[Yandex Cloud documentation](../../../index.md) > [Yandex Compute Cloud](../../index.md) > [Step-by-step guides](../index.md) > Creating a VM > Creating a VM with disks from snapshots

# Creating a VM with disks recovered from snapshots


You can create a VM with disks recovered from snapshots available in the folder. For more information on how to create a disk snapshot, see [Creating a disk snapshot](../disk-control/create-snapshot.md).

{% note info %}

[Disks](../../concepts/disk.md), [snapshots](../../concepts/snapshot.md), and [images](../../concepts/image.md) are separate resources that work independently from each other in Compute Cloud. You can create, delete, and manage them separately. Any changes you make to the disk do not affect the snapshot of that disk or the image it was created from. Even if you delete the disk or the VM with the disk, its snapshot and image will remain unaffected.

{% endnote %}

{% note info %}

To create, modify, and edit a [VM](../../concepts/vm.md), you need the `compute.editor` _minimum_ [role](../../security/index.md#compute-editor) for the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder). To create a VM with a licensed image, you will additionally need the `license-manager.viewer` [role](../../../marketplace/security/index.md#license-manager-viewer).

To create a VM with a [public IP address](../../../vpc/concepts/address.md#public-addresses), you will additionally need the `vpc.publicAdmin` [role](../../../vpc/security/index.md#vpc-public-admin).

{% endnote %}

{% list tabs group=instructions %}

- Management console {#console}



  1. In the [management console](https://console.yandex.cloud), select the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) where you want to create your VM.
  1. Navigate to **Compute Cloud**.
  1. In the left-hand panel, select ![image](../../../_assets/console-icons/server.svg) **Virtual machines**.
  1. Click **Create virtual machine**.
  1. Under **Boot disk image**:

      * Navigate to the **Custom** tab.
      * Click ![image](../../../_assets/console-icons/pencil.svg), and, in the window that opens, select **Create**.
      * In the **Contents** field, select `Snapshot` and then select the disk snapshot you need from the list below. Optionally, use the filter.
      * Enter a name for the new boot disk.
      * Select the [disk type](../../concepts/disk.md#disks_types).
      * Specify the required disk and block size.
      * Optionally, enable **Additional** in the **Delete along with the virtual machine** field if you need this disk automatically deleted when deleting the VM.
      * Click **Add disk**.

  1. Under **Location**, select the [availability zone](../../../overview/concepts/geo-scope.md) where your VM will reside.
  1. Add a secondary [disk](../../concepts/disk.md):

      * Under **Disks and file storages**, click **Add**.
      * In the window that opens, select **Disk** → `Create new`.
      * In the **Contents** field, select `Snapshot`.
      * Enter a name for the new disk.
      * Select the [disk type](../../concepts/disk.md#disks_types).
      * Specify the required disk and block size.
      * Optionally, enable **Additional** in the **Delete along with the virtual machine** field if you need this disk automatically deleted when deleting the VM.
      * Click **Add disk**.

  1. Optionally, to [encrypt](../../concepts/encryption.md) a boot disk or a secondary disk, under **Disks and file storages**, click ![image](../../../_assets/console-icons/pencil.svg) to the right of the disk name and configure encryption parameters for the disk:
     
     * Select **Encrypted disk**.
     * In the **KMS key** field, select the [key](../../../kms/concepts/key.md) you want to use to encrypt the disk. To [create](../../../kms/operations/key.md#create) a new key, click **Create**.
     
     To create an encrypted disk, you need the `kms.keys.user` [role](../../../kms/security/index.md#kms-keys-user) or higher.
     
     {% note warning %}
     
     You can specify encryption settings only when creating a disk. You cannot disable or change disk encryption. You also cannot enable encryption for an existing disk.
     
     {% endnote %}
     
     If you deactivate the key used to encrypt a disk, image, or snapshot, access to the data will be suspended until you reactivate the key.
     
     {% note alert %}
     
     If you destroy the key or its [version](../../../kms/concepts/version.md) used to encrypt a disk, image, or snapshot, you will irrevocably lose access to the data. For details, see [Destroying key versions](../../../kms/concepts/version.md#version-distruct).
     
     {% endnote %}
  1. Optionally, connect a [file storage](../../concepts/filesystem.md):
     
     * Under **Disks and file storages**, click **Add**.
     
         * In the window that opens, select **File storage** and choose the storage you want to connect from the list.
     
         * Click **Add file storage**.
  1. Under **Computing resources**, select one of the preset configurations or create a custom one. To create a custom configuration:
     
     * Go to the **Custom** tab.
     * Select a [platform](../../concepts/vm-platforms.md).
     * Specify the [guaranteed performance](../../concepts/performance-levels.md) and required number of vCPUs, as well as RAM size.
     * Enable a [software-accelerated network](../../concepts/software-accelerated-network.md) if needed.
     * Make your VM [preemptible](../../concepts/preemptible-vm.md), if required.
  1. Under **Network settings**:
     
     * In the **Subnet** field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, select a [cloud network](../../../vpc/concepts/network.md#network) from the list.
     
         * Each network must have at least one [subnet](../../../vpc/concepts/network.md#subnet). If your network has no subnets, create one by selecting **Create subnet**.
         * If there are no networks in the list, click **Create network** to create one:
     
             * In the window that opens, specify the network name and select the folder where it will be created.
             * Optionally, enable the **Create subnets** setting to automatically create subnets in all availability zones.
             * Click **Create network**.
     
     * In the **Public IP address** field, select the IP address assignment method:
     
         * `Auto`: To assign a random IP address from the Yandex Cloud IP address pool. In this case, you can enable [DDoS protection](../../../vpc/ddos-protection/index.md) using the option below.
         * `List`: To select a public IP address from the list of previously reserved static addresses. For more information, see [Converting a dynamic public IP address to static](../../../vpc/operations/set-static-ip.md).
         * `No address`: Do not assign a public IP address.
     
     * Select [relevant security groups](../../../vpc/concepts/security-groups.md):
     
         * To connect to a virtual machine over `SSH`, the security group must allow incoming network traffic over `TCP` and `UDP` on port `22`.
     
         * To connect to a virtual machine over `RDP`, the security group must allow incoming network traffic over `TCP` and `UDP` on port `3389`.
         
         If you leave the field empty, the virtual machine will be automatically assigned the [default security group](../../../vpc/concepts/security-groups.md#default-security-group) allowing connections to the VM over `SSH` and `RDP`.
     
     * Expand **Additional** and select a method for assigning internal addresses in the **Internal IPv4 address** field:
     
         * `Auto`: To assign a random IP address from the pool of IP addresses available in the selected subnet.
         * `Manual`: To manually assign a private IP address to the VM.
         * Enable **DDoS protection**, if required. The option is available if you previously selected the automatic IP assignment method in the public address settings.
     
     * Optionally, create records for your VM in the [DNS zone](../../../dns/concepts/dns-zone.md):
     
         * Expand **DNS settings for internal addresses** and click **Add record**.
         * Specify a zone, FQDN, and TTL for the record. When setting the FQDN, you can enable `Detect automatically` for the zone.
           You can add multiple records to [internal DNS zones](../../../dns/concepts/dns-zone.md). For more information, see [Cloud DNS integration with Compute Cloud](../../../dns/concepts/compute-integration.md).
         * To create another record, click **Add record**.
     
     If you want to add another [network interface](../../concepts/network.md) to your VM, click **Add network interface** and repeat the settings from this step for the new interface. You can add up to eight network interfaces to a single VM.
  1. Under **Access**:
     
     * Select **Access by OS Login** to [connect](../vm-connect/os-login.md) and manage access to the new VM using [OS Login](../../../organization/concepts/os-login.md) in Yandex Identity Hub.
     
         With OS Login, you can connect to VMs using SSH keys and SSH certificates via a standard SSH client or the [Yandex Cloud CLI](../../../cli/quickstart.md). OS Login enables rotating the SSH keys used to access VMs, providing the most [secure](../../../security/domains/iaas-checklist.md#vm-security) access option.
     
     * If you prefer not to use OS Login, select **SSH key** and specify the following VM access data:
     
         * In the **Login** field, enter the username.
     
             {% note alert %}
     
             Do not use `root` or other [OS-reserved usernames](https://github.com/canonical/subiquity/blob/main/reserved-usernames). To perform operations requiring root privileges, use the `sudo` command.
     
             {% endnote %}
     
         * In the **SSH key** field, select the SSH key saved in your [organization user](../../../organization/concepts/membership.md) profile.
           
           If there are no SSH keys in your profile or you want to add a new key:
           
           1. Click **Add key**.
           1. Enter a name for the SSH key.
           1. Select one of the following:
           
               * `Enter manually`: Paste the contents of the public SSH key. You need to [create](../vm-connect/ssh.md#creating-ssh-keys) an SSH key pair on your own.
               * `Load from file`: Upload the public part of the SSH key. You need to create an SSH key pair on your own.
               * `Generate key`: Automatically create an SSH key pair.
               
                 When adding a new SSH key, an archive containing the key pair will be created and downloaded. In Linux or macOS-based operating systems, unpack the archive to the `/home/<user_name>/.ssh` directory. In Windows, unpack the archive to the `C:\Users\<user_name>/.ssh` directory. You do not need additionally enter the public key in the management console.
           
           1. Click **Add**.
           
           The system will add the SSH key to your organization user profile. If the organization has [disabled](../../../organization/operations/os-login-access.md) the ability for users to add SSH keys to their profiles, the added public SSH key will only be saved in the user profile inside the newly created resource.
     
     If you want to add multiple users with SSH keys to the VM at the same time, [specify](../../concepts/metadata/sending-metadata.md) these users' data under **Metadata**. You can also use metadata to [install additional software](create-with-cloud-init-scripts.md) on a VM when creating it.
     
     In public Linux images provided by Yandex Cloud, the functionality of connecting over SSH using login and password is disabled by default.
  1. Optionally, enable the **Backup** option and, in the **Backup policies** field, select or create a [backup policy](../../../backup/concepts/policy.md) to back up your VMs automatically using [Cloud Backup](../../../backup/index.md).
     
     To create a new VM with a Cloud Backup connection, your account must have the `backup.user` [role](../../../backup/security/index.md#backup-user) or higher for the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) you are creating the VM in.
     
     {% note info %}
     
     If your account does not have the `backup.user` role or higher, you can connect the VM to Cloud Backup using a [service account](../../../iam/concepts/users/service-accounts.md) which has that role. 
     
     To do this, expand the **Additional** section and select the service account under **Service account**. If required, [create](../../../iam/operations/sa/create.md) a new service account and [assign](../../../iam/operations/sa/assign-role-for-sa.md) it the `backup.user` [role](../../../backup/security/index.md#backup-user).
     
     {% endnote %}
     
     {% note tip %}
     
     Installing a Cloud Backup agent is a resource-intensive operation. If you want to use a VM in the minimum possible configuration or, for example, a VM with a [vCPU performance level](../../concepts/performance-levels.md) below 100%, we recommend increasing the VM's resources during the Cloud Backup agent installation.
     
     {% endnote %}
     
     For more information, see [Connecting Compute Cloud VMs and Yandex BareMetal servers to Cloud Backup](../../../backup/concepts/vm-connection.md). 
  1. Under **General information**, enter a name for the VM:

      * Length: between 3 and 63 characters.
      * It can only contain lowercase Latin letters, numbers, and hyphens.
      * It must start with a letter and cannot end with a hyphen.

      {% note info %}
      
      The VM name is used to generate an [internal FQDN](../../concepts/network.md#hostname), which is set only once, when you create the VM. If the internal FQDN is important to you, make sure to choose an appropriate name for your VM.
      
      {% endnote %}

  1. Under **Additional**:
     
     * Optionally, select or create a [service account](../../../iam/concepts/users/service-accounts.md). With a service account, you can flexibly configure access permissions for your resources.
     * Optionally, enable access to the [serial console](../../concepts/serial-console.md).
     * Optionally, to configure delivering [Linux metrics](../../../monitoring/operations/unified-agent/linux_metrics.md) and any additional metrics from your apps, enable **Monitoring** under **Agent for delivering metrics** and select:
       * **Yandex Monitoring**: [Install an agent](../../../monitoring/concepts/data-collection/unified-agent/index.md) to collect additional metrics from VM instances and apps.
       * **Yandex Managed Service for Prometheus®**: [Install and configure an agent](../../../monitoring/operations/prometheus/ingestion/prometheus-agent.md) to collect additional metrics from VM instances and apps in Prometheus format:
          * Select or create a workspace to store your metrics.
          * Optionally, describe the [delivery parameters](../../../monitoring/operations/prometheus/ingestion/prometheus-agent.md) for your custom metrics, in JSON format.
     * Optionally, under **Placement**, select a VM [placement group](../../concepts/placement-groups.md).
  1. Click **Create VM**.

  The VM will appear in the list. Every new VM gets an [IP address](../../../vpc/concepts/address.md) and [host name](../../../vpc/concepts/address.md#fqdn) (FQDN).

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. See the description of the CLI command for creating a VM:

      ```
      yc compute instance create --help
      ```

  1. Prepare snapshots of the disks you need by following the steps in [Creating a disk snapshot](../disk-control/create-snapshot.md).
  1. Get a list of snapshots in the default folder:

      ```bash
      yc compute snapshot list
      ```
      
      Result:
      
      ```text
      +----------------------+-----------------+----------------------+--------+----------------------------+
      |          ID          |       NAME      |     PRODUCT IDS      | STATUS |        DESCRIPTION         |
      +----------------------+-----------------+----------------------+--------+----------------------------+
      | fd8rlt1u2rf0l******* | first-snapshot  | f2ecl5vhsftd******** | READY  | my first snapshot via CLI  |
      | fhmolt1u2rf0******** | second-snapshot | f2eclmol5lps******** | READY  | my second snapshot via CLI |
      +----------------------+-----------------+----------------------+--------+----------------------------+
      ```

  1. Select `ID` or `NAME` of the snapshots you need.
  1. Create a VM in the default folder:

      ```
      yc compute instance create \
        --name first-instance \
        --zone ru-central1-a \
        --public-ip \
        --create-boot-disk snapshot-name=first-snapshot,kms-key-id=<key_ID> \
        --create-disk snapshot-name=second-snapshot,kms-key-id=<key_ID> \
        --ssh-key ~/.ssh/id_ed25519.pub
      ```

      Where:

      * `--name`: VM name. The naming requirements are as follows:

          * Length: between 3 and 63 characters.
          * It can only contain lowercase Latin letters, numbers, and hyphens.
          * It must start with a letter and cannot end with a hyphen.

          {% note info %}
          
          The VM name is used to generate an [internal FQDN](../../concepts/network.md#hostname), which is set only once, when you create the VM. If the internal FQDN is important to you, make sure to choose an appropriate name for your VM.
          
          {% endnote %}

      * `--zone`: [Availability zone](../../../overview/concepts/geo-scope.md).
      * `--public-ip`: Connecting a public IP address. Remove this flag to create a VM without a public IP address.
      * `--create-boot-disk`: VM boot disk settings:

          * `snapshot-name`: Disk snapshot name.
          * `kms-key-id`: ID of the [KMS symmetric key](../../../kms/concepts/key.md) to create an encrypted boot disk. This is an optional setting.

            To create an encrypted disk, you need the `kms.keys.user` [role](../../../kms/security/index.md#kms-keys-user) or higher.

            {% note warning %}
            
            You can specify encryption settings only when creating a disk. You cannot disable or change disk encryption. You also cannot enable encryption for an existing disk.
            
            {% endnote %}

            If you deactivate the key used to encrypt a disk, image, or snapshot, access to the data will be suspended until you reactivate the key.
            
            {% note alert %}
            
            If you destroy the key or its [version](../../../kms/concepts/version.md) used to encrypt a disk, image, or snapshot, you will irrevocably lose access to the data. For details, see [Destroying key versions](../../../kms/concepts/version.md#version-distruct).
            
            {% endnote %}

      * `--create-disk`: Secondary disk settings:

          * `snapshot-name`: Disk snapshot name.
          * `kms-key-id`: ID of the [KMS symmetric key](../../../kms/concepts/key.md) to create an encrypted disk. This is an optional setting.

      * `--ssh-key`: Path to the file with the [public SSH key](../vm-connect/ssh.md#creating-ssh-keys). The VM will automatically create a user named `yc-user` for this key.

          When creating a VM from a [Yandex Cloud Marketplace](https://yandex.cloud/en/marketplace) public image, make sure to provide an SSH key, as SSH access with a username and password is disabled by default for such images.

      The above command will create a VM named `first-instance` in the `ru-central1-a` availability zone, with a public IP address and disks from the snapshots.

      If you want to add multiple [network interfaces](../../concepts/network.md) to your VM, specify the `--network-interface` parameter as many times as you need. You can add up to eight network interfaces to a single VM.

- API {#api}

  Use the [create](../../api-ref/Instance/create.md) REST API method for the [Instance](../../api-ref/Instance/index.md) resource or the [InstanceService/Create](../../api-ref/grpc/Instance/create.md) gRPC API call.

{% endlist %}