Use startup scripts on Linux VMs

A startup script is a file that performs tasks during the startup process of a virtual machine (VM) instance. Startup scripts can apply to all VMs in a project or to a single VM. Startup scripts specified by VM-level metadata override startup scripts specified by project-level metadata, and startup scripts only run when a network is available. This document describes how to use startup scripts on Linux VM instances. For information about how to add a project-level startup script, see gcloud compute project-info add-metadata.

For Linux startup scripts, you can use bash or non-bash file. To use a non-bash file, designate the interpreter by adding a #! to the top of the file. For example, to use a Python 3 startup script, add #! /usr/bin/python3 to the top of the file.

If you specify a startup script by using one of the procedures in this document, Compute Engine does the following:

For information about the various tasks related to startup scripts and when to perform each one, see the Overview.

Prerequisites

To run scripts stored in metadata on a VM instance, the guest environment must be installed and running.

Before you begin

Metadata keys for Linux startup scripts

A startup script is passed to a VM from a location that is specified by a metadata key. A metadata key specifies whether the startup script is stored locally, stored in Cloud Storage, or passed directly to the VM. The metadata key that you use might also depend on the size of the startup script.

The following table shows the metadata keys that you can use for Linux startup scripts, and provides information about which key to use based on the storage location and size of the startup script.

Order of execution of Linux startup scripts

You can use multiple startup scripts. Startup scripts stored locally or added directly execute before startup scripts that are stored in Cloud Storage. The following table shows, based on the metadata key, the order of execution of Linux startup scripts.

Passing a Linux startup script directly

You can add the contents of a startup script directly to a VM when you create the VM. The following procedures show how to create a VM with a startup script that installs Apache and creates a basic web page.

Permissions required for this task

Metadata key	Use for
`startup-script`	Passing a bash or non-bash startup script that is stored locally or added directly and that is up to 256 KB in size
`startup-script-url`	Passing a bash or non-bash startup script that is stored in Cloud Storage and that is greater than 256 KB in size. The string you enter here is used as-is to run `gcloud storage`. If your `startup-script-url` contains space characters, then don't replace the spaces with `%20` or add double quotes (`""`) to the `startup-script-url` string.

Metadata key	Order of execution
`startup-script`	First during each boot after the initial boot
`startup-script-url`	Second during each boot after the initial boot

Console

Passing a Linux startup script directly to a new VM

In the Google Cloud console, go to the Create an instance page.

Go to Create an instance
To use a Linux operating system, do the following:
1. In the navigation menu, click OS and storage.
2. Click Change.
3. In the Boot disk pane that appears, select a Linux operating system.
To directly add a Linux startup script, do the following:
1. In the navigation menu, click Advanced.
2. In the Automation section, enter the following in the Startup script field:
```
#! /bin/bash
apt update
apt -y install apache2
cat <<EOF > /var/www/html/index.html
<html><body><p>Linux startup script added directly.</p></body></html>
EOF
```
Optional: Specify other configuration options. For more information, see Configuration options during instance creation.
To create and start the instance, click Create.

Passing a Linux startup script directly to an existing VM

In the Google Cloud console, go to the VM instances page.

Go to VM instances
Click the Name of the instance.
Click Edit.
Under Automation, add the contents of your startup script.

Verifying the startup script

After the instance starts, view the external IP in a web browser to verify that the startup script created the website. You might have to wait about 1 minute for the sample startup script to finish.

gcloud

Passing a Linux startup script directly to a new VM

Pass the contents of a startup script directly to a VM when creating it by using the following gcloud compute instances create command.

gcloud compute instances create VM_NAME \
  --image-project=debian-cloud \
  --image-family=debian-10 \
  --metadata=startup-script='#! /bin/bash
  apt update
  apt -y install apache2
  cat <<EOF > /var/www/html/index.html
  <html><body><p>Linux startup script added directly.</p></body></html>
  EOF'

Replace VM_NAME with the name of the VM.

Passing a Linux startup script directly to an existing VM

Add the startup script directly to an existing VM by using the following gcloud compute instances add-metadata command:

gcloud compute instances add-metadata VM_NAME \
    --zone=ZONE \
    --metadata=startup-script='#! /bin/bash
    apt update
    apt -y install apache2
    cat <<EOF > /var/www/html/index.html
    <html><body><p>Linux startup script added directly.</p></body></html>
    EOF'

Replace the following:

VM_NAME: the name of the VM
ZONE: the zone of the VM

Verifying the startup script

After the VM starts, view the external IP in a web browser to verify that the startup script created the web site. You might have to wait about 1 minute for the sample startup script to finish.

REST

Passing a Linux startup script directly to a new VM

Pass the contents of a startup script directly to a VM when creating it by using the following instances.insert method.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
  ...
  "networkInterfaces": [
    {
      "accessConfigs": [
        {
          "type": "ONE_TO_ONE_NAT"
        }
      ]
    }
  ],
  "metadata": {
    "items": [
      {
        "key": "startup-script",
        "value": "#! /bin/bash\napt update\napt -y install apache2\ncat <<EOF > /var/www/html/index.html\n<html><body><p>Linux startup script added directly.</p></body></html>\nEOF"
      }
    ]
  },
  ...
}

Replace the following:

PROJECT_ID: the ID of the project where the VM exists.
ZONE: the zone to create the VM in.

Passing a Linux startup script directly to an existing VM

Get the metadata.fingerprint value of the VM by using the instances.get method:
```
GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME
```
Replace the following:
- PROJECT_ID: the ID of the project where the VM exists.
- ZONE: the zone of the VM.
- VM_NAME: the name of the VM.

Pass the startup script by using the fingerprint value, along with the metadata key and value for the startup script, in a call to the instances.setMetadata method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/setMetadata

{
  "fingerprint": FINGERPRINT,
  "items": [
    {
      "key": "startup-script",
      "value": "#! /bin/bash\napt update\napt -y install apache2\ncat <<EOF > /var/www/html/index.html\n<html><body><p>Linux startup script added directly.</p></body></html>\nEOF"
    }
  ],
  ...
}

Replace the following:

PROJECT_ID: the ID of the project where the VM exists.
ZONE: the zone of the VM.
VM_NAME: the name of the VM.
FINGERPRINT: the metadata.fingerprint value obtained by using the instances.get method.

Verifying the startup script

After the VM starts, view the external IP in a web browser to verify that the startup script created the web site. You might have to wait about 1 minute for the sample startup script to finish.

Passing a Linux startup script from a local file

You can store a startup script in a local file on your workstation and pass the local file as metadata to a VM when you create it. You cannot use files stored on VMs as startup scripts.

Before passing a Linux startup script from a local file to a VM, do the following:

Permissions required for this task

To perform this task, you must have the following permissions:

All permissions required to create a new VM.
compute.instances.setMetadata on the VM.

gcloud

Passing a Linux startup script from a local file to a new VM

Create a VM and pass the contents of a local file to be used as the startup script by using the gcloud compute instances create command with the --metadata-from-file flag.

gcloud compute instances create VM_NAME \
  --image-project=debian-cloud \
  --image-family=debian-10 \
  --metadata-from-file=startup-script=FILE_PATH

Replace the following:

VM_NAME: the name of the VM
FILE_PATH: the relative path to the startup script file

Passing a Linux startup script from a local file to an existing VM

Pass a startup script to an existing VM from a local file by using the following gcloud compute instances add-metadata command:

gcloud compute instances add-metadata VM_NAME \
  --zone=ZONE \
  --metadata-from-file startup-script=FILE_PATH

Replace the following:

VM_NAME: the name of the VM
ZONE: the zone of the VM
FILE_PATH: the relative path to the startup script file

Verifying the startup script

View the external IP in a web browser to verify that the startup script created the web site. You might have to wait about 1 minute for the sample startup script to finish.

Passing a Linux startup script from Cloud Storage

You can store a startup script in Cloud Storage and pass it to a VM when you create it. After you add a startup script to Cloud Storage, you have a URL that you can use to reference the startup script when you create a VM.

Before adding a startup script from a Cloud Storage bucket, do the following:

Create a file to store the startup script. This example uses a bash (.sh) file.

Add the following to the bash file, which installs Apache and creates a simple web page:

#! /bin/bash
apt update
apt -y install apache2
cat <<EOF > /var/www/html/index.html
<html><body><p>Linux startup script from Cloud Storage.</p></body></html>
EOF

Create a Cloud Storage bucket.
Add the file to the Cloud Storage bucket.

Security implications

By default, project owners and project editors can access Cloud Storage files in the same project, unless there are explicit access controls that disallow it.
If the Cloud Storage bucket or object is less secure than metadata, there is a risk of privilege escalation if the startup script is modified and the VM reboots. This is because after the VM reboots, the startup script runs as root and can then use the permissions of the attached service account to access other resources.

Limitations

Container-Optimized OS has limited or no support for some features.

Permissions required for this task

To perform this task, you must have the following permissions:

All permissions required to create a new VM.
compute.instances.setMetadata on the VM.
Permission to access the bucket and script file in Cloud Storage. Check the access control settings on the bucket and file to ensure you have permission.

Console

Passing a startup script that is stored in Cloud Storage to a new VM

In the Google Cloud console, go to the Create an instance page.

Go to Create an instance
To use a Linux operating system, do the following:
1. In the navigation menu, click OS and storage.
2. In the Operating system and storage section, click Change. Then, select a Linux operating system.
To allow the instance to access the Cloud Storage bucket that contains the Linux startup script, do the following:
1. In the navigation menu, click Security.
2. In the Service account list, select a service account that has the Storage Object Viewer (roles/storage.objectViewer) IAM role on the Cloud Storage bucket.
To add a Linux startup script by specifying a file in Cloud Storage, do the following:
1. In the navigation menu, click Advanced.
2. In the Metadata section, click Add item. The Key and Value fields appear.
3. In the Key field, enter startup-script-url.
4. In the Value field, enter the Cloud Storage location of the startup script file using one of the following formats:
  - Authenticated URL: https://storage.googleapis.com/BUCKET/FILE
  - gcloud storage URI: gs://BUCKET/FILE
    
    Replace the following:
  - BUCKET: the name of the bucket that contains the startup script file
  - FILE: the name of the startup script file
Optional: Specify other configuration options. For more information, see Configuration options during instance creation.
To create and start the instance, click Create.

Passing a startup script that is stored in Cloud Storage to an existing VM

In the Google Cloud console, go to the VM instances page.

Go to VM instances
Click the Name of the instance.
Click Edit.
Under Metadata, add the following values:
- Key: startup-script-url
- Value: the Cloud Storage location of the startup script file using one of the following formats:
  - Authenticated URL: https://storage.googleapis.com/BUCKET/FILE
  - gcloud storage URI: gs://BUCKET/FILE

Verifying the startup script

View the external IP in a web browser to verify that the startup script created the web site. You might have to wait about 1 minute for the sample startup script to finish.

gcloud

Passing a startup script that is stored in Cloud Storage to a new VM

Pass a startup script stored in Cloud Storage to a VM when you create it by using the following gcloud compute instances create command. For the value of the --scope flag, use storage-ro so the VM can access Cloud Storage.

gcloud compute instances create VM_NAME \
  --image-project=debian-cloud \
  --image-family=debian-10 \
  --scopes=storage-ro \
  --metadata=startup-script-url=CLOUD_STORAGE_URL

Replace the following:

VM_NAME: the name of the VM.
CLOUD_STORAGE_URL: the metadata value. Set to the Cloud Storage location of the startup script file using one of the following formats:
- Authenticated URL: https://storage.googleapis.com/BUCKET/FILE
- gcloud storage URI: gs://BUCKET/FILE

Passing a startup script that is stored in Cloud Storage to an existing VM

Pass a startup script that is stored in Cloud Storage to an existing VM by using the following gcloud compute instances add-metadata command:

gcloud compute instances add-metadata VM_NAME \
    --zone=ZONE \
    --metadata startup-script-url=CLOUD_STORAGE_URL

Replace the following:

VM_NAME: the name of the VM.
ZONE: the zone of the VM.
CLOUD_STORAGE_URL: the metadata value. Set to the Cloud Storage location of the startup script file using one of the following formats:
- Authenticated URL: https://storage.googleapis.com/BUCKET/FILE
- gcloud storage URI: gs://BUCKET/FILE

Verifying the startup script

View the external IP in a web browser to verify that the startup script created the web site. You might have to wait about 1 minute for the sample startup script to finish.

REST

Passing a startup script that is stored in Cloud Storage to a new VM

Pass a startup script that is stored in Cloud Storage to a VM when you create it by using the following instances.insert method. To the scopes field, add https://www.googleapis.com/auth/devstorage.read_only so the VM can access Cloud Storage.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
  ...
  "networkInterfaces": [
    {
      "accessConfigs": [
        {
          "type": "ONE_TO_ONE_NAT"
        }
      ]
    }
  ],
  "serviceAccounts": [
    {
      "email": "default",
      "scopes": [
        "https://www.googleapis.com/auth/devstorage.read_only"
      ]
    }
  ],
  "metadata": {
    "items": [
      {
        "key": "startup-script-url",
        "value": "CLOUD_STORAGE_URL"
      }
    ]
  },
  ...
}

Replace the following:

PROJECT_ID: the project ID.
ZONE: the zone to create the VM in.
CLOUD_STORAGE_URL: the metadata value. Set to the Cloud Storage location of the startup script file using one of the following formats:
- Authenticated URL: https://storage.googleapis.com/BUCKET/FILE
- gcloud storage URI: gs://BUCKET/FILE

Passing a startup script that is stored in Cloud Storage to an existing VM

Get the metadata.fingerprint value of the VM by using the instances.get method:
```
GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME
```
Replace the following:
- PROJECT_ID: the project ID
- ZONE: the zone of the VM
- VM_NAME: the name of the VM
Pass the startup script by using the fingerprint value, along with the metadata key and value for the startup script, in a call to the instances.setMetadata method:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/setMetadata

{
  "fingerprint": FINGERPRINT,
  "items": [
    {
        "key": "startup-script-url",
        "value": "CLOUD_STORAGE_URL"
    }
  ],
  ...
}
```
Replace the following:
- PROJECT_ID: the project ID.
- ZONE: the zone of the VM.
- VM_NAME: the name of the VM.
- FINGERPRINT: the metadata.fingerprint value obtained by using the instances.get method.
- CLOUD_STORAGE_URL: the metadata value. Set to the Cloud Storage location of the startup script file using one of the following formats:
  - Authenticated URL: https://storage.googleapis.com/BUCKET/FILE
  - gcloud storage URI: gs://BUCKET/FILE

Verifying the startup script

View the external IP in a web browser to verify that the startup script created the web site. You might have to wait about 1 minute for the sample startup script to finish.

Accessing metadata from a Linux startup script

In a startup script you can access metadata values. For example, you can use the same script for multiple VMs, and parameterize each script individually by passing different metadata values to each VM.

To access a custom metadata value from a startup script, do the following:

Create a startup script that queries the value of a metadata key. For example, the following bash file (.sh) startup script queries the value of the foo metadata key.

#! /bin/bash
METADATA_VALUE=$(curl http://metadata.google.internal/computeMetadata/v1/instance/attributes/foo -H "Metadata-Flavor: Google")
apt update
apt -y install apache2
cat <<EOF > /var/www/html/index.html
<html><body><p>Accessing metadata value of foo: $METADATA_VALUE</p></body></html>
EOF

Set the value of the foo metadata key when creating a VM by using the following gcloud compute instances create command. For this example, the startup script is passed to the VM from a local file.
gcloud
gcloud compute instances create VM_NAME \ --image-project=debian-cloud \ --image-family=debian-10 \ --metadata-from-file=startup-script=FILE_PATH \ --metadata=foo=bar
Replace the following:
- VM_NAME: the name of the VM
- FILE_PATH: the relative path to the startup script file
For more information about how to specify a metadata key/value pair, see Setting custom metadata.
From your local workstation, view the external IP in a web browser to verify that the startup script outputs the value of foo. You might have to wait about 1 minute for the sample startup script to finish.

Rerunning a Linux startup script

Rerun a startup script by doing the following:

Connecting to the VM.

Running the following command:

sudo google_metadata_script_runner startup

Viewing the output of a Linux startup script

You can view the output from a Linux startup script by doing any of the following:

Connecting to the instance and running the following command:
```
sudo journalctl -u google-startup-scripts.service
```
Viewing the output through serial port 1 in the Google Cloud console and checking for google_metadata_script_runner events.

What's next

Learn how to use startup scripts on Windows VMs.
Learn how to troubleshoot VM startup.
Learn how to add a shutdown script.
Learn more about storing and retrieving metadata.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-06-09 UTC.

Use startup scripts on Linux VMs Stay organized with collections Save and categorize content based on your preferences.

Prerequisites

Before you begin

Console

gcloud

REST

Metadata keys for Linux startup scripts

Order of execution of Linux startup scripts

Passing a Linux startup script directly

Permissions required for this task

Console

gcloud

REST

Passing a Linux startup script from a local file

Permissions required for this task

gcloud

Passing a Linux startup script from Cloud Storage

Security implications

Limitations

Permissions required for this task

Console

gcloud

REST

Accessing metadata from a Linux startup script

gcloud

Rerunning a Linux startup script

Viewing the output of a Linux startup script

What's next