This is not an officially supported Google product. This code creates a secure demo environment for Vertex AI Workbench. This demo code is not built for production workload.
This Cloud Security Architecture uses terraform to setup Vertex AI Wrokbench demo in a project and underlying infrastructure using Google Cloud Services like VPC Service Controls, Cloud Firewall, Identity and Access Management, Cloud Compute Engine and Cloud Logging.
The image below describes the architecture of CSA Vertex AI Workbench demo to deploy a secure Workbench instance for development purposes.
Main resources:
- Project
- Organization Policies
- IAM Service Accounts
- Virtual Privacte Cloud Network and Cloud Firewalls
- VPC Service Control Permieter
- Cloud Storage Bucket
- Vertex AI Workbench Instance
The following steps should be executed in Cloud Shell in the Google Cloud Console.
Clone this github repository go to the root of the repository.
git clone https://github.com/GCP-Architecture-Guides/csa-user-managed-vertex-AI-workbench.git
cd csa-user-managed-vertex-AI-workbench
From the root folder of this repo, run the following commands:
export TF_VAR_organization_id=[YOUR_ORGANIZATION_ID]
export TF_VAR_billing_account=[YOUR_PROJECT_ID]
export TF_VAR_folder_id=[PARENT_FOLDER_FOR_PROJECT]
export TF_VAR_vpc_sc_users=["user:[email protected]"]
terraform init
terraform apply
terraform apply --refresh-only
To find your organization id, run the following command:
gcloud projects get-ancestors [ANY_PROJECT_ID]
Note: All the other variables are give a default value. If you wish to change, update the corresponding variables in variable.tf file.
From the root folder of this repo, run the following command:
terraform destroy
Note: If you get an error while destroying, it is likely due to delay in VPC-SC destruction rollout. Just execute terraform destroy again, to continue clean-up.