * `disk_id` -
   The unique identifier for the resource. This identifier is defined by the server.

 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.

 * `effective_labels` -
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

 * `source_image_id` -
   The ID value of the image used to create this disk. This value
   identifies the exact image that was used to create this persistent
   disk. For example, if you created the persistent disk from an image
   that was later deleted and recreated under the same name, the source
   image ID would identify the exact version of the image that was used.

 * `source_snapshot_id` -
   The unique ID of the snapshot used to create this disk. This value
   identifies the exact snapshot that was used to create this persistent
   disk. For example, if you created the persistent disk from a snapshot
   that was later deleted and recreated under the same name, the source
   snapshot ID would identify the exact version of the snapshot that was
   used.
 * `self_link` - The URI of the created resource.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 Disk can be imported using any of these accepted formats:

 * `projects/{{project}}/zones/{{zone}}/disks/{{name}}`
 * `{{project}}/{{zone}}/{{name}}`
 * `{{zone}}/{{name}}`
 * `{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Disk using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/zones/{{zone}}/disks/{{name}}"
   to = google_compute_disk.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Disk can be imported using one of the formats above. For example:

 ```
 $ terraform import google_compute_disk.default projects/{{project}}/zones/{{zone}}/disks/{{name}}
 $ terraform import google_compute_disk.default {{project}}/{{zone}}/{{name}}
 $ terraform import google_compute_disk.default {{zone}}/{{name}}
 $ terraform import google_compute_disk.default {{name}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Compute Engine"
	description: \|-
	Persistent disks are durable storage devices that function similarly to
	the physical disks in a desktop or a server.
	---

	# google\_compute\_disk

	Persistent disks are durable storage devices that function similarly to
	the physical disks in a desktop or a server. Compute Engine manages the
	hardware behind these devices to ensure data redundancy and optimize
	performance for you. Persistent disks are available as either standard
	hard disk drives (HDD) or solid-state drives (SSD).

	Persistent disks are located independently from your virtual machine
	instances, so you can detach or move persistent disks to keep your data
	even after you delete your instances. Persistent disk performance scales
	automatically with size, so you can resize your existing persistent disks
	or add more persistent disks to an instance to meet your performance and
	storage space requirements.

	Add a persistent disk to your instance when you need reliable and
	affordable storage with consistent performance characteristics.


	To get more information about Disk, see:

	* [API documentation](https://cloud.google.com/compute/docs/reference/v1/disks)
	* How-to Guides
	* [Adding a persistent disk](https://cloud.google.com/compute/docs/disks/add-persistent-disk)

	~> Warning: All arguments including the following potentially sensitive
	values will be stored in the raw state as plain text: `disk_encryption_key.raw_key`, `disk_encryption_key.rsa_encrypted_key`.
	[Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=disk_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Disk Basic


	```hcl
	resource "google_compute_disk" "default" {
	name = "test-disk"
	type = "pd-ssd"
	zone = "us-central1-a"
	image = "debian-11-bullseye-v20220719"
	labels = {
	environment = "dev"
	}
	physical_block_size_bytes = 4096
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=disk_async&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Disk Async


	```hcl
	resource "google_compute_disk" "primary" {
	name = "async-test-disk"
	type = "pd-ssd"
	zone = "us-central1-a"

	physical_block_size_bytes = 4096
	}

	resource "google_compute_disk" "secondary" {
	name = "async-secondary-test-disk"
	type = "pd-ssd"
	zone = "us-east1-c"

	async_primary_disk {
	disk = google_compute_disk.primary.id
	}

	physical_block_size_bytes = 4096
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=disk_features&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Disk Features


	```hcl
	resource "google_compute_disk" "default" {
	name = "test-disk-features"
	type = "pd-ssd"
	zone = "us-central1-a"
	labels = {
	environment = "dev"
	}

	guest_os_features {
	type = "SECURE_BOOT"
	}

	guest_os_features {
	type = "MULTI_IP_SUBNET"
	}

	guest_os_features {
	type = "WINDOWS"
	}

	licenses = ["https://www.googleapis.com/compute/v1/projects/windows-cloud/global/licenses/windows-server-core"]

	physical_block_size_bytes = 4096
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `name` -
	(Required)
	Name of the resource. Provided by the client when the resource is
	created. The name must be 1-63 characters long, and comply with
	RFC1035. Specifically, the name must be 1-63 characters long and match
	the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
	first character must be a lowercase letter, and all following
	characters must be a dash, lowercase letter, or digit, except the last
	character, which cannot be a dash.


	- - -


	* `description` -
	(Optional)
	An optional description of this resource. Provide this property when
	you create the resource.

	* `labels` -
	(Optional)
	Labels to apply to this disk. A list of key->value pairs.

	Note: This field is non-authoritative, and will only manage the labels present in your configuration.
	Please refer to the field `effective_labels` for all of the labels present on the resource.

	* `size` -
	(Optional)
	Size of the persistent disk, specified in GB. You can specify this
	field when creating a persistent disk using the `image` or
	`snapshot` parameter, or specify it alone to create an empty
	persistent disk.
	If you specify this field along with `image` or `snapshot`,
	the value must not be less than the size of the image
	or the size of the snapshot.
	~>NOTE If you change the size, Terraform updates the disk size
	if upsizing is detected but recreates the disk if downsizing is requested.
	You can add `lifecycle.prevent_destroy` in the config to prevent destroying
	and recreating.

	* `physical_block_size_bytes` -
	(Optional)
	Physical block size of the persistent disk, in bytes. If not present
	in a request, a default value is used. Currently supported sizes
	are 4096 and 16384, other sizes may be added in the future.
	If an unsupported value is requested, the error message will list
	the supported values for the caller's project.

	* `interface` -
	(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html), Deprecated)
	Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.

	~> Warning: `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.

	* `source_disk` -
	(Optional)
	The source disk used to create this disk. You can provide this as a partial or full URL to the resource.
	For example, the following are valid values:
	* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}
	* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}
	* projects/{project}/zones/{zone}/disks/{disk}
	* projects/{project}/regions/{region}/disks/{disk}
	* zones/{zone}/disks/{disk}
	* regions/{region}/disks/{disk}

	* `type` -
	(Optional)
	URL of the disk type resource describing which disk type to use to
	create the disk. Provide this when creating the disk.

	* `image` -
	(Optional)
	The image from which to initialize this disk. This can be
	one of: the image's `self_link`, `projects/{project}/global/images/{image}`,
	`projects/{project}/global/images/family/{family}`, `global/images/{image}`,
	`global/images/family/{family}`, `family/{family}`, `{project}/{family}`,
	`{project}/{image}`, `{family}`, or `{image}`. If referred by family, the
	images names must include the family name. If they don't, use the
	[google_compute_image data source](/docs/providers/google/d/compute_image.html).
	For instance, the image `centos-6-v20180104` includes its family name `centos-6`.
	These images can be referred by family name here.

	* `resource_policies` -
	(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
	Resource policies applied to this disk for automatic snapshot creations.
	~>NOTE This value does not support updating the
	resource policy, as resource policies can not be updated more than
	one at a time. Use
	[`google_compute_disk_resource_policy_attachment`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_disk_resource_policy_attachment)
	to allow for updating the resource policy attached to the disk.

	* `enable_confidential_compute` -
	(Optional)
	Whether this disk is using confidential compute mode.
	Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true

	* `multi_writer` -
	(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
	Indicates whether or not the disk can be read/write attached to more than one instance.

	* `provisioned_iops` -
	(Optional)
	Indicates how many IOPS must be provisioned for the disk.
	Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk
	allows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it

	* `provisioned_throughput` -
	(Optional)
	Indicates how much Throughput must be provisioned for the disk.
	Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk
	allows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it

	* `async_primary_disk` -
	(Optional)
	A nested object resource
	Structure is [documented below](#nested_async_primary_disk).

	* `guest_os_features` -
	(Optional)
	A list of features to enable on the guest operating system.
	Applicable only for bootable disks.
	Structure is [documented below](#nested_guest_os_features).

	* `licenses` -
	(Optional)
	Any applicable license URI.

	* `zone` -
	(Optional)
	A reference to the zone where the disk resides.

	* `source_image_encryption_key` -
	(Optional)
	The customer-supplied encryption key of the source image. Required if
	the source image is protected by a customer-supplied encryption key.
	Structure is [documented below](#nested_source_image_encryption_key).

	* `disk_encryption_key` -
	(Optional)
	Encrypts the disk using a customer-supplied encryption key.
	After you encrypt a disk with a customer-supplied key, you must
	provide the same key if you use the disk later (e.g. to create a disk
	snapshot or an image, or to attach the disk to a virtual machine).
	Customer-supplied encryption keys do not protect access to metadata of
	the disk.
	If you do not provide an encryption key when creating the disk, then
	the disk will be encrypted using an automatically generated key and
	you do not need to provide a key to use the disk later.
	Structure is [documented below](#nested_disk_encryption_key).

	* `snapshot` -
	(Optional)
	The source snapshot used to create this disk. You can provide this as
	a partial or full URL to the resource. If the snapshot is in another
	project than this disk, you must supply a full URL. For example, the
	following are valid values:
	* `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot`
	* `projects/project/global/snapshots/snapshot`
	* `global/snapshots/snapshot`
	* `snapshot`

	* `source_snapshot_encryption_key` -
	(Optional)
	The customer-supplied encryption key of the source snapshot. Required
	if the source snapshot is protected by a customer-supplied encryption
	key.
	Structure is [documented below](#nested_source_snapshot_encryption_key).

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.


	<a name="nested_async_primary_disk"></a>The `async_primary_disk` block supports:

	* `disk` -
	(Required)
	Primary disk for asynchronous disk replication.

	<a name="nested_guest_os_features"></a>The `guest_os_features` block supports:

	* `type` -
	(Required)
	The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options.
	Possible values are: `MULTI_IP_SUBNET`, `SECURE_BOOT`, `SEV_CAPABLE`, `UEFI_COMPATIBLE`, `VIRTIO_SCSI_MULTIQUEUE`, `WINDOWS`, `GVNIC`, `SEV_LIVE_MIGRATABLE`, `SEV_SNP_CAPABLE`, `SUSPEND_RESUME_COMPATIBLE`, `TDX_CAPABLE`.

	<a name="nested_source_image_encryption_key"></a>The `source_image_encryption_key` block supports:

	* `raw_key` -
	(Optional)
	Specifies a 256-bit customer-supplied encryption key, encoded in
	RFC 4648 base64 to either encrypt or decrypt this resource.

	* `sha256` -
	(Output)
	The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
	encryption key that protects this resource.

	* `kms_key_self_link` -
	(Optional)
	The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
	in the cloud console. Your project's Compute Engine System service account
	(`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
	`roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
	See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

	* `kms_key_service_account` -
	(Optional)
	The service account used for the encryption request for the given KMS key.
	If absent, the Compute Engine Service Agent service account is used.

	<a name="nested_disk_encryption_key"></a>The `disk_encryption_key` block supports:

	* `raw_key` -
	(Optional)
	Specifies a 256-bit customer-supplied encryption key, encoded in
	RFC 4648 base64 to either encrypt or decrypt this resource.
	Note: This property is sensitive and will not be displayed in the plan.

	* `rsa_encrypted_key` -
	(Optional)
	Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
	customer-supplied encryption key to either encrypt or decrypt
	this resource. You can provide either the rawKey or the rsaEncryptedKey.
	Note: This property is sensitive and will not be displayed in the plan.

	* `sha256` -
	(Output)
	The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
	encryption key that protects this resource.

	* `kms_key_self_link` -
	(Optional)
	The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
	in the cloud console. Your project's Compute Engine System service account
	(`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
	`roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
	See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

	* `kms_key_service_account` -
	(Optional)
	The service account used for the encryption request for the given KMS key.
	If absent, the Compute Engine Service Agent service account is used.

	<a name="nested_source_snapshot_encryption_key"></a>The `source_snapshot_encryption_key` block supports:

	* `raw_key` -
	(Optional)
	Specifies a 256-bit customer-supplied encryption key, encoded in
	RFC 4648 base64 to either encrypt or decrypt this resource.

	* `kms_key_self_link` -
	(Optional)
	The self link of the encryption key used to encrypt the disk. Also called KmsKeyName
	in the cloud console. Your project's Compute Engine System service account
	(`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
	`roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
	See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

	* `sha256` -
	(Output)
	The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied
	encryption key that protects this resource.

	* `kms_key_service_account` -
	(Optional)
	The service account used for the encryption request for the given KMS key.
	If absent, the Compute Engine Service Agent service account is used.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/zones/{{zone}}/disks/{{name}}`

	* `label_fingerprint` -
	The fingerprint used for optimistic locking of this resource. Used
	internally during updates.

	* `creation_timestamp` -
	Creation timestamp in RFC3339 text format.

	* `last_attach_timestamp` -
	Last attach timestamp in RFC3339 text format.

	* `last_detach_timestamp` -
	Last detach timestamp in RFC3339 text format.

	* `users` -
	Links to the users of the disk (attached instances) in form:
	project/zones/zone/instances/instance

	* `source_disk_id` -
	The ID value of the disk used to create this image. This value may
	be used to determine whether the image was taken from the current
	or a previous instance of a given disk name.

	* `disk_id` -
	The unique identifier for the resource. This identifier is defined by the server.

	* `terraform_labels` -
	The combination of labels configured directly on the resource
	and default labels configured on the provider.

	* `effective_labels` -
	All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

	* `source_image_id` -
	The ID value of the image used to create this disk. This value
	identifies the exact image that was used to create this persistent
	disk. For example, if you created the persistent disk from an image
	that was later deleted and recreated under the same name, the source
	image ID would identify the exact version of the image that was used.

	* `source_snapshot_id` -
	The unique ID of the snapshot used to create this disk. This value
	identifies the exact snapshot that was used to create this persistent
	disk. For example, if you created the persistent disk from a snapshot
	that was later deleted and recreated under the same name, the source
	snapshot ID would identify the exact version of the snapshot that was
	used.
	* `self_link` - The URI of the created resource.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	Disk can be imported using any of these accepted formats:

	* `projects/{{project}}/zones/{{zone}}/disks/{{name}}`
	* `{{project}}/{{zone}}/{{name}}`
	* `{{zone}}/{{name}}`
	* `{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Disk using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/zones/{{zone}}/disks/{{name}}"
	to = google_compute_disk.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Disk can be imported using one of the formats above. For example:

	```
	$ terraform import google_compute_disk.default projects/{{project}}/zones/{{zone}}/disks/{{name}}
	$ terraform import google_compute_disk.default {{project}}/{{zone}}/{{name}}
	$ terraform import google_compute_disk.default {{zone}}/{{name}}
	$ terraform import google_compute_disk.default {{name}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).