v6.2.0/website/docs/r/workbench_instance.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Vertex AI Workbench"
 description: |-
   A Workbench instance.
 ---

 # google_workbench_instance

 A Workbench instance.


 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=workbench_instance_basic&open_in_editor=main.tf" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Workbench Instance Basic


 ```hcl
 resource "google_workbench_instance" "instance" {
   name = "workbench-instance"
   location = "us-west1-a"
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=workbench_instance_basic_container&open_in_editor=main.tf" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Workbench Instance Basic Container


 ```hcl
 resource "google_workbench_instance" "instance" {
   name = "workbench-instance"
   location = "us-west1-a"

   gce_setup {
     container_image {
       repository = "us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cu113.py310"
       tag = "latest"
     }
   }
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=workbench_instance_basic_gpu&open_in_editor=main.tf" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Workbench Instance Basic Gpu


 ```hcl
 resource "google_workbench_instance" "instance" {
   name = "workbench-instance"
   location = "us-central1-a"
   gce_setup {
     machine_type = "n1-standard-1" // cant be e2 because of accelerator
     accelerator_configs {
       type         = "NVIDIA_TESLA_T4"
       core_count   = 1
     }
     vm_image {
       project      = "cloud-notebooks-managed"
       family       = "workbench-instances"
     }
   }
 }
 ```
 ## Example Usage - Workbench Instance Labels Stopped


 ```hcl
 resource "google_workbench_instance" "instance" {
   name = "workbench-instance"
   location = "us-central1-a"

   gce_setup {
     machine_type = "e2-standard-4"

     shielded_instance_config {
       enable_secure_boot = false
       enable_vtpm = false
       enable_integrity_monitoring = false
     }

     service_accounts {
       email = "my@service-account.com"
     }

     metadata = {
       terraform = "true"
     }

   }

   labels = {
     k = "val"
   }

   desired_state = "STOPPED"

 }
 ```
 ## Example Usage - Workbench Instance Full


 ```hcl
 resource "google_compute_network" "my_network" {
   name = "wbi-test-default"
   auto_create_subnetworks = false
 }

 resource "google_compute_subnetwork" "my_subnetwork" {
   name   = "wbi-test-default"
   network = google_compute_network.my_network.id
   region = "us-central1"
   ip_cidr_range = "10.0.1.0/24"
 }

 resource "google_compute_address" "static" {
   name = "wbi-test-default"
 }

 resource "google_service_account_iam_binding" "act_as_permission" {
   service_account_id = "projects/my-project-name/serviceAccounts/my@service-account.com"
   role               = "roles/iam.serviceAccountUser"
   members = [
     "user:example@example.com",
   ]
 }

 resource "google_workbench_instance" "instance" {
   name = "workbench-instance"
   location = "us-central1-a"

   gce_setup {
     machine_type = "n1-standard-4" // cant be e2 because of accelerator
     accelerator_configs {
       type         = "NVIDIA_TESLA_T4"
       core_count   = 1
     }

     shielded_instance_config {
       enable_secure_boot = true
       enable_vtpm = true
       enable_integrity_monitoring = true
     }

     disable_public_ip = false

     service_accounts {
       email = "my@service-account.com"
     }

     boot_disk {
       disk_size_gb  = 310
       disk_type = "PD_SSD"
       disk_encryption = "CMEK"
       kms_key = "my-crypto-key"
     }

     data_disks {
       disk_size_gb  = 330
       disk_type = "PD_SSD"
       disk_encryption = "CMEK"
       kms_key = "my-crypto-key"
     }

     network_interfaces {
       network = google_compute_network.my_network.id
       subnet = google_compute_subnetwork.my_subnetwork.id
       nic_type = "GVNIC"
       access_configs {
         external_ip = google_compute_address.static.address
       }
     }

     metadata = {
       terraform = "true"
     }

     enable_ip_forwarding = true

     tags = ["abc", "def"]

   }

   disable_proxy_access = "true"

   instance_owners  = ["example@example.com"]

   labels = {
     k = "val"
   }

   desired_state = "ACTIVE"

 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `name` -
   (Required)
   The name of this workbench instance. Format: `projects/{project_id}/locations/{location}/instances/{instance_id}`

 * `location` -
   (Required)
   Part of `parent`. See documentation of `projectsId`.


 - - -


 * `gce_setup` -
   (Optional)
   The definition of how to configure a VM instance outside of Resources and Identity.
   Structure is [documented below](#nested_gce_setup).

 * `instance_owners` -
   (Optional)
   'Optional. Input only. The owner of this instance after creation. Format:
   `alias@example.com` Currently supports one owner only. If not specified, all of
   the service account users of your VM instance''s service account can use the instance.'

 * `disable_proxy_access` -
   (Optional)
   Optional. If true, the workbench instance will not register with the proxy.

 * `labels` -
   (Optional)
   Optional. Labels to apply to this instance. These can be later modified
   by the UpdateInstance method.

   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.

 * `instance_id` -
   (Optional)
   Required. User-defined unique ID of this instance.

 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.

 * `desired_state` - (Optional) Desired state of the Workbench Instance. Set this field to `ACTIVE` to start the Instance, and `STOPPED` to stop the Instance.


 <a name="nested_gce_setup"></a>The `gce_setup` block supports:

 * `machine_type` -
   (Optional)
   Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource

 * `accelerator_configs` -
   (Optional)
   The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has
   [enough vCPUs and memory to support the `machine_type` you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).
   Currently supports only one accelerator configuration.
   Structure is [documented below](#nested_accelerator_configs).

 * `shielded_instance_config` -
   (Optional)
   A set of Shielded Instance options. See [Images using supported Shielded
   VM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).
   Not all combinations are valid.
   Structure is [documented below](#nested_shielded_instance_config).

 * `service_accounts` -
   (Optional)
   The service account that serves as an identity for the VM instance. Currently supports only one service account.
   Structure is [documented below](#nested_service_accounts).

 * `vm_image` -
   (Optional)
   Definition of a custom Compute Engine virtual machine image for starting
   a workbench instance with the environment installed directly on the VM.
   Structure is [documented below](#nested_vm_image).

 * `container_image` -
   (Optional)
   Use a container image to start the workbench instance.
   Structure is [documented below](#nested_container_image).

 * `boot_disk` -
   (Optional)
   The definition of a boot disk.
   Structure is [documented below](#nested_boot_disk).

 * `data_disks` -
   (Optional)
   Data disks attached to the VM instance. Currently supports only one data disk.
   Structure is [documented below](#nested_data_disks).

 * `network_interfaces` -
   (Optional)
   The network interfaces for the VM. Supports only one interface.
   Structure is [documented below](#nested_network_interfaces).

 * `disable_public_ip` -
   (Optional)
   Optional. If true, no external IP will be assigned to this VM instance.

 * `tags` -
   (Optional)
   Optional. The Compute Engine tags to add to instance (see [Tagging
   instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).

 * `metadata` -
   (Optional)
   Optional. Custom metadata to apply to this instance.

 * `enable_ip_forwarding` -
   (Optional)
   Optional. Flag to enable ip forwarding or not, default false/off.
   https://cloud.google.com/vpc/docs/using-routes#canipforward


 <a name="nested_accelerator_configs"></a>The `accelerator_configs` block supports:

 * `type` -
   (Optional)
   Optional. Type of this accelerator.
   Possible values are: `NVIDIA_TESLA_P100`, `NVIDIA_TESLA_V100`, `NVIDIA_TESLA_P4`, `NVIDIA_TESLA_T4`, `NVIDIA_TESLA_A100`, `NVIDIA_A100_80GB`, `NVIDIA_L4`, `NVIDIA_TESLA_T4_VWS`, `NVIDIA_TESLA_P100_VWS`, `NVIDIA_TESLA_P4_VWS`.

 * `core_count` -
   (Optional)
   Optional. Count of cores of this accelerator.

 <a name="nested_shielded_instance_config"></a>The `shielded_instance_config` block supports:

 * `enable_secure_boot` -
   (Optional)
   Optional. Defines whether the VM instance has Secure Boot enabled.
   Secure Boot helps ensure that the system only runs authentic software by verifying
   the digital signature of all boot components, and halting the boot process
   if signature verification fails. Disabled by default.

 * `enable_vtpm` -
   (Optional)
   Optional. Defines whether the VM instance has the vTPM enabled.
   Enabled by default.

 * `enable_integrity_monitoring` -
   (Optional)
   Optional. Defines whether the VM instance has integrity monitoring
   enabled. Enables monitoring and attestation of the boot integrity of the VM
   instance. The attestation is performed against the integrity policy baseline.
   This baseline is initially derived from the implicitly trusted boot image
   when the VM instance is created. Enabled by default.

 <a name="nested_service_accounts"></a>The `service_accounts` block supports:

 * `email` -
   (Optional)
   Optional. Email address of the service account.

 * `scopes` -
   (Output)
   Output only. The list of scopes to be made available for this
   service account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform

 <a name="nested_vm_image"></a>The `vm_image` block supports:

 * `project` -
   (Optional)
   The name of the Google Cloud project that this VM image belongs to.
   Format: {project_id}

 * `name` -
   (Optional)
   Optional. Use VM image name to find the image.

 * `family` -
   (Optional)
   Optional. Use this VM image family to find the image; the newest
   image in this family will be used.

 <a name="nested_container_image"></a>The `container_image` block supports:

 * `repository` -
   (Required)
   The path to the container image repository.
   For example: gcr.io/{project_id}/{imageName}

 * `tag` -
   (Optional)
   The tag of the container image. If not specified, this defaults to the latest tag.

 <a name="nested_boot_disk"></a>The `boot_disk` block supports:

 * `disk_size_gb` -
   (Optional)
   Optional. The size of the boot disk in GB attached to this instance,
   up to a maximum of 64000 GB (64 TB). If not specified, this defaults to the
   recommended value of 150GB.

 * `disk_type` -
   (Optional)
   Optional. Indicates the type of the disk.
   Possible values are: `PD_STANDARD`, `PD_SSD`, `PD_BALANCED`, `PD_EXTREME`.

 * `disk_encryption` -
   (Optional)
   Optional. Input only. Disk encryption method used on the boot and
   data disks, defaults to GMEK.
   Possible values are: `GMEK`, `CMEK`.

 * `kms_key` -
   (Optional)
   'Optional. The KMS key used to encrypt the disks, only
   applicable if disk_encryption is CMEK. Format: `projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}`
   Learn more about using your own encryption keys.'

 <a name="nested_data_disks"></a>The `data_disks` block supports:

 * `disk_size_gb` -
   (Optional)
   Optional. The size of the disk in GB attached to this VM instance,
   up to a maximum of 64000 GB (64 TB). If not specified, this defaults to
   100.

 * `disk_type` -
   (Optional)
   Optional. Input only. Indicates the type of the disk.
   Possible values are: `PD_STANDARD`, `PD_SSD`, `PD_BALANCED`, `PD_EXTREME`.

 * `disk_encryption` -
   (Optional)
   Optional. Input only. Disk encryption method used on the boot
   and data disks, defaults to GMEK.
   Possible values are: `GMEK`, `CMEK`.

 * `kms_key` -
   (Optional)
   'Optional. The KMS key used to encrypt the disks,
   only applicable if disk_encryption is CMEK. Format: `projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}`
   Learn more about using your own encryption keys.'

 <a name="nested_network_interfaces"></a>The `network_interfaces` block supports:

 * `network` -
   (Optional)
   Optional. The name of the VPC that this VM instance is in.

 * `subnet` -
   (Optional)
   Optional. The name of the subnet that this VM instance is in.

 * `nic_type` -
   (Optional)
   Optional. The type of vNIC to be used on this interface. This
   may be gVNIC or VirtioNet.
   Possible values are: `VIRTIO_NET`, `GVNIC`.

 * `access_configs` -
   (Optional)
   Optional. An array of configurations for this interface. Currently, only one access
   config, ONE_TO_ONE_NAT, is supported. If no accessConfigs specified, the
   instance will have an external internet access through an ephemeral
   external IP address.
   Structure is [documented below](#nested_access_configs).


 <a name="nested_access_configs"></a>The `access_configs` block supports:

 * `external_ip` -
   (Required)
   An external IP address associated with this instance. Specify an unused
   static external IP address available to the project or leave this field
   undefined to use an IP from a shared ephemeral IP address pool. If you
   specify a static external IP address, it must live in the same region as
   the zone of the instance.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/instances/{{name}}`

 * `proxy_uri` -
   Output only. The proxy endpoint that is used to access the Jupyter notebook.

 * `creator` -
   Output only. Email address of entity that sent original CreateInstance request.

 * `state` -
   Output only. The state of this instance.

 * `upgrade_history` -
   Output only. The upgrade history of this instance.
   Structure is [documented below](#nested_upgrade_history).

 * `health_state` -
   Output only. Instance health_state.

 * `health_info` -
   'Output only. Additional information about instance health. Example:
   healthInfo": { "docker_proxy_agent_status": "1", "docker_status": "1", "jupyterlab_api_status":
   "-1", "jupyterlab_status": "-1", "updated": "2020-10-18 09:40:03.573409" }'

 * `create_time` -
   An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
   The milliseconds portion (".SSS") is optional.

 * `update_time` -
   An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
   The milliseconds portion (".SSS") is optional.

 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.

 * `effective_labels` -
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


 <a name="nested_upgrade_history"></a>The `upgrade_history` block contains:

 * `snapshot` -
   (Optional)
   Optional. The snapshot of the boot disk of this workbench instance before upgrade.

 * `vm_image` -
   (Optional)
   Optional. The VM image before this instance upgrade.

 * `container_image` -
   (Optional)
   Optional. The container image before this instance upgrade.

 * `framework` -
   (Optional)
   Optional. The framework of this workbench instance.

 * `version` -
   (Optional)
   Optional. The version of the workbench instance before this upgrade.

 * `state` -
   (Output)
   Output only. The state of this instance upgrade history entry.

 * `create_time` -
   (Optional)
   An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
   The milliseconds portion (".SSS") is optional.

 * `action` -
   (Optional)
   Optional. Action. Rolloback or Upgrade.

 * `target_version` -
   (Optional)
   Optional. Target VM Version, like m63.

 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 10 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 Instance can be imported using any of these accepted formats:

 * `projects/{{project}}/locations/{{location}}/instances/{{name}}`
 * `{{project}}/{{location}}/{{name}}`
 * `{{location}}/{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Instance using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/locations/{{location}}/instances/{{name}}"
   to = google_workbench_instance.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Instance can be imported using one of the formats above. For example:

 ```
 $ terraform import google_workbench_instance.default projects/{{project}}/locations/{{location}}/instances/{{name}}
 $ terraform import google_workbench_instance.default {{project}}/{{location}}/{{name}}
 $ terraform import google_workbench_instance.default {{location}}/{{name}}
 ```

 ## User Project Overrides

 This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Vertex AI Workbench"
	description: \|-
	A Workbench instance.
	---

	# google_workbench_instance

	A Workbench instance.



	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=workbench_instance_basic&open_in_editor=main.tf" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Workbench Instance Basic


	```hcl
	resource "google_workbench_instance" "instance" {
	name = "workbench-instance"
	location = "us-west1-a"
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=workbench_instance_basic_container&open_in_editor=main.tf" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Workbench Instance Basic Container


	```hcl
	resource "google_workbench_instance" "instance" {
	name = "workbench-instance"
	location = "us-west1-a"

	gce_setup {
	container_image {
	repository = "us-docker.pkg.dev/deeplearning-platform-release/gcr.io/base-cu113.py310"
	tag = "latest"
	}
	}
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=workbench_instance_basic_gpu&open_in_editor=main.tf" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Workbench Instance Basic Gpu


	```hcl
	resource "google_workbench_instance" "instance" {
	name = "workbench-instance"
	location = "us-central1-a"
	gce_setup {
	machine_type = "n1-standard-1" // cant be e2 because of accelerator
	accelerator_configs {
	type = "NVIDIA_TESLA_T4"
	core_count = 1
	}
	vm_image {
	project = "cloud-notebooks-managed"
	family = "workbench-instances"
	}
	}
	}
	```
	## Example Usage - Workbench Instance Labels Stopped


	```hcl
	resource "google_workbench_instance" "instance" {
	name = "workbench-instance"
	location = "us-central1-a"

	gce_setup {
	machine_type = "e2-standard-4"

	shielded_instance_config {
	enable_secure_boot = false
	enable_vtpm = false
	enable_integrity_monitoring = false
	}

	service_accounts {
	email = "my@service-account.com"
	}

	metadata = {
	terraform = "true"
	}

	}

	labels = {
	k = "val"
	}

	desired_state = "STOPPED"

	}
	```
	## Example Usage - Workbench Instance Full


	```hcl
	resource "google_compute_network" "my_network" {
	name = "wbi-test-default"
	auto_create_subnetworks = false
	}

	resource "google_compute_subnetwork" "my_subnetwork" {
	name = "wbi-test-default"
	network = google_compute_network.my_network.id
	region = "us-central1"
	ip_cidr_range = "10.0.1.0/24"
	}

	resource "google_compute_address" "static" {
	name = "wbi-test-default"
	}

	resource "google_service_account_iam_binding" "act_as_permission" {
	service_account_id = "projects/my-project-name/serviceAccounts/my@service-account.com"
	role = "roles/iam.serviceAccountUser"
	members = [
	"user:example@example.com",
	]
	}

	resource "google_workbench_instance" "instance" {
	name = "workbench-instance"
	location = "us-central1-a"

	gce_setup {
	machine_type = "n1-standard-4" // cant be e2 because of accelerator
	accelerator_configs {
	type = "NVIDIA_TESLA_T4"
	core_count = 1
	}

	shielded_instance_config {
	enable_secure_boot = true
	enable_vtpm = true
	enable_integrity_monitoring = true
	}

	disable_public_ip = false

	service_accounts {
	email = "my@service-account.com"
	}

	boot_disk {
	disk_size_gb = 310
	disk_type = "PD_SSD"
	disk_encryption = "CMEK"
	kms_key = "my-crypto-key"
	}

	data_disks {
	disk_size_gb = 330
	disk_type = "PD_SSD"
	disk_encryption = "CMEK"
	kms_key = "my-crypto-key"
	}

	network_interfaces {
	network = google_compute_network.my_network.id
	subnet = google_compute_subnetwork.my_subnetwork.id
	nic_type = "GVNIC"
	access_configs {
	external_ip = google_compute_address.static.address
	}
	}

	metadata = {
	terraform = "true"
	}

	enable_ip_forwarding = true

	tags = ["abc", "def"]

	}

	disable_proxy_access = "true"

	instance_owners = ["example@example.com"]

	labels = {
	k = "val"
	}

	desired_state = "ACTIVE"

	}
	```

	## Argument Reference

	The following arguments are supported:


	* `name` -
	(Required)
	The name of this workbench instance. Format: `projects/{project_id}/locations/{location}/instances/{instance_id}`

	* `location` -
	(Required)
	Part of `parent`. See documentation of `projectsId`.


	- - -


	* `gce_setup` -
	(Optional)
	The definition of how to configure a VM instance outside of Resources and Identity.
	Structure is [documented below](#nested_gce_setup).

	* `instance_owners` -
	(Optional)
	'Optional. Input only. The owner of this instance after creation. Format:
	`alias@example.com` Currently supports one owner only. If not specified, all of
	the service account users of your VM instance''s service account can use the instance.'

	* `disable_proxy_access` -
	(Optional)
	Optional. If true, the workbench instance will not register with the proxy.

	* `labels` -
	(Optional)
	Optional. Labels to apply to this instance. These can be later modified
	by the UpdateInstance method.

	Note: This field is non-authoritative, and will only manage the labels present in your configuration.
	Please refer to the field `effective_labels` for all of the labels present on the resource.

	* `instance_id` -
	(Optional)
	Required. User-defined unique ID of this instance.

	* `project` - (Optional) The ID of the project in which the resource belongs.
	If it is not provided, the provider project is used.

	* `desired_state` - (Optional) Desired state of the Workbench Instance. Set this field to `ACTIVE` to start the Instance, and `STOPPED` to stop the Instance.


	<a name="nested_gce_setup"></a>The `gce_setup` block supports:

	* `machine_type` -
	(Optional)
	Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource

	* `accelerator_configs` -
	(Optional)
	The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has
	[enough vCPUs and memory to support the `machine_type` you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).
	Currently supports only one accelerator configuration.
	Structure is [documented below](#nested_accelerator_configs).

	* `shielded_instance_config` -
	(Optional)
	A set of Shielded Instance options. See [Images using supported Shielded
	VM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).
	Not all combinations are valid.
	Structure is [documented below](#nested_shielded_instance_config).

	* `service_accounts` -
	(Optional)
	The service account that serves as an identity for the VM instance. Currently supports only one service account.
	Structure is [documented below](#nested_service_accounts).

	* `vm_image` -
	(Optional)
	Definition of a custom Compute Engine virtual machine image for starting
	a workbench instance with the environment installed directly on the VM.
	Structure is [documented below](#nested_vm_image).

	* `container_image` -
	(Optional)
	Use a container image to start the workbench instance.
	Structure is [documented below](#nested_container_image).

	* `boot_disk` -
	(Optional)
	The definition of a boot disk.
	Structure is [documented below](#nested_boot_disk).

	* `data_disks` -
	(Optional)
	Data disks attached to the VM instance. Currently supports only one data disk.
	Structure is [documented below](#nested_data_disks).

	* `network_interfaces` -
	(Optional)
	The network interfaces for the VM. Supports only one interface.
	Structure is [documented below](#nested_network_interfaces).

	* `disable_public_ip` -
	(Optional)
	Optional. If true, no external IP will be assigned to this VM instance.

	* `tags` -
	(Optional)
	Optional. The Compute Engine tags to add to instance (see [Tagging
	instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).

	* `metadata` -
	(Optional)
	Optional. Custom metadata to apply to this instance.

	* `enable_ip_forwarding` -
	(Optional)
	Optional. Flag to enable ip forwarding or not, default false/off.
	https://cloud.google.com/vpc/docs/using-routes#canipforward


	<a name="nested_accelerator_configs"></a>The `accelerator_configs` block supports:

	* `type` -
	(Optional)
	Optional. Type of this accelerator.
	Possible values are: `NVIDIA_TESLA_P100`, `NVIDIA_TESLA_V100`, `NVIDIA_TESLA_P4`, `NVIDIA_TESLA_T4`, `NVIDIA_TESLA_A100`, `NVIDIA_A100_80GB`, `NVIDIA_L4`, `NVIDIA_TESLA_T4_VWS`, `NVIDIA_TESLA_P100_VWS`, `NVIDIA_TESLA_P4_VWS`.

	* `core_count` -
	(Optional)
	Optional. Count of cores of this accelerator.

	<a name="nested_shielded_instance_config"></a>The `shielded_instance_config` block supports:

	* `enable_secure_boot` -
	(Optional)
	Optional. Defines whether the VM instance has Secure Boot enabled.
	Secure Boot helps ensure that the system only runs authentic software by verifying
	the digital signature of all boot components, and halting the boot process
	if signature verification fails. Disabled by default.

	* `enable_vtpm` -
	(Optional)
	Optional. Defines whether the VM instance has the vTPM enabled.
	Enabled by default.

	* `enable_integrity_monitoring` -
	(Optional)
	Optional. Defines whether the VM instance has integrity monitoring
	enabled. Enables monitoring and attestation of the boot integrity of the VM
	instance. The attestation is performed against the integrity policy baseline.
	This baseline is initially derived from the implicitly trusted boot image
	when the VM instance is created. Enabled by default.

	<a name="nested_service_accounts"></a>The `service_accounts` block supports:

	* `email` -
	(Optional)
	Optional. Email address of the service account.

	* `scopes` -
	(Output)
	Output only. The list of scopes to be made available for this
	service account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform

	<a name="nested_vm_image"></a>The `vm_image` block supports:

	* `project` -
	(Optional)
	The name of the Google Cloud project that this VM image belongs to.
	Format: {project_id}

	* `name` -
	(Optional)
	Optional. Use VM image name to find the image.

	* `family` -
	(Optional)
	Optional. Use this VM image family to find the image; the newest
	image in this family will be used.

	<a name="nested_container_image"></a>The `container_image` block supports:

	* `repository` -
	(Required)
	The path to the container image repository.
	For example: gcr.io/{project_id}/{imageName}

	* `tag` -
	(Optional)
	The tag of the container image. If not specified, this defaults to the latest tag.

	<a name="nested_boot_disk"></a>The `boot_disk` block supports:

	* `disk_size_gb` -
	(Optional)
	Optional. The size of the boot disk in GB attached to this instance,
	up to a maximum of 64000 GB (64 TB). If not specified, this defaults to the
	recommended value of 150GB.

	* `disk_type` -
	(Optional)
	Optional. Indicates the type of the disk.
	Possible values are: `PD_STANDARD`, `PD_SSD`, `PD_BALANCED`, `PD_EXTREME`.

	* `disk_encryption` -
	(Optional)
	Optional. Input only. Disk encryption method used on the boot and
	data disks, defaults to GMEK.
	Possible values are: `GMEK`, `CMEK`.

	* `kms_key` -
	(Optional)
	'Optional. The KMS key used to encrypt the disks, only
	applicable if disk_encryption is CMEK. Format: `projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}`
	Learn more about using your own encryption keys.'

	<a name="nested_data_disks"></a>The `data_disks` block supports:

	* `disk_size_gb` -
	(Optional)
	Optional. The size of the disk in GB attached to this VM instance,
	up to a maximum of 64000 GB (64 TB). If not specified, this defaults to
	100.

	* `disk_type` -
	(Optional)
	Optional. Input only. Indicates the type of the disk.
	Possible values are: `PD_STANDARD`, `PD_SSD`, `PD_BALANCED`, `PD_EXTREME`.

	* `disk_encryption` -
	(Optional)
	Optional. Input only. Disk encryption method used on the boot
	and data disks, defaults to GMEK.
	Possible values are: `GMEK`, `CMEK`.

	* `kms_key` -
	(Optional)
	'Optional. The KMS key used to encrypt the disks,
	only applicable if disk_encryption is CMEK. Format: `projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}`
	Learn more about using your own encryption keys.'

	<a name="nested_network_interfaces"></a>The `network_interfaces` block supports:

	* `network` -
	(Optional)
	Optional. The name of the VPC that this VM instance is in.

	* `subnet` -
	(Optional)
	Optional. The name of the subnet that this VM instance is in.

	* `nic_type` -
	(Optional)
	Optional. The type of vNIC to be used on this interface. This
	may be gVNIC or VirtioNet.
	Possible values are: `VIRTIO_NET`, `GVNIC`.

	* `access_configs` -
	(Optional)
	Optional. An array of configurations for this interface. Currently, only one access
	config, ONE_TO_ONE_NAT, is supported. If no accessConfigs specified, the
	instance will have an external internet access through an ephemeral
	external IP address.
	Structure is [documented below](#nested_access_configs).


	<a name="nested_access_configs"></a>The `access_configs` block supports:

	* `external_ip` -
	(Required)
	An external IP address associated with this instance. Specify an unused
	static external IP address available to the project or leave this field
	undefined to use an IP from a shared ephemeral IP address pool. If you
	specify a static external IP address, it must live in the same region as
	the zone of the instance.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/instances/{{name}}`

	* `proxy_uri` -
	Output only. The proxy endpoint that is used to access the Jupyter notebook.

	* `creator` -
	Output only. Email address of entity that sent original CreateInstance request.

	* `state` -
	Output only. The state of this instance.

	* `upgrade_history` -
	Output only. The upgrade history of this instance.
	Structure is [documented below](#nested_upgrade_history).

	* `health_state` -
	Output only. Instance health_state.

	* `health_info` -
	'Output only. Additional information about instance health. Example:
	healthInfo": { "docker_proxy_agent_status": "1", "docker_status": "1", "jupyterlab_api_status":
	"-1", "jupyterlab_status": "-1", "updated": "2020-10-18 09:40:03.573409" }'

	* `create_time` -
	An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
	The milliseconds portion (".SSS") is optional.

	* `update_time` -
	An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
	The milliseconds portion (".SSS") is optional.

	* `terraform_labels` -
	The combination of labels configured directly on the resource
	and default labels configured on the provider.

	* `effective_labels` -
	All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.


	<a name="nested_upgrade_history"></a>The `upgrade_history` block contains:

	* `snapshot` -
	(Optional)
	Optional. The snapshot of the boot disk of this workbench instance before upgrade.

	* `vm_image` -
	(Optional)
	Optional. The VM image before this instance upgrade.

	* `container_image` -
	(Optional)
	Optional. The container image before this instance upgrade.

	* `framework` -
	(Optional)
	Optional. The framework of this workbench instance.

	* `version` -
	(Optional)
	Optional. The version of the workbench instance before this upgrade.

	* `state` -
	(Output)
	Output only. The state of this instance upgrade history entry.

	* `create_time` -
	(Optional)
	An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
	The milliseconds portion (".SSS") is optional.

	* `action` -
	(Optional)
	Optional. Action. Rolloback or Upgrade.

	* `target_version` -
	(Optional)
	Optional. Target VM Version, like m63.

	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 10 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	Instance can be imported using any of these accepted formats:

	* `projects/{{project}}/locations/{{location}}/instances/{{name}}`
	* `{{project}}/{{location}}/{{name}}`
	* `{{location}}/{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Instance using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/locations/{{location}}/instances/{{name}}"
	to = google_workbench_instance.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Instance can be imported using one of the formats above. For example:

	```
	$ terraform import google_workbench_instance.default projects/{{project}}/locations/{{location}}/instances/{{name}}
	$ terraform import google_workbench_instance.default {{project}}/{{location}}/{{name}}
	$ terraform import google_workbench_instance.default {{location}}/{{name}}
	```

	## User Project Overrides

	This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).